- +
Your World. . . Hacked 02/10/2007 10:51:23
As your business becomes more collaborative and global, the risks to your company’s trade secrets rise proportionally. Fortunately, there are new strategies to protect the data that allows you to competeThe call to Bob Bailey, an IT executive with a major US government contractor, came on an otherwise ordinary day in October 2003. "Why are you attacking us?" demanded the caller, an IT leader with a Silicon Valley manufacturer. He wanted to know why Bailey's company had launched a denial-of-service attack against his network
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Extending Business Solutions across the Organisation
Why Security SaaS Makes Sense Today
Still Sneaking In: The Threats Your Security Tools Aren't Telling You About
Radicati Market Quadrant 2008 on Corporate Web Security
Market Trends: Multienterprise/B2B Infrastructure Market | Worldwide | 2008
Dude! You Say I Need an Application-Layer Firewall?!
Growth Strategies in Uncertain Times: Building & Maintaining Good Client Relationships in Professional Services Organisations
Web Security SaaS: The Next Generation of Web Security
Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
Malicious ATM intrusions, such as the late-winter breach that resulted in the compromise of Citibank debit card data, are not at all surprising given the vulnerable state of many of the servers and other components involved in processing such transactions, according to some industry representatives.
In fact, such incidents happen more often than generally perceived, though very few of them get the same kind of public attention that the Citibank breach attracted.
In the case of the Citibank attack, a server that processes withdrawals for Citibank-branded ATMs located at 7-11 convenience stores in the New York City area was breached sometime earlier this year. Card data and PIN codes stolen from that server were used to make hundreds of fraudulent ATM withdrawals during February, resulting in losses of at least US$750,000 to the bank.
ATM video cameras caught images of a man in a tan jacket and Top Gun hat making the fraudulent withdrawals. The footage led authorities to a man named Yuriy Ryabanin, who was later arrested in connection with the intrusions and fraud. Arrested along with him in connection with the incident were two other individuals, Olena Rakushchynets and Ivan Biltse.
Citibank confirmed that the intrusions caused it to block and reissue cards to an undisclosed number of customers. But in a formal statement, the company said it did not own or operate any of the servers that were compromised in the incident. All Citibank-branded ATMs in 7-11 stores are owned and operated by Cardtronics, a US-based operator of ATMs that manages close to about 36,000 machines, a spokesman added.
A Cardtronics spokesman refused to comment on the intrusions, saying that the company was not involved in any of the criminal proceedings currently underway in the case. The spokesman added that, at the moment, investigations into how the breach might have occurred are still underway and that it is still not clear if any server owned by Cardtronics was in fact compromised. The spokesman also refused to offer any reasons as to why only Citibank customers appear to have been affected by the intrusion.
Most of the public details relating to the incident come from court papers filed in connection with Ryabinin's arrest. They show that Citibank informed the FBI about the ATM server breach around Feb 1 of this year. The document doesn't mention how many debit card accounts might have been compromised in the hack, but do show that Ryabanin made hundreds of illegal withdrawals over a period of a few days during the end of February using information stolen in the heist. At the time of his arrest for the Citibank intrusion Rybanin was already being investigated by federal authorities for a similar fraud he had perpetrated against First Bank.
In that incident, Ryabanin breached four bank accounts used by employers to fund pre-paid cards that they were using to pay salaries to employees who lacked bank accounts. The October 2007 compromise resulted in thousands of fraudulent ATM withdrawals being made around the world, eventually costing First Bank about US$5 million in losses according to the court papers.
Computerworld Member Login
IT Security as a business enabler?
Download CA's white paper
Link IT services with business goals.
Download CA's white paper
Prioritizing Services with IT Service Management (ITSM)
Computerworld Live Webinar
Wednesday 20th, August 2008
11:00am EST (Sydney, Australia)
To be repeated on:
Thursday 4th, September 2008
11:00am EST (Sydney Australia)
Sign up and receive a free copy of The Forrester WaveTM Service Desk Management Tools, Q2 2008 at the conclusion of the Webinar.
Attend and discover:
- How to deliver value to your business through ITSM
- Best practice ITSM implementation
- Why emphasis is changing from optimizing IT management processes to better servicing customers and demonstrating real dollar value
- If service-oriented ITSM is best for your business
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Viva la Verticals! Key to Vendor Growth is Through Vertical Market Opportunities, Says IDC 2008-09-05 11:05:00+10
F-Secure delivers fastest protection in the online world 2008-09-04 16:50:00+10
NETGEAR expands ProSafe team as business-class products take off in SME market 2008-09-04 16:27:00+10
Rogue security apps dominate Fortinet's Aug 2008 IT threat report 2008-09-04 16:00:00+10
Adaptec Intelligent Power Management Reduces Storage Power Consumption Up to 70 Percent 2008-09-04 11:28:00+10
An EMC Perspective on Data De-Duplication for Backup
Explore the factors that are driving the need for de-duplication and the benefits of data de-duplication as a feature of an organizations backup strategy.
