13:15 Hackers have learned to decipher the pincodes | |
| Experts continue to wonder how the hackers manage to start the practical use of techniques that a year ago recognized only theoretically possible, and then only in a narrow academic environment. Now they learn how to make PIN-codes with our cards, does not penetrate directly into the ATM, which we use. It's enough to find a weak node in the network, which are packets from the ATM to the bank. Suspicion that the attackers became available technology decrypt PIN-codes, which are transmitted in encrypted form, were before, but after the publication of Report 2009 Data Breach Investigations of the company's Verizon, they are now for the first time officially confirmed. It turned out that the encrypted packets until they get to the bank destination in its route passes through many hardware cryptographic module (HSM, to photo - HSM with PCI-interface) from other banks. Due to the fact that the HSM have different settings and operating mode, the packets with the PIN-code on each node must decrypt and re-encrypted with the new public key, which operates in tandem with the private key of this particular HSM, accessible through the API. So, now the hackers have learned to know the private key HSM, if this node is not properly configured. Once the hackers can decrypt a PIN-code, they can easily decipher the entire array of PIN-codes, which pass through the HSM. On the practical application of this technique, experts have learned only after the fact, when a few months ago we started to investigate swept across the world in 2008-2009 frodovyh wave of withdrawals (before that they had noticed an interest in the topic on Russian hacker forums, but could not understand with which it is connected). The chart shows statistics on the number of compromised bank accounts, including card accounts (source - Verizon). As you can see, this number is twice the number of residents, such as Russia. Actually compromised a lot more cards, so that they now constitute a significant percentage of the total number of bank cards, available in circulation. But knowing the PIN, you can withdraw money not just from the card, but directly from the user's bank account, and to prove fraud and money back then will be extremely difficult. Experts say Verizon, the problem can be solved only by drastic change of global payment systems infrastructure. In fact, the new system should be created from scratch. Via Wired | |
|
| |
| Total comments: 0 | |