Detangling the $45 Million Cyberheist

[InfoSec News <alerts () infosecnews org>]

http://www.bankinfosecurity.com/detangling-45-million-cyberheist-a-5759

By Tracy Kitten
Bank Info Security
May 15, 2013

In the aftermath of the recent news about an international $45 million 
cyberheist and ATM cash-out scheme, experts say pinpointing the source 
of such a massive breach can prove to be extremely difficult. That's 
because so many different entities are now involved in the global 
payments chain.

"There are so many parties in the payments chain that it is very 
difficult to assign blame in these types of breaches," says financial 
fraud expert Avivah Litan, an analyst with consultancy Gartner Inc., who 
blogged about the attack. "There can easily be seven roundtrip hops or 
more between an ATM cash disbursement request and the cash disbursement. 
The leakage can happen at any of those points or hops."

News reports this week named two payments processors that had their 
networks hacked, leading to the card data compromises in the $45 million 
cyberheist. But one is claiming it had no data intercepted, and the 
other has yet to make a statement.

Al Pascual, senior security, risk and fraud analyst for Javelin Strategy 
& Research, says card data could have been obtained through any number 
of channels. "Couldn't these criminals just buy the cards legitimately 
and then breach the processor to alter the limits?" he asks. "Seems 
easier to me. Obtaining card data is less challenging for criminals than 
gaining access to a processor and altering their internal controls, 
though."

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org