http://blog.wired.com/27bstroke6/2008/06/citibank-atm-se.html By Kevin Poulsen Threat Level Wired.com June 18, 2008 A computer intrusion into a Citibank server that processes ATM withdrawals led to two Brooklyn men making hundreds of fraudulent withdrawals from New York City cash machines in February, pocketing at least $750,000 in cash, according to federal prosecutors. The ATM crime spree is apparently the first to be publicly linked to the breach of a major U.S. bank's systems, experts say. "We've never heard of PINs coming out of the bank environment," says Dan Clements, CEO of the fraud watchdog company CardCops, who monitors crime forums for stolen information. Credit card and ATM PIN numbers show up often enough in underground trading, but they're invariably linked to social engineering tricks like phishing attacks, "shoulder surfing" and fake PIN pads affixed to gas station pay-at-the-pump terminals. But if federal prosecutors are correct, the Citibank intrusion is an indication that even savvy consumers who guard their ATM cards and PIN codes can fall prey to the growing global cyber-crime trade. "That's really the gold, the debit cards and the PINs," says Clements. Citibank denied to Wired.com's Threat Level that its systems were hacked. But the bank's representatives warned the FBI on February 1 that "a Citibank server that processes ATM withdrawals at 7-Eleven convenience stores had been breached," according to a sworn affidavit by FBI cyber-crime agent Albert Murray. [...] _______________________________________________ Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Thu Jun 19 2008 - 01:17:30 PDT