Posted on 06/18/2009 3:37:32 PM PDT by metmom
"SKULDUGGERY," says Andrew Henwood, "is a very good word to describe what this extremely advanced, cleverly written malware gets up to. We've never seen anything like it."
What he has discovered is a devious piece of criminal coding that has been quietly at work in a clutch of cash machines at banks in Russia and Ukraine. It allows a gang member to walk up to an ATM, insert a "trigger" card, and use the machine's receipt printer to produce a list of all the debit card numbers used that day, including their start and expiry dates - and their PINs. Everything needed, in fact, to clone those cards and start emptying bank accounts. In some cases, the malicious software even allows the criminal to eject the machine's banknote storage cassette into the street.
The software is the latest move in a security arms race after banks and consumers got wise to the fitting of fake fascias onto ATMs. These fascias have been criminals' main way of using ATMs to get the details they need to clone cards. They contain a camera to spy on PINs being entered on the keypad, and a card reader to skim data from the card's magnetic stripe. It's big business: across Europe, losses due to such fraud grew by 11 per cent to 484 million in 2008, according to the European ATM Security Team (EAST), funded by the European Union and based in Edinburgh, UK (see graph).
(Excerpt) Read more at newscientist.com ...
.
That shows poor security. The PIN is not supposed to be stored anywhere. They should hash it with a one-way hashing algorithm and store the hash.
MicroSoft Strikes again!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.