Paper I : Vulnerabilities in Online Banks

This paper describes some attacks on online banks that authenticate each customer through the use of a unique user identi er and a Personal Identi cation Number (PIN). Many user identi ers contain structure which make them easy to generate on a computer. Given a generated set of identi ers it is possible to do a brute-force attack on the PINs. A general attack model is described and some example attacks against a Scandinavian online bank are discussed.