Citibank ATM breach highlights PIN security issues
Yahoo News reported 1st July 2008 that hackers broke into Citibank’s network of ATMs inside 7-Eleven stores and stole customers’ PIN codes. This highlighted a disturbing security hole in the most sensitive part of a banking record: the PIN.
Apparently this netted the thieves millions of dollars in illegal profits.
More importantly for the average consumers, it showed that criminals were able to access PINs by attacking the back-end computers responsible for approving the cash withdrawals (the 3rd party processor). That means, they probably did not have to touch the ATMs at all.
A critical issue is that how the hackers infiltrated the system has not been publicly answered yet.
It could only be speculated that:
(i) they could’ve gained admin access to the server through a flaw in the network or by figuring out their passwords; or
(ii) they installed malware on a banking server to capture unencrypted PINs as they passed through.
Yes, this is a more sophisticated method than phishing.
Written by pinolobu on July 31st, 2008 with no comments.
Read more articles on news.