KOMO News in Seattle reports federal agents have arrested a pair of suspects accused of skimming several ATM machines in the Puget Sound area. Gvidiv Mateescu and Claudiu Tudor are accused of rigging the machines to record bank account information. Investigators say the two stole more than $325,000 in Renton and Woodinville between September and October. They have been charged with fraud.
Bank Info Security reports payments card fraud is not expected to slow down anytime soon, especially from skimming attacks. Industry experts say card skimming at ATMs and points of sale is quickly reaching a tipping point in the United States, where lingering magnetic-stripe technology is making U.S. cardholders easy targets.
CU Info Security interviewed Avivah Litan at Gartner Research on emerging card schemes such as “flash attacks.” He said, “The emergence of so-called “flash attacks,” which rely on coordinated, often international, efforts to simultaneously withdraw funds from multiple ATMs using fake cards created from copied card details, is likely just the beginning. These attacks are problematic, because they evade most of the controls banks have put in place to detect fraud.”
The Baltimore Sun reports it wasn’t your traditional bank heist, but thieves recently got away with more than $90,000 from Columbia Bank by using a scheme called “skimming.” The thieves implanted a device in October on an ATM at the bank’s Long Gate Parkway branch in Ellicott City, collecting account information each time a customer used the machine over two weekends, officials say. Armed with this information, they were able to withdraw money from customers’ accounts — which the bank later replaced.
The Register reports Russian cybercrooks contracted a virus writer to develop custom-made malware before launching a plot to loot compromised ATM machines. Once in place, the malware allowed the gang to obtain bank card details and associated PIN codes for later fraud. Although the gang – mostly from Yakutsk, a mid-sized city close to the Artic Circle in Siberia – were ultimately caught, the sophistication, planning and investment that went into their plot ought to be a wake-up call for the banking industry.
The TimesOnline reports that a British man has appeared in an Australian court to face charges over a multi-million dollar scam which police allege is the country’s largest debit card-skimming operation. The accused are alleged to have gone to more than 20 McDonald’s restaurants in the Perth metropolitan area, swapping the pin keypads on EFTPOS (Switch) machines at the outlets’ drive-throughs in September and stole more than $AU4.5 million (£ 2.5million) from about 4,000 victims.
Darkreading reports even with the intense investigations and research in the wake of targeted attacks against Google, Adobe, Intel, and more than 20 other U.S. firms, then later this year with the Stuxnet worm, little progress has been made in thwarting or decreasing highly targeted attacks, including so-called advanced persistent threat (APT) attacks.
Guardian Analytics has released a white paper on building a holistic security strategy. The paper contends what is needed is a holistic approach that breaks this cycle and protects all account holders against all types of attacks, without undue inconvenience for customers.
Security Magazine reports a united band of WikiLeaks supporters have knocked offline a number of high-profile websites that have taken a stand against the whistleblower organization and its founder. The “hacktivist” group Anonymous, best known for DDoS attacks against the Church of Scientology and anti-piracy sites, shifted its focus over the weekend to target anti-WikiLeaks’ websites, such as MasterCard and PayPal, with punishing distributed denial-of-service attacks.
Dark Reading reports the Enterprise Strategy Group (ESG), a leading IT industry analyst and consulting organization, recently announced the availability of a new research report titled, Assessing Cyber Supply Chain Security Vulnerabilities Within the U.S. Critical Infrastructure. Sixty-eight percent of the critical infrastructure organizations surveyed have experienced at least one security breach in the past 24 months, and 13% suffered more than three security breaches in the past 24 months.
