[Dataloss] Citibank debit card server "hacked"
Henry Brown
hbrown at knology.net
Thu Jun 19 19:12:04 UTC 2008
http://blog.wired.com/27bstroke6/2008/06/citibank-atm-se.html
A computer intrusion into a Citibank server that processes ATM
withdrawals led to two Brooklyn men making hundreds of fraudulent
withdrawals from New York City cash machines in February, pocketing at
least $750,000 in cash, according to federal prosecutors.
The ATM crime spree is apparently the first to be publicly linked to the
breach of a major U.S. bank's systems, experts say.
"We've never heard of PINs coming out of the bank environment," says Dan
Clements, CEO of the fraud watchdog company CardCops, who monitors crime
forums for stolen information.
Credit card and ATM PIN numbers show up often enough in underground
trading, but they're invariably linked to social engineering tricks like
phishing attacks, "shoulder surfing" and fake PIN pads affixed to gas
station pay-at-the-pump terminals.
But if federal prosecutors are correct, the Citibank intrusion is an
indication that even savvy consumers who guard their ATM cards and PIN
codes can fall prey to the growing global cyber-crime trade.
"That's really the gold, the debit cards and the PINs," says Clements.
Citibank denied to Wired.com's Threat Level that its systems were
hacked. But the bank's representatives warned the FBI on February 1 that
"a Citibank server that processes ATM withdrawals at 7-Eleven
convenience stores had been breached," according to a sworn affidavit
(.pdf) by FBI cyber-crime agent Albert Murray.
[...]
More information about the Dataloss
mailing list