Citibank ATM network hacked
The on-line edition of the New York Times reports that unknown persons have gained access to Citibank's internal ATM network and captured PIN data, using the network connections of Citibank ATMs installed in the US 7-Eleven retail chain. The thieves are said to have got the PINs by attacking the remote terminals that validate the PINs input at ATMs, thus bagging several million dollars. The number of Citibank clients affected is unknown.
The New York Times also speculates that the transmission of the PINs on such networks is not adequately secured, quoting the security analyst Avivah Litan of the Gartner consultancy firm, who says PINs are not always encrypted as they should be. This episode recalls the work of the Israeli security researchers Omer Berkmann and Odelia Moshe Ostrovsky, who have published explanations of the way PIN data can be intercepted by attacks on the ATM network. In general, the security standards imposed on these networks are less stringent than those applying to the ATMs and remote terminals.
- PIN transmission at automated tellers less safe than expected at heise Security