Hackers Steal Millions From 7-Eleven ATMs


citi-atm.jpg
Hackers broke into Citibank’s network of ATMs inside 7-Eleven stores and stole customers’ PIN codes, according to recent court filings that revealed a disturbing security loop-hole in the most sensitive part of banking records. Hackers are targeting the ATM system’s infrastructure, which is built on MS Windows operating system and allows machines to be remotely diagnosed and repaired over the Internet. Despite industry standards that call for protecting PINs with strong encryption — some ATM operators apparently aren’t properly doing that. The PINs seem to be leaking while in transit between the automated teller machines and the computers that processes the transactions which pretty much tells that PINs aren’t always encrypted like they’re supposed to be. It’s unclear how many Citibank customers were affected by the breach, starting October 2007 to March of 2008 specially since the bank has nearly 5,700 Citibank-branded ATMs inside 7-Eleven Inc. stores throughout the U.S., but it doesn’t own or operate any of them.


A critical issue in the investigation is how the hackers infiltrated the system, a question that still hasn’t been answered publicly. The heist was pulled off without even touching the ATM machines network through a server at a third-party processor. They could have done this by gaining administrative access to the machines — through a flaw in the network or by figuring out those computers’ passwords or they probably installed a piece of malicious software on a banking server to capture unencrypted PINs as they passed through. Which means for consumers is that their PINs were stolen from machines that showed no signs of tampering they could detect. Sounds like script for Oceans eleven or more like Seven Eleven!
Source