ASTAGA ! ATM semakin BERESIKO
Posted by horasio on August 1, 2009
Alih-alih memasuki sistem baru bertransaksi dalam perekonomian, penggunaan ‘uang plastik’ dalam bentuk kartu ATM, Kredit card, dan sejenisnya menghadapi ancaman luar biasa serius. Seiring meningkatnya penggunaan jasa perbankan, aktivitas transaksi pun meningkat. Namun, sistem yang terkomputerisasi itu justru menjadi ‘celah’ bagi orang-orang yang memiliki keahlian, kemampuan, atau pun memang dilandasi motif ingin kaya untuk mengambil hak orang lain tanpa diketahui sang pemilik. Dan, media di Eropa, terutama di Inggris pun mulai menyampaikan kekhawatiran terhadap resiko yang dihadapi pemegang uang plastik itu.
Berikut petikan beritanya:
Card PINs traded at two for a dollar
Forums such as this, say analysts of cybercrime, have become the hubs of a £30 billion-a-year global industry that in 2008 alone spirited nearly 300 million items of supposedly secure information from the internet.
On one such forum, to which The Times gained access, a seller offers eBay accounts that appear to have impeccable reputations and 100 per cent buyer satisfaction levels — a disguise that could be used to perpetrate multiple frauds across the globe. Another is offering, for $10 (£6), a list of 30,000 “clean” British e-mail addresses that have not yet received spam and would therefore make easy targets. Skype accounts are also available, at a charge of 50 per cent of whatever financial gain the customer is able to make from them.
Over the past 18 months there has been an unprecedented growth not just in the volume of data theft, but in the sophistication of the attacks.
The problem, explained Bryan Sartin, head of the investigative response team at the US-based IT company Verizon Business, is that black-market forums have done their job too well: supply-and-demand economics have imposed themselves with catastrophic success. With the market now saturated with available data on tens of millions of credit card accounts, the online cost of a single credit card has plunged from $16 to 50 cents in a few months.
The glut of credit card information has prompted the hackers to go in quest of more valuable data loot, Mr Sartin said. The big money now is in stealing PINs and mothers’ maiden names along with the associated accounts. This has led to the successful execution of complex attack strategies previously thought only theoretically possible, he said.
The leap in sophistication of cybercrime is clear from the amount of verbal traffic on the forums. Analysts at TrendMicro, a Japanese company specialising in internet security, watched as a vendor sold software that can defeat the “breaker” programs that enable websites to differentiate between a human user and an automated disseminator of spam.
Verizon Business investigators watched an online auction for software that would give access to a particular cash register in a particular US branch of a large fast-food chain. Any time a customer used a debit or credit card to pay for their burgers, the PIN data would be diverted to the criminals. The hacking software eventually sold for $60,000.
Along with the complexity of the data heisting, the profile of the hackers has changed too. The dominance of the Russian Business Network — a much-feared association of cybercriminals rumoured to enjoy official protection in Moscow — has given way to new players, many operating from China.
This trend has accelerated as companies in the developed world have increasingly outsourced elements of their businesses to China. Stuart Witchell, senior vice-president of FTI-International Risk, an Asian-based risk consultancy, said that while hackers represent a significant threat to businesses, many data breaches are carried out by company insiders.
Investigators of one recent spate of PIN thefts believe that the enabling “sleeper” code was inserted into the software of a batch of credit card readers produced in a Chinese electronics factory on behalf of a European company.
Raimund Genes, the chief technical officer of TrendMicro, whose main business is protecting companies against viruses and other forms of online assault, says that since 2007 the average number of new “malware” samples his company has to process each month has risen from 270,000 to more than one million.
Mr Genes fears that the online cybercrime marketplaces have become so sophisticated that it may soon be impossible for the likes of TrendMicro and government agencies to penetrate them effectively.