If hackers were able to manipulate the world’s accounting systems, governments and corporations would be in a frenzy. Guess what? Hackers can and will.
Tom Eston and Brett Kimmell of SecureState recently unveiled, Project Mayhem, a proof of concept tool that makes accounting fraud easy and potentially undetectable, at the esteemed Black Hat Abu Dhabi briefings.
The research behind Project Mayhem is thoroughly documented in the duos whitepaper,“Cash Is King: Who’s Wearing Your Crown? Accounting Systems Fraud in the Digital Age”
The paper offers research that includes:
- Locating & Dissecting Accounting Systems
- Traditional Examples of Accounting Fraud
- Comprehensive Overview of Microsoft Dynamics Great Plains (GP)
- Vulnerabilities & Attack Vectors in Microsoft Dynamics GP
- Attacking the Database & User
- Crafting the Perfect Fraud via Custom Malware
- The Attacks: How Fraud Can Be Committed
- Accounting Controls Needed to Prevent Fraud.
The goal of a public release for this utility is to promote security awareness to ensure that stronger controls are put in place for Microsoft GP and other financial systems in the future.
We are a team of ethical hackers that aims to expose vulnerabilities in applications for public good – if we can hack in, so can the bad guys, and that’s what we aim to prevent.