BID® Daily Newsletter
May 29, 2013

BID® Daily Newsletter

May 29, 2013

NO BABE IN THE WOODS


We've been reading about feral pigs lately and all the damage they are doing in the US. These pigs are mean, they will destroy crops, attack humans and they carry diseases. They are the most destructive invasive species in the US, are found in 39 states now and number roughly 6mm. They can begin breeding at 6 months of age and have two litters each year of 4 to as many as 12 piglets each time. They are related to wild boars and are about as far away from the sweet little pink pig "Babe" in the movie a few years back as they can possibly be.
This wild behavior brought to mind the recent ATM heist that sent a chill down the spine of everyone responsible for an ATM system. Thieves stole $45mm in a matter of hours, seemingly creating money from thin air.
A company that tests security systems for banks, retailers and other organizations set out to do the same in 2010 and only stole $14mm. Given, it was all a test and the security company handed their ATM balance receipt to astonished bank managers as they explained the heist, but this is all nonetheless jarring.
To steal, experts say the first issue is to get access. In the experiment, the client gave the security company access, but there are other means of course. It may be possible to log into a bank's wireless network and convince the system that a foreign computer is a bank computer. Or perhaps someone in the bank, like cleaning staff, could put a thumb drive in a teller computer and reboot it using a new operating system that would access the hard drive of the teller system. From there it may be possible to access usernames and passwords.
Once in the system, "sniffer" software (which can be found online for free) determines which of the bank's systems are connected. In the security company test case above, the fake hacker reportedly flooded the switches, overwhelming the internal network with data until the switch began indiscriminately broadcasting. The sniffer was then able to find a teller login and password and take it from there.
The hacker then found that information sent between teller computers and the main database was unencrypted, so passwords and bank account numbers were up for grabs. The fake hacker set up a new account for himself and created $14mm out of thin air. He then had the ATM print out his balance so he could show the bank how easy it was to do. Needless to say, the bank took immediate steps to shore up security.
The recent $45mm heist reportedly involved pre-paid debt cards. Here, real-life hackers reportedly went into transaction processing networks and manipulated accounts to create high spending limits. They then went around to ATMs and rooted all over the place.
This story reminds us that as with pigs, sometimes a small event can lead things to change forever and escalate quickly. Cyber crime has always been a nuisance and has cost time, effort and money, but the level has clearly escalated as the sophistication and hunger of the criminals has grown over time.
Subscribe to the BID Daily Newsletter to have it delivered by email daily.