[Infowarrior] - ATM system called unsafe

[Richard Forno]

ATM system called unsafe
Posted: Thursday, November 30 at 03:22 pm CT by Bob Sullivan
http://redtape.msnbc.com/2006/11/researchers_who.html

A U.S. Secret Service memo obtained by MSNBC.com indicates that organized
criminals are systematically attempting to subvert the ATM system and
unscramble encrypted PIN codes. (Will Burgess / Reuters file)

Researchers who work for an Israeli computer security company say they have
discovered a fundamental weakness in the system that banks use to keep debit
card PIN codes secret while they are transported across bank networks ­ a
flaw that they say could undermine the entire debit card system.

The U.S. Secret Service is investigating the matter, and MSNBC.com obtained
a memo compiled by the agency that indicates that organized criminals are
systematically attempting to subvert the ATM system and unscramble encrypted
PIN traffic.

The report has ignited a debate within the banking industry, with many
financial industry experts downplaying the seriousness of the flaw and
outside experts divided on its implications. But there is no disputing the
impact that such a hack would have if successful.

Using the methods outlined by the researchers, a hacker could siphon off
thousands of PIN codes and compromise hundreds of banks, said Odelia Moshe
Ostrovsky, the report¹s principal author. Criminals could then print phony
debit cards and simultaneously withdraw vast amounts of cash using ATMs
around the world, she said.

Automated Teller Machines and point of sale debit card sales are a massive
part of the global economy. In the U.S. alone, ATMs perform about 8 billion
transactions every year and dispense $600 billion in cash, according to a
study released earlier this year by Dove Consulting. Volume of retail store
PIN-based debit card transactions is even higher.

Word of the apparent security flaw first surfaced two weeks ago, when
Ostrovsky and other researchers at Algorithmic Research (ARX) published a
paper stating that it would be possible for someone with access to the ATM
network to attack the special computers that transmit bank account numbers
and PIN codes, called hardware security modules.

When consumers enter their personal identification numbers, or PINs, into an
ATM, the PIN and account number must travel through several computers on a
special network before they arrive at their home bank for verification. The
data is encrypted immediately after it¹s entered at the ATM into what is
known as a PIN block, then sent on its way.

Rarely does the transmission go directly to a consumer¹s bank. Instead, it
is handed off several times on a banking network run by several third
parties. Each time a bank passes the data along, it goes through a switch
that contains the hardware security module and the PIN block is unscrambled
and then rescrambled. It is at these intermediate points where hackers could
trick the machines into divulging PINs, the ARX researchers said.

³We show in these attacks that using only (a single) function we can reveal
the content of every PIN block as if it¹s not encrypted,² said Ostrovsky.

PINs thought to be unassailable in transit
The attack theory is significant because it has long been considered
impossible to access PINs as they are traveling through the ATM network
without the encryption key used by the card-issuing bank. But the ARX report
said issuer keys are not necessary because computers along the network can
be tricked into revealing PINs through a series of electronic queries that
would enable criminals to make educated guesses about ­ and possibly break
-- the encryption code.

ARX sells hardware security modules to ATM networks, but Ostrovsky said its
machines also are vulnerable to the attacks because they must communicate
with other ATM network computers using the flawed protocols.

Ostrovsky said her company shared the research with the Visa credit card
association¹s risk management team and other U.S. financial industry
security experts six months ago, and recommended systemwide ATM network
changes. But U.S. banks weren¹t reacting fast enough to the risk, she said,
so ARX decided to go public with its information and two weeks ago published
a paper titled ³The Unbearable Lightness of PIN cracking,² which is now
available on the Internet (in Adobe Acrobat format).

Kim Bruce, a spokeswoman for the Secret Service, confirmed that the agency
had been in contact with ARX to discuss the paper¹s findings, but declined
to provide additional detail.

Visa: Attack 'highly unlikely'
A spokeswoman for Visa, which owns part of the ATM network and helps write
security standards for it, confirmed that the flaws described in the paper
are real, but said the threats they pose are minimal.

³This research paper addresses an area that has been known for some time to
the payments industry,² said Rosetta Jones. ³There are a range of standard
security measures in place within member institutions and processors --
including limited access to databases and segregation of duties ­ that make
this kind of attack highly unlikely. Through these layers of security, Visa
and our member financial institutions are working to prevent the kinds of
attacks theorized in the paper.²

She also said there is no evidence the attacks outlined by ARX have been
attempted by criminals.
³We are not aware of any instance where this kind of attack has actually
occurred, and there is no link between the attack outlined in this paper and
any recent data compromises,² she said.
It is clear, however, that organized criminals are systematically attempting
to subvert the ATM system and unscramble encrypted PIN traffic.

Russian Web sites indicate organized attacks
Russian-language Web sites are abuzz with discussions about ATM network
attacks, including discussion of the Israeli report, according to data
gathered by the Secret Service and viewed by MSNBC.com.

³In the fall of 2005 work for everyone was so successful because an employee
of one of America's processors sold a database of material that went through
its processing center,² wrote a hacker who belongs to an online gang called
Mazafaka, according to an English translation of a Russian Web site compiled
by the Secret Service. ³This material was then successfully exploited by our
carder friends. The consequences of this deal could even be monitored on
CNN, as well as in our own work (this applies to cashers). You may have
noticed that after this event, ATMs more and more frequently give
Œtransaction declined¹ notices or give a small sum on the first transaction
and then block the card.²

In another exchange cited in the Secret Service memo, a hacker offers to pay
for databases of encrypted PINs, which theoretically should be useless
someone had discovered a way to translate the data into valid PINs. In still
another post, one claims to have recovered account data by ³hijacking²
hardware security modules.

Industry downplays the threat
Nessa Feddis, a spokeswoman for the American Bankers Association, also
downplayed the scenario outlined by the Israelis and the overall hacking
threat, saying that while PINs ³are always going to be a target,² the ABA is
³not aware of any ability to undo the encryption.²

A spokesman for First Data Corp., which owns the STAR network, one of the
largest ATM processing networks, said the company would not comment on the
research paper.

Other bank security groups also downplayed the threat.

Catherine Allen CEO of the Financial Services Roundtable¹s BITS
organization, a consortium of security experts from the nation¹s top 100
financial institutions, said the risk suggested by the ARX paper is minimal
because U.S. banks have already addressed the security concerns.

But banking analyst Avivah Litan, an industry consultant with security firm
Gartner, said banks aren¹t reacting strongly enough to the report.

³This is nothing short of startling,² she said. ³No one is paying attention
to this and I don¹t know why. It undermines the whole premise of ATM
security.²

How the attacks would work
The attacks described in the ARX paper could not be conducted remotely over
the Internet. They would require a criminal to be on the same local network
as the hardware security module. Because ATM switches are heavily guarded
and monitored, such access is unlikely, argued a BITS representative, who
spoke on condition of anonymity.

But such ATM switches can be located anywhere in the world, Ostrovsky
countered. That creates a ³weakest link² vulnerability in which one poorly
guarded switch could theoretically be used to compromise every bank whose
debit cards have flowed through that switch, she said.

Each switch contains a hardware security module, which is a simple computer
in a tamper-proof box designed to perform a few PIN-related functions,
beginning with decrypting and encrypting. But the boxes also contain other
small programs, or functions, which allow the machines to change a
customer¹s PIN or calculate other PIN-related values. Most ATM switches
don¹t need these tools; however, they are often available by default.

This unnecessary software is exploited in some of the attacks described by
ARX, which recommends that switch operators turn off the unnecessary
functions. But even that¹s not enough, Ostrovsky said. The one essential
function of a switch -- encrypting and decrypting, a process known as
³translate² -- is all an attacker needs to trick the machine into divulging
PINs, a hack that would put nearly every ATM switch at risk, she said.

³This is not an attack on a certain configuration or installation. This is
an attack on the protocol itself. It must be updated,² Ostrovsky said.

There are competing protocols, or PIN block formats, in use in the ATM
network, and each machine must support all those formats, she explained. In
one version, the 16-digit PIN block contains two formatting characters, four
PIN characters, and 10 additional slots with information about the
customer¹s account number. That¹s the standard used in the U.S. Another
standard combines the formatting characters and PIN characters with random
digits, and sends the account number separately.

The translate function not only assists in encrypting ­ it also allows the
machine to translate the PIN block from one format to another. This allows
an attacker to take advantage of the weaknesses of both,
creating³least-common denominator² vulnerability, Ostrovsky said.

The BITS representative who spoke on condition of anonymity conceded such
attacks are feasible, but called the risk ³very, very, very, very remote.²
He added that bank robbers have much easier ways of stealing money than
complicated PIN prediction tactics.

Litan is not so sure. She said the research paper undermines the basic
premise of ATM network security ­ the idea that only a computer loaded with
the encryption key created by the issuing bank can reveal a PIN.

³The premise was ŒIt doesn't matter what happens along the path,¹ so even
people who could access the PIN blocks couldn¹t do anything with them,² she
said. ³This blows that out of the water.²

'A worrisome thing'
Michael McKay, an independent consultant who helped design Hewlett Packard¹s
hardware security module, called Atalla, described the ARX attack was ³a
worrisome thing, a real concern.²

³It's commonly thought that there are some organized crime groups have made
concerted efforts on this,² he said. ³So we believe there have been people
who've cracked parts of the system.²

Ross Anderson, a cryptologist expert at the University of Cambridge in the
United Kingdom who has written several papers on ATM security, called the
ARX paper ³a fairly big deal.²

But he noted that previous research also has demonstrated widespread
vulnerabilities in the ATM PIN system. He cited a paper he co-wrote with
student Mike Bond in 2001 that showed that many supposedly tamper-proof
cryptographic systems can be fooled into divulging information by sending
them confusing commands. (Acrobat). Another paper authored by Bond, showed
that a would-be ATM hacker could use flaws in the way banks generate PINs
that could reduce the number of average guesses required to mathematically
discover a PIN from 5,000 to as few as 15. (Acrobat)

³Customers can't rely on bank assurances that 'our systems are secure,¹²
Anderson said.

Banks hit by a successful attack like the one described by the Israeli
researchers may not even know the origin of the theft, Ostrovsky said. An
insider would simply steal the PINs, create associated fake debit account
cards, and steal money from ATMs around the world. Consumers who complained
that money was missing from their accounts might be met with skepticism, she
said.

Consumers should watch their accounts for any signs of suspicious activity,
but other than that there isn¹t much they can do in response to this
research, McKay said.

Bank industry officials point out that the attacks must be carried out by
someone with direct access to an ATM switch, limiting the potential for
abuse. But Litan said the limitation is hardly reassuring.

³It¹s not much comfort that they have to be on the inside,² she said. ³As
we¹ve already seen, it¹s easy for criminals to open up their own ATM
network. And banks do have insiders with flaws.²