Fraudsters Physically Deploy Malicious Software to Hack ATMs

credit card hacking
Criminals will not let any way to cheat an ATM machine out of its cash, as it’s one of the easiest way for them to get the hands on cash. ATM skimmers have now discovered a new and high-tech approach to target cash machines directly by inserting a physical notorious device into it instead.
 
According to the Chinese press, two Ukrainian men arrested in Macau for reportedly planting the malicious software program in the seven Macau bank ATMs. This could came out as the quickest method to hack the cash machines.
 
HACKING ATM MACHINES
The two accused were arrested this week by the authorities in Macau, a Chinese territory approximately west of Hong Kong, but the two are from Ukraine and had successfully stolen almost $100,000 by corrupting more than seven ATMs with a computer virus.
 

According to the authorities, the men allegedly used a green object device (as shown in the image) to carry out the money fraud. They first connected the device to a laptop and then inserted it in the card slot on the ATMs. The device used by the criminals resembles a circuit strip wider as credit card but much longer than it. After inserting the device physically into the ATMs card slot, the criminals successfully installed the malware that has ability to fetch customer’s credit card information, including PINs.
 
Sources at the bank said once the device is inserted in the cash slot, it caused the malicious program running on the ATM machines to crash leaving the cash machine black. The machine would then restart, as soon as the device is removed. Now whosoever used the compromised ATM machine, became victim of the card fraud, as the hidden virus program started recording the cash card number, PINs and other information entered by customers.
 
CONVERTING COLLECTED INFORMATION INTO CASH
The suspects then returned to the ATMs after few days to gather the card information by using the same kind of green strips and then another special chip to destroy the evidence of the crime program. It is believed that the prisoner has accumulated at least 63 stolen card information.
 
The skimmers then used this cash card information to clone the cash cards. They primarily used to “write” the stolen data obtained from the magnetic stripe on the back of a card onto a new blank card to develop a cloned cash card and once a card has been cloned it is recognized by machines as the original card.
 
MALICIOUS USB ATTACK
Using physical device on Banks ATMs is not something new that the criminals have adopted. At the beginning of the year, a team of researchers at the Chaos Computing Congress in Hamburg, Germany has presented that how skimmers have been targeting cash machines directly using infected USB sticks.
 
BLUETOOTH ENABLED CREDIT CARD SKIMMERS
Also, in January this year, we reported about the Credit Card fraud in which the criminals stole users’ banking information using Bluetooth enabled Credit Card Skimmers planted on the gas stations throughout the Southern United States. The skimming devices were internally installed in the gas station in such a way that it was undetectable to the people who paid at the pumps.
 
CLONING CHIP-N-PIN PAYMENT CARDS
After the largest data breach at the U.S. retailer Target, the payment card companies have become more serious in providing their users a secure credit and debit card. They also have launched Chip-n-PIN payment cards. But, Are they safe? Are they able to protect the financial information from payment card frauds?
 
Simply No! We have reported in our previous articles about two critical vulnerabilities the security researchers found in the Chip-n-PIN smart card payment system that makes EVM vulnerable to “pre-play” attack and the vulnerability could be exploited by the cybercriminals to clone the credit and debit cards in such a manner that even bank procedures won’t differentiate between the legitimate and fraud transactions.
 
Advertisements

TrueCrypt WTF

TrueCrypt WTF

I have no idea what’s going on with TrueCrypt. Good summary of story is a ArsTechnica, and SlashDot,Hacker News, and Reddit all have long comment threads. See also Brian Krebs and Cory Doctorow.

Speculations include a massive hack of the TrueCrypt developers, some Lavabit-like forced shutdown, and an internal power struggle within TrueCrypt. I suppose we’ll have to wait and see what develops.

https://www.schneier.com/blog/archives/2014/05/truecrypt_wtf.html

 

 

WordPress Cookie Flaw Lets Hackers Hijack Your Account

Do you own a blog on WordPress.com website? If Yes, then you should take some extra cautious while signing into your WordPress account from the next time when connected to public Wi-Fi, because it can be hacked without your knowledge, even if you have enabled two-factor authentication.
 
Yan Zhu, a researcher at the Electronic Frontier Foundation (EFF) noticed that the blogs hosted on WordPress are sending user authentication cookies in plain text, rather than encrypting it. So, it can be easily hijacked by even a Script-Kiddie looking to steal information.
 
HIJACKING AUTHENTICATION COOKIES
When WordPress users log into their account, WordPress.com servers set a web cookie with name “wordpress_logged_in” into the users’ browser, Yan Zhu explained in a blog post. He noticed that this authentication cookie being sent over clear HTTP, in a very insecure manner.
 

One can grab HTTP cookies from the same Wi-Fi Network by using some specialized tools, such as Firesheep, a networking sniffing tool. The cookie can then be added to any other web browser to gain unauthorized access to the victim’s WordPress account and in this way a WordPress.com account could be easily compromised.
Wordpress hacking cookies
Using stolen cookies, an attacker can get access to the victim’s WordPress account automatically without entering any credentials and fortunately the vulnerability does not allow hijackers to change accountpasswords, but who cares? as the affected users would have no knowledge that their wordpress account has been hijacked.

Hijacking cookie on WP gives you login for 3 years. There’s no session expiration for the cookie, even when you log out.” Yan tweeted.

Using this technique, one can also see blog statistics, can post and edit articles on the hijacked WordPress blog and same account also allows the attacker to comment on other WordPress blogs from the victim’s profile. Sounds Horrible! Isn’t it?

But, an attacker “couldn’t do some blog administrator tasks that required logging in again with the username/password, but still, not bad for a single cookie.” she explained.

She recommends that WordPress ‘should set the “secure” flag on sensitive cookies so that they’re never sent in plaintext.’
 
The Good news is that, if you own a self-hosted WordPress website with full HTTPS support, then your blog is not vulnerable to cookies reuse flaw.

Recently, similar Cookies reuse vulnerability was discovered by ‘The Hacker News‘ team on eBay website, that could allow an attacker to hijack eBay accounts without knowing the victims’ actual credentials.

 

http://thehackernews.com/2014/05/wordpress-cookie-flaw-lets-hackers-to.html

eBay hacked, change your password now!


If you have an eBay Account then you should change your password immediately, because the World’s biggest E-commerce company with 128 million active users announced today in a press release that it had been Hacked.
eBay revealed that attackers compromised customers’ database including emails, physical addresses, encrypted passwords and dates of birth, in a hacking attack between late February and early March, but financial information like credit card numbers, as well as PayPal information were stored separately and were not compromised.

‘After conducting extensive tests on its networks,’ They also said they’ve found no evidence of unauthorized access or activity by registered eBay users, but as precaution, eBay is resetting everyone’s passwords that ‘will help enhance security for eBay users.’
Why did eBay wait so long to tell everyone? because just two weeks ago they discovered data breach. They conducted a forensic investigation of its computers to find the extent of the theft and found that intruders compromised some employees accounts and then used their access to get the data from servers.
“Cyber attackers compromised a small number of employee login credentials, allowing unauthorized access to eBay’s corporate network,” the company said in a statement.
They detected the unauthorized employee logins two weeks ago and “Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customers.” company said.
eBay customers are now potentially vulnerable to phishing attacks i.e. spoofed e-mails. Hackers or spammers could craft very convincing phishing emails which may appear legitimate at first glance, but could trick you into revealing further personal information.
To change your eBay password, log into your account, select Account Settings, then click “Personal Information”, then “edit” next to your password. If you are using same login details for other websites, you should also update them as soon as possible.

http://thehackernews.com/2014/05/ebay-hacked-change-your-account.html

Up ↑