ATM breach reveals a new vulnerability

["Richard M. Smith" <rms () computerbytesman com>]

http://www.boston.com/business/articles/2008/07/02/atm_breach_reveals_a_new_
vulnerability/

SAN JOSE, Calif. - Hackers broke into Citibank's network of ATMs inside
7-Eleven <http://finance.boston.com/boston?Page=QUOTE&Ticker=SE>  stores and
stole customers' PIN codes, according to recent court filings that revealed
a disturbing security hole in the most sensitive part of a banking record.

The scam netted the alleged identity thieves millions of dollars. But more
importantly for consumers, it indicates criminals were able to access PINs -
the numeric passwords that theoretically are among the most closely guarded
elements of banking transactions - by attacking the back-end computers
responsible for approving the cash withdrawals.

The case against three people in US District Court for the Southern District
of New York highlights a significant problem.

Hackers are targeting the ATM system's infrastructure, which is increasingly
built on Microsoft Corp.'s
<http://finance.boston.com/boston?Page=QUOTE&Ticker=MSFT>  Windows operating
system and allows machines to be remotely diagnosed and repaired over the
Internet. And despite industry standards that call for protecting PINs with
strong encryption, which cloaks them to outsiders, some ATM operators
apparently aren't properly doing that. The PINs seem to be leaking while in
transit between the automated teller machines and the computers that process
the transactions.

...

 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.