Wired tells a sad tale of bank security in America:
A computer intrusion into a Citibank server that processes ATM withdrawals led to two Brooklyn men making hundreds of fraudulent withdrawals from New York City cash machines in February, pocketing at least $750,000 in cash, according to federal prosecutors.
The ATM crime spree is apparently the first to be publicly linked to the breach of a major U.S. bank’s systems, experts say.
“We’ve never heard of PINs coming out of the bank environment,” says Dan Clements, CEO of the fraud watchdog company CardCops, who monitors crime forums for stolen information.
They say this is a new page in security risks. However, when you read the Citibank brief there was a breach of a server that was most likely exposed to a partner’s security (7-Eleven). Accessing systems peripheral and partnered to the bank’s network is definitely a classic move. The rising number of interconnected systems (Wired points to this as real cyber-crime instead of traditional social engineering and physical attacks) means this risk is ever more present. Perhaps what is new is that the same guys who in the past might have just been satisfied to attack individual users now know how to target larger assets.