Advertising

The Seattle Times Company

NWjobs | NWautos | NWhomes | NWsource | Free Classifieds | seattletimes.com

The Seattle Times Winner of Eight Pulitzer Prizes

Business / Technology


Our network sites seattletimes.com | Advanced
Quick links: Traffic | Movies | Restaurants | Today's events | Video | Photos | Interactives | Blogs | Forums | Subscriber Services
Contact us

Originally published Wednesday, July 2, 2008 at 12:00 AM

Print

Accused hackers steal PINs from Citibank ATMs

Hackers broke into Citibank's network of ATMs inside 7-Eleven stores and stole customers' PIN codes, according to recent court filings that...

By JORDAN ROBERTSON

The Associated Press

SAN JOSE, Calif. — Hackers broke into Citibank's network of ATMs inside 7-Eleven stores and stole customers' PIN codes, according to recent court filings that revealed a disturbing security hole in the most sensitive part of a banking record.

The scam netted the alleged identity thieves millions of dollars. But more importantly for consumers, it indicates criminals were able to access PINs — the numeric passwords that theoretically are among the most closely guarded elements of banking transactions — by attacking the back-end computers responsible for approving the cash withdrawals.

The case against three people in U.S. District Court for the Southern District of New York highlights a significant problem.

Hackers are targeting the ATM system's infrastructure, which is increasingly built on Microsoft's Windows operating system and allows machines to be remotely diagnosed and repaired over the Internet. And despite industry standards that call for protecting PINs with strong encryption — which means encoding them to cloak them to outsiders — some ATM operators apparently aren't properly doing that. The PINs seem to be leaking while in transit between the automated teller machines and the computers that process the transactions.

It's unclear how many Citibank customers were affected by the breach, which extended at least from October to March and was first reported by technology news Web site Wired.com. The bank has nearly 5,700 Citibank-branded ATMs inside 7-Eleven stores throughout the U.S., but it doesn't own or operate any of them.

All that's known is the ATM network was breached through a server at a third-party processor, which means those responsible probably didn't have to touch the ATMs at all to pull off the heist.

The alleged plot is outlined in court papers supporting the prosecution of three people — Yuriy Rakushchynets, Ivan Biltse and Angelina Kitaeva. They were indicted in March on two counts each of conspiracy and fraud. Prosecutors say their activities generated at least $2 million in illegal profits.

Lawyers for all three did not return calls for comment, and it was unclear where they had been living. The main defendant, Rakushchynets, was described as having Michigan and Florida driver's licenses in a February FBI affidavit for an arrest warrant.

Copyright © 2008 The Seattle Times Company

More Business & Technology headlines...

Print      Share:    Digg     Newsvine

advertising

More Business & Technology

UPDATE - 09:46 AM
Exxon Mobil wins ruling in Alaska oil spill case

UPDATE - 09:32 AM
Bank stocks push indexes higher; oil prices dip

UPDATE - 08:04 AM
Ford CEO Mulally gets $56.5M in stock award

UPDATE - 07:54 AM
Underwater mortgages rise as home prices fall

NEW - 09:43 AM
Warner Bros. to offer movie rentals on Facebook

Advertising

Video

Marketplace

 
Most read
Most commented
Most e-mailed
 
 
  1. Lakewood cop accused of embezzling $150K meant for slain officers' families
  2. 3 big health insurers stockpile $2.4 billion as rates keep rising
  3. Agency set to investigate handling of 911 call about Josh Powell
  4. Quick decisions: How Washington hired its new football staff
  5. Historic day for gay marriage as another fight looms
  6. Justin Wilcox's versatile defensive style is the right fit for Huskies | Jerry Brewer
  7. It's Terrence Time: Enigmatic Ross leads Huskies
  8. Social worker recounts minutes before Powell fire
  9. $25B settlement reached over foreclosure abuses
  10. Club promoter convicted in brutal 2010 murder of Des Moines prostitute
  1. Gay-marriage bill passes House, awaits Gregoire's signature Comments436
  2. Historic day for gay marriage as another fight looming Comments350
  3. Sheriff's office unhappy with 911 dispatcher in caseworker's call Comments283
  4. 3 big health insurers stockpile $2.4 billion as rates keep rising Comments238
  5. Source: NY, California to sign mortgage settlement Comments223
  6. Oregon live game thread Comments155
  7. Wanted in Seattle classrooms: more teachers of color Comments144
  8. Pac-12 picks ... including the UW game Comments140
  9. Lakewood cop accused of taking donations for slain officers' families Comments113
  10. Worker: Josh Powell told son he had 'surprise' Comments78
  1. State Medicaid program to stop paying for unneeded ER visits
  2. 3 big health insurers stockpile $2.4 billion as rates keep rising
  3. One man's audacious pursuit of sailing history
  4. Darren Berg gets 18-year sentence for Ponzi scheme
  5. Wanted in Seattle classrooms: more teachers of color
  6. $25B settlement reached over foreclosure abuses
  7. A wandering gene's destructive path | Book review
  8. 'Gauguin and Polynesia': dazzling mix-and-match | Art review
  9. UW opening incubator facility for startups
  10. Controversial principal at Lowell Elementary takes job in Tacoma

Most viewed imagesMore

Advertising