Four men in East Europe have been indicted in Georgia for the successful attack against RBS WorldPay, the processing arm for the Royal Bank of Scotland (due to the geographic location of the men, I though it was Georgia the country. Turns out it’s the US state with CNN Headquarters).
A year ago, RBS was hit by a coordinated ATM withdrawal attack. The thieves managed to make off with US$9.5 million, withdrawn from 2,100 ATMs over a 12-hour period.
What was notable about this was not just the coordination. It turned out the criminals were able to reverse-engineer the encryption protecting PINs. What this allows is wholesale hijacking: instead of having to phish PINs one by one, you can just attack a central repository holding such encrypted PINs.
Yikes!
No comments:
Post a Comment