"We're seeing entirely new attacks that a year ago were thought to be only academically possible," says Bryan Sartin, director of investigative response for Verizon Business. Millions of dollars in fraudulent ATM withdrawals have occurred around the United States.
SHOOT: We're seeing an escalation in the methology and technology criminals (the have-nots) are using to break the law. This latest infiltration will radically change the way ordinary consumers get their money. Time for 666 microchips under the skin? Not necessarily. The problem is these networks are insecure and require more sophisticated encryption software.
"We're seeing entirely new attacks that a year ago were thought to be only academically possible," says Sartin. Verizon Business released a report Wednesday that examines trends in security breaches. "What we see now is people going right to the source ... and stealing the encrypted PIN blocks and using complex ways to un-encrypt the PIN blocks."
The revelation is an indictment of one of the backbone security measures of U.S. consumer banking: PIN codes. In years past, attackers were forced to obtain PINs piecemeal through phishing attacks, or the use of skimmers and cameras installed on ATM and gas station card readers. Barring these techniques, it was believed that once a PIN was typed on a keypad and encrypted, it would traverse bank processing networks with complete safety, until it was decrypted and authenticated by a financial institution on the other side.
But the new PIN-hacking techniques belie this theory, and threaten to destabilize the banking-system transaction process.
|
No comments:
Post a Comment