Category Archives: Hacking

FBI gets involved in the Indiana bank security breach

0
Filed under Hacking

This is a story that keeps getting more interesting…

I have been closely following the news that I blogged about last week regarding 1st Source bank of Indiana that fell victim to a pretty serious security breach. 1st Source ended up reissuing their entire credit card portfolio to their customer base.

The latest news is that other banks in the Indiana area are now reporting that their customers are reporting fraudulent transactions. The link is that all of these other bank customers used 1st Source ATM’s around the same time the breach happened. From the IHT article:

“Bank officials said the victims they know of appear to have all used 1st Source Bank ATMs during the first 10 days of May. James Seitz, 1st Source senior vice president, said officials from his bank met with officials from other financial institutions on Wednesday to discuss the situation.

“As we’re piecing this puzzle together, it appears that there may be a common thread,” Seitz said.

A security consulting firm alerted 1st Source about a computer breach on May 12. The bank shut down its computer system and contacted authorities. Two weeks ago, 1st Source sent letters to customers asking them to monitor their accounts for suspicious activity.”

I’m starting to suspect that the ATM’s themselves were compromised or the bank’s back end servers were compromised as well. From what I know about PIN storage, the PIN information in Track 2 data (this is the data that was reported stolen) on a credit/debit card does not have to be encrypted (however it can be, just not required by the ISO standard) so either a card “skimmer” device was used (physically attached to the outside of the ATM’s) or this Track 2 data was pulled off the wire perhaps using a network sniffer installed on the ATM’s. It could be similar to the Dave & Busters security breach that happened a few months ago. Whatever method was used, it was enough to replay this data to a bunch of fake ATM cards and start withdrawing cash and/or charging items from locations overseas. Hopefully the public gets to find out what really happened once 1st Source get’s their act together.

Indiana Bank gets Hacked…Who’s really to blame?

1
Filed under Hacking

<%image(20080609-1stSourceBank.jpg|75|53|1st Source Bank Hacked)%>

Interesting story that hit the wire last week about another bank security breach. This time 1st Source Bank of South Bend Indiana became the next victim of stolen debit card data. Not a ton of details have emerged yet but we do know the following:

1. A external monitoring service (an MSSP perhaps?) or hired security consultants (doing a pen test?) detected an unusual amount of data leaving one of the banks servers.

2. The bank notified law-enforcement authorities and hired outside forensic firms (aka: security incident response consultants) to analyze the breach.

3. Track 2 data was compromised. Track 2 data contains the cardholder account number, PIN, plus other discretionary data. Note that the ISO standard does not mention that the PIN has to be encrypted. Only Track 1 data requires it. This may make a replay attack (encoding a fake debit card and using it in ATM transactions with this information) possible.

4. The bank is reissuing all debit cards in it’s portfolio and is offering to pay for “Deluxe ID TheftBlock” – at $4.95 a month for one year for any customer who requests the service.

These quotes from the bank are classic:

The bank also is monitoring automated teller machine transactions “minute by minute” to stop unauthorized activity. But even if the efforts fail, account holders won’t suffer, Seitz said.

“We’re certainly not holding any of our customers financially responsible for any transactions related to this breach,” he said.

and….

“Actually, our customers have been very understanding,” he said. “Obviously, this is something that puts a little stress on that relationship.”

Really…are you kidding me? Also note that they have yet to publicly announce an official statement on their web site about the security breach. Actually, nowhere on their web site mentions anything about the breach (however, they mention lots of interesting stuff about a recent merger with another bank beginning on June 9th…so they are updating the web site regularly). Clearly this is an attempt to make this security breach out to be “no big deal” to the general public.

So who’s really to blame? The bank is of course! Personally, I would rather have my bank be honest and up front with me about a security breach instead of delayed announcements (nothing was sent to customers until two weeks after the breach) and talk about how customers will be “understanding”. Clearly there are major security and customer service issues at this bank. Current 1st Source customers should bail out ASAP!

How not to get your domain hijacked

0
Filed under Hacking

You probably have read about the interesting Comcast domain hijack that took very little technical skill a few weeks ago. Apparently these two hackers were able to social engineer their way to obtain access to the Comcast domain registration account that is being managed by Network Solutions. Once they had access they apparently changed the DNS record of Comcast.net to point to name servers under their control, thus hijacking the domain. For a short time they redirected Comcast users to a web page stating the following:

KRYOGENICS Defiant and EBK RoXed Comcast, sHouTz to VIRUS Warlock elul21 coll1er seven.”

Here’s the best part (from the Wired article):

Network Solutions spokeswoman Susan Wade disputes the hackers’ account. “We now know that it was nothing on our end,” she says. “There was no breach in our system or social engineering situation on our end.”

Deny, deny, deny….not surprised at this response since it makes providers like Network Solutions look really bad. Sooner or later all the details about how these guys did it will come out…then the truth will be told.

In the meantime…what can you do to prevent your site from being the next Comcast? Believe it or not…Network Solutions actually has a few good suggestions! Note: this was apparently posted after the Comcast domain hijacking incident…hmmmm…coincidence or not? 🙂

Seriously though. I don’t blame Network Solutions entirely as many companies forget that domain registrations require maintenance and regular review of the security controls around them. By the way, the Wired article that I mentioned above is a great read…and probably the best article currently out there on the hijack.