Business Attacks
NetworkWorld.com
A computer intrusion into a Citibank server that processes ATM withdrawals led to two Brooklyn men making hundreds of fraudulent withdrawals from New York City cash machines in February, pocketing at least $750,000 in cash, according to federal prosecutors.
The ATM crime spree is apparently the first to be publicly linked to the breach of a major U.S. bank’s systems, experts say.
“We’ve never heard of PINs coming out of the bank environment,” says Dan Clements, CEO of the fraud watchdog company CardCops, who monitors crime forums for stolen information.
Credit card and ATM PIN numbers show up often enough in underground trading, but they’re invariably linked to social engineering tricks like phishing attacks, “shoulder surfing” and fake PIN pads affixed to gas station pay-at-the-pump terminals.
But if federal prosecutors are correct, the Citibank intrusion is an indication that even savvy consumers who guard their ATM cards and PIN codes can fall prey to the growing global cyber-crime trade.
DOJ Nabs 11 In TJX Hack
The US Department of Justice revealed this summer that a group of hackers used a combination of wardriving, sniffer software and SQL injection attacks to steal over 40 million credit and debit card numbers from TJX, OfficeMax, Barnes & Noble and other companies and store them on underground server systems in the US, Latvia and the Ukraine. The DOJ has indicted 11 alleged hackers on charges of computer fraud, wire fraud, access device fraud, aggravated identity theft. So far only one of the 11 people charged by the DOJ has pleaded guilty.
