funsec mailing list archives
ATM breach reveals a new vulnerability
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Wed, 2 Jul 2008 07:45:51 -0400
http://www.boston.com/business/articles/2008/07/02/atm_breach_reveals_a_new_ vulnerability/ SAN JOSE, Calif. - Hackers broke into Citibank's network of ATMs inside 7-Eleven <http://finance.boston.com/boston?Page=QUOTE&Ticker=SE> stores and stole customers' PIN codes, according to recent court filings that revealed a disturbing security hole in the most sensitive part of a banking record. The scam netted the alleged identity thieves millions of dollars. But more importantly for consumers, it indicates criminals were able to access PINs - the numeric passwords that theoretically are among the most closely guarded elements of banking transactions - by attacking the back-end computers responsible for approving the cash withdrawals. The case against three people in US District Court for the Southern District of New York highlights a significant problem. Hackers are targeting the ATM system's infrastructure, which is increasingly built on Microsoft Corp.'s <http://finance.boston.com/boston?Page=QUOTE&Ticker=MSFT> Windows operating system and allows machines to be remotely diagnosed and repaired over the Internet. And despite industry standards that call for protecting PINs with strong encryption, which cloaks them to outsiders, some ATM operators apparently aren't properly doing that. The PINs seem to be leaking while in transit between the automated teller machines and the computers that process the transactions. ...
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- ATM breach reveals a new vulnerability Richard M. Smith (Jul 02)