independent and unofficial
Prince fan community
Welcome! Sign up or enter username and password to remember me
Forum jump
Forums > General Discussion > Crooks Nab Citibank ATM PINs; Steal Millions
« Previous topic  Next topic »
  New topic   Printable     (Log in to 'subscribe' to this topic)
Author

Tweet     Share

Message
Thread started 07/02/08 7:21am

Graycap23

Crooks Nab Citibank ATM PINs; Steal Millions

Crooks Nab Citibank ATM PINs; Steal Millions
Breach Reveals PIN Security Problems

POSTED: 7:54 pm EDT July 1, 2008
UPDATED: 10:15 pm EDT July 1, 2008


Hackers broke into Citibank's network of ATMs inside 7-Eleven stores this year and stole customers' PIN codes, according to recent court filings that revealed a disturbing security hole in the most sensitive part of a banking record.

The scam netted the alleged identity thieves millions of dollars. But more importantly for consumers, it indicates criminals were able to access PINs -- the numeric passwords that theoretically are among the most closely guarded elements of banking transactions--by attacking the back-end computers responsible for approving the cash withdrawals.

The case against three people in U.S. District Court for the Southern District of New York highlights a significant problem.

Hackers are targeting the ATM system's infrastructure, which is increasingly built on Microsoft Corp.'s Windows operating system and allows machines to be remotely diagnosed and repaired over the Internet. And despite industry standards that call for protecting PINs with strong encryption - which means encoding them to cloak them to outsiders - some ATM operators apparently aren't properly doing that. The PINs seem to be leaking while in transit between the automated teller machines and the computers that process the transactions.

"PINs were supposed be sacrosanct -- what this shows is that PINs aren't always encrypted like they're supposed to be," said Avivah Litan, a security analyst with the Gartner research firm. "The banks need much better fraud detection systems and much better authentication."

It's unclear how many Citibank customers were affected by the breach, which extended at least from October 2007 to March of this year. The bank has nearly 5,700 Citibank-branded ATMs inside 7-Eleven Inc. stores throughout the U.S., but it doesn't own or operate any of them.

That responsibility falls on two companies: Houston-based Cardtronics Inc., which owns all the machines but only operates some, and Brookfield, Wis.-based Fiserv Inc., which operates the others.

A critical issue in the investigation is how the hackers infiltrated the system, a question that still hasn't been answered publicly.
  - E-mail - orgNote - Report post to moderator
Reply #1 posted 07/02/08 7:25am

XxAxX

avatar

Hackers are targeting the ATM system's infrastructure, which is increasingly built on Microsoft Corp.'s Windows operating system and allows machines to be remotely diagnosed and repaired over the Internet. And despite industry standards that call for protecting PINs with strong encryption - which means encoding them to cloak them to outsiders - some ATM operators apparently aren't properly doing that. The PINs seem to be leaking while in transit between the automated teller machines and the computers that process the transactions.

mad
[Edited 7/2/08 7:26am]
  - E-mail - orgNote - Report post to moderator
  New topic   Printable     (Log in to 'subscribe' to this topic)
« Previous topic  Next topic »
Forums > General Discussion > Crooks Nab Citibank ATM PINs; Steal Millions