« GNC-2008-07-01 #387 Back in Hawaii in the Studio | Main | Living with the Sprint 5Gb EVDO Bandwidth Cap »

Citibank hacked, Security Hole Reveals PIN Numbers

Posted by Jeffrey Powers on July 1, 2008 11:26 PM

Apparently if you use the Citibank ATMs at the local 7-Elevens in New York, you may want to change your Personal Identification Number. A security hole was exploited by 3 individuals who took over 2 Million dollars in a 5 month period.They are now facing federal charges for the crime.

The theives connected to the back end computer where they collected the PIN numbers as they were being transmitted. What is worse is it seems that these ATM's - which use Windows software - don't encrypt the PIN numbers when sent, so it's easy to intercept.

Now don't blame Windows for the error: a PIN number should be encrypted before sent and it seems these machines sent these numbers without. This is an oversight that will most likely be corrected and checked for in any ATM in the future.

Still, it does raise concern over how an ATM operates. I can easily purchase and set up an ATM machine in any location to make some money. If you watch CSI, you might remember the episode where Nick Stokes uncovers a card skimming operation - an overlay to the card reader and a small camera to watch the PIN being entered.

This, however, is something scarier because all the thief has to do is intercept the signal from ATM to bank. Some ATM's still run over phone lines. All you need is a recording device hooked up to a tapped line and you could get the card number and PIN of whoever uses the machine.

Something to think about when you make your next transaction. Most importantly, its more reason to watch closely to what your account activity is. You never know when someone else is watching it, too.

Tagged:

|

TrackBack

TrackBack URL for this entry:
http://www.geeknewscentral.com/mt/mt-tb.cgi/7930

Comments (2)

John:

This is why I only use my bank's ATMs at their locations. It's never an inconvenience because most places take credit cards and I don't find myself needed cash as much as I used to.

Posted by John | July 2, 2008 8:23 AM

Posted on July 2, 2008 08:23

Eddie Savage:

Actually, it wasn't Citi that was hacked, but the ATM network provider "taking" the card data from the ATM, and passing it through "to the bank", so the headline is somewhat misleading.

The fault is with the independent ATM agency, not the bank itself.

From the Boston Globe: "That responsibility falls on two companies: Houston-based Cardtronics Inc., which owns all the machines but only operates some, and Brookfield, Wis.-based Fiserv Inc., which operates the others."

I know we all hate banks, but call them wrong strong and hard when they are, not when they aren't. (just my opinion)

Eddie

Posted by Eddie Savage | July 2, 2008 10:14 AM

Posted on July 2, 2008 10:14

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Feeds

Search

Play Podcast

TechPodcasts.com player!

Archives

Important Links

Quick Contact

Memberships



Podcast Syndication


    Zune Podcast
    My ZenCastl

Corporate Network


cf.png

Newsletter Sign Up