Newsletters
News & Information for Technology Purchasers NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Click for more information, or
Home Enterprise I.T. Cloud Computing Applications Hardware More Topics...
APC Free White Paper
Optimize your network investment &
Enter to win a Samsung Galaxy Note

www.apc.com
Network Security
24/7/365 Network Uptime!
Average Rating:
Rate this article:  
Sophisticated Bank Hack Leads to $45 Million ATM Theft
Sophisticated Bank Hack Leads to $45 Million ATM Theft

By Jennifer LeClaire
May 10, 2013 1:34PM

    Bookmark and Share
"As much as it pains me to admit this, we're woefully behind in card security," said security researcher Ken Pickering after a criminal group stole $45 million from ATMs. "Unfortunately, I think most people treat fraud as a 'necessary evil' in issuing magnetic-stripe credit cards, but the real problem is: How do we replace all the credit scanners in the U.S.?"
 



(Page 2 of 2)

Pickering said that often, in analyzing the security of a system, it comes down to the weakest link.

"The real weakest link in this scenario was how easily these cards were modified and duped on a massive scale," he said.

Real-Time Monitoring Needed

Tom Cross, director of security research at Lancope, told us several attacks of this nature have occurred in the past few years. What makes this type of attack unique is not just the technical skill required to pull it off, he said, but the level of logistical coordination needed to perform nearly simultaneous withdrawals from large numbers of ATM machines.

"The fact that debit card processing infrastructure was compromised is a significant problem," Cross said. "There are a variety of different attacks that may have been possible given the access that these criminals had to the back-end infrastructure. The vulnerabilities that led to that compromise need to be identified and closed."

Unfortunately, Cross said, while breaches like this are often reported to the public, we rarely hear the specific technical vulnerabilities that the attackers were able to exploit in order to pull off the attack. It would be helpful, he added, if more organizations publicly disclosed the technical vulnerabilities associated with network security breaches, because this information helps their peers prioritize the steps they should take to lock down their own networks.

"This type of attack might be preventable if ATM networks were able to monitor transactions in real time for unusually large numbers of transactions involving individual cards or cards from the same issuing institution," Cross said. "Unfortunately, that type of infrastructure doesn't exist today, but perhaps it's time to consider creating and implementing it now -- especially after this latest attack."

< Previous Page  |  1  |  2

 

Tell Us What You Think
Comment:

Name:

Curt Rostenbach:

Posted: 2013-05-20 @ 6:33am PT
"How do we replace all the credit scanners in the U.S.?"
I dunno, will it cost more than $45 million?



You have the experience and skills, let an ISACA® certification demonstrate your value. Our certifications announce that you have the expertise and insight to speak with authority. ISACA certification is more than a credential; it's a platform that can elevate your career. Register for an Exam Today.


 Network Security
1.   Russian Hacker's Charges Revealed
2.   Another IE-Focused Patch Tuesday
3.   Russian Arrested in Hacking Case
4.   Most Networks Not Ready for IoT
5.   Gartner Rates IT Security Companies


advertisement
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Charges: Russian Stole Data from U.S. Restaurants, Zoo
A Russian man arrested on bank fraud and other charges hacked into computers at restaurants in Washington, hundreds of other retail businesses, and even the Phoenix Zoo, authorities say.
 
Another Month, Another IE-Focused Patch Tuesday
Microsoft rolled out 59 vulnerabilities for Internet Explorer in June. But the IE-patching party is not over yet. Redmond published six new security bulletins on Tuesday; two, critical; three, important.
 
Russian Arrested in Hacking Case Filed in Seattle
The U.S. Secret Service has arrested a Russian man who is accused of hacking store computers to steal thousands of credit card numbers, charging him with bank fraud, identity theft and more.
 

Enterprise Hardware Spotlight
Another Day, Another Internet of Things Consortium Is Born
In the emerging Internet of Things, zillions of devices will be talking to each other. Samsung, Intel and Dell just formed a consortium to ensure each thing can understand what others are saying.
 
Gartner Sales Study Sees Tablets Up, PCs Down but Recovering
Are PCs on the comeback trail? That depends on how you define "comeback." While tablet sales remain strong, Gartner's latest study found PC shipments aren't dropping as fast as they did last year.
 
Review: Warming Up to Tablets with Keyboard Covers
If you've ever thought tablets with keyboard covers were just a poor excuse for a laptop, think again. Nokia's Lumia 2520 comes with an optional keyboard cover that just may change your mind.
 

Navigation
NewsFactor Network
Home/Top News | Enterprise I.T. | Cloud Computing | Applications | Hardware | Mobile Tech | Big Data | Communications
World Wide Web | Network Security | Data Storage | Small Business | Microsoft/Windows | Apple/Mac | Linux/Open Source | Personal Tech
Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters | XML/RSS Feed

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.