Latest news
Reports that a Russian hacker has pleaded guilty of ripping off WorldPay, the online transaction processor, to the tune of $10 million, have met with a grim smile by Lieberman Software.According to Phil Lieberman, the methodology used by the 27-year-old hacker is a potential worst-case scenario that he and his team warn potential and existing clients about.
Not only did this guy manage to hack into WorldPay's systems back in 2008, but he then altered the parameters of the merchant accounts and boosted their online daily limits. From there he withdrew large amounts of cash from ATMs as he traveled the world.
"The case is a fascinating one as, by pleading guilty, it's unlikely we'll ever find out how this team of hackers managed to stiff the former RBS card processing division for an incredibly large sum of money," Lieberman said.
When you think about it, the only way that Yevgeny Anikin could have increased the withdrawal limits on the merchant accounts was by gaining access to an internal management account with the card processor.
The whole affair smacks of a lack of security on privileged accounts, which is an area of security in which we specialize.
As with all major card frauds of this type, however, this case involves the hacker ringleader pleading guilty, thereby preventing the actual processes used by the fraudsters(s) being revealed in an open court.
"We've been through our fraud records and are finding it difficult to come up with a major card fraud case involving hacking where the fraudster(s) have pleaded not guilty, and the case has gone to court," he said, adding that time after time, the fraudsters mysteriously plead guilty, are sentenced and the financial institution gets away without revealing the chinks in their electronic armor.
What are the possibilities of that happening?
"Quite low, actually, especially when you realize that this case was heard in a Siberian court, in a country where all sorts of unusual results come out of the courts, such as political rivals of President Putin mysteriously being incarcerated for years on end," he said.
"The bottom line is that you don't have to be conspiracy theorist to piece together what is happening: the card processing system is far from being infallible, and the banks are going to great lengths to avoid exposing how insecure their systems really are in an open court," he added.
"Of course, if I'm wrong, I'll be perfectly happy to discuss this issue with WorldPay or any other financial institution whose systems have been hacked and defrauded - and where the criminals have pleaded not guilty."
Spotlight
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Hacking charge stations for electric cars
Posted on 15 May 2013. | Ofer Shezaf talks about what charge stations really are, why they have to be ‘smart’ and the potential risks created to the grid, to the car and most importantly to its owner’s privacy and safety.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
