funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Fwd: [ISN] Citibank Hack Blamed for Alleged ATM Crime Spree

From: "Paul Ferguson" <fergdawg () netzero net>
Date: Thu, 19 Jun 2008 11:40:42 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Via: InfoSec News <alerts () infosecnews org>

- - ferg

[snip]


http://blog.wired.com/27bstroke6/2008/06/citibank-atm-se.html

By Kevin Poulsen 
Threat Level
Wired.com
June 18, 2008

A computer intrusion into a Citibank server that processes ATM 
withdrawals led to two Brooklyn men making hundreds of fraudulent 
withdrawals from New York City cash machines in February, pocketing at 
least $750,000 in cash, according to federal prosecutors.

The ATM crime spree is apparently the first to be publicly linked to the 
breach of a major U.S. bank's systems, experts say.

"We've never heard of PINs coming out of the bank environment," says Dan 
Clements, CEO of the fraud watchdog company CardCops, who monitors crime 
forums for stolen information.

Credit card and ATM PIN numbers show up often enough in underground 
trading, but they're invariably linked to social engineering tricks like 
phishing attacks, "shoulder surfing" and fake PIN pads affixed to gas 
station pay-at-the-pump terminals.

But if federal prosecutors are correct, the Citibank intrusion is an 
indication that even savvy consumers who guard their ATM cards and PIN 
codes can fall prey to the growing global cyber-crime trade.

"That's really the gold, the debit cards and the PINs," says Clements.

Citibank denied to Wired.com's Threat Level that its systems were 
hacked. But the bank's representatives warned the FBI on February 1 that 
"a Citibank server that processes ATM withdrawals at 7-Eleven 
convenience stores had been breached," according to a sworn affidavit by 
FBI cyber-crime agent Albert Murray.

[...]

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFIWkWyq1pz9mNUZTMRAqNGAJ4vq8oS5nC9TspTCm5ifSobLS2WFwCfbskK
Zgpy99wD7aRs9HKE8neJcKQ=
=dpIv
-----END PGP SIGNATURE-----


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: