"Chip and Pin" cracked by criminal gangs, what will be next on the cards?

Run_to_da_hills

Seems a bit of a cat and mouse game between organised criminal gangs and financial institutes, first it was the magnetic strip which was hacked by skimmers, next the chip and pin was supposed to be "fool proof", Now we have heard that this has also been cracked, What else can they think of next :eek:


http://www.ft.com/cms/s/0/de5e5960-69a2-11dd-91bd-0000779fd18c.html

Jimbo

If the chips are hackable, imagine the carnage that will be caused when national identity cards come into force

Headshot

Run_to_da_hills wrote: »

Seems a bit of a cat and mouse game between organised criminal gangs and financial institutes, first it was the magnetic strip which was hacked by skimmers, next the chip and pin was supposed to be "fool proof", Now we have heard that this has also been cracked, What else can they think of next :eek:


http://www.ft.com/cms/s/0/de5e5960-69a2-11dd-91bd-0000779fd18c.html

thats old news

they put fake cover over where you put into the card and it scans your card and they put a small camera above the number buttons for your pin

shenanigans1982

Run_to_da_hills wrote: »

Seems a bit of a cat and mouse game between organised criminal gangs and financial institutes, first it was the magnetic strip which was hacked by skimmers, next the chip and pin was supposed to be "fool proof", Now we have heard that this has also been cracked, What else can they think of next :eek:


http://www.ft.com/cms/s/0/de5e5960-69a2-11dd-91bd-0000779fd18c.html

Are all you're threads designed to instill fear/paranoia in us? Keep this up and pretty soon I'll be living in a basement having no contact with the outside world and eating beans from a tin......or ignoring your threads.

Headshot

Mr.S wrote: »

your thinking of ATMs

Chip & Pin is the yoke in shops/restraunts etc.

ohhhhh

they have done that now !

bloody hell

Phlann

You guys don't know the half of how insecure your money is.

There is a major financial institution in this country whose entire credit card system is wide open. All their administrator accounts have the exact same password.

The password is 'password'

I sh1t you not.

Run_to_da_hills

jimbo78 wrote: »

If the chips are hackable, imagine the carnage that will be caused when national identity cards come into force

They use entirely different types of chips, the one on current bank cards is like a mobile phone sim while the one on the proposed national ID card is "contactless" and radio based.

Archeron

The next big idea in international security is having us all connected at the base of our consciousness's to a huge central computer that can monitor our every thought, never mind our every move.
Unfortunately, word has it that the current approved version means we will all have to be attached to this supercomputer by wires, so it be may be a bit awkward in busy places, or on trains.

If I was connected now, I would know the plural of consciousness, so in a way, its a good thing.

Headshot

why dont they get cards that use your finger

instead of using the buttons to type in ,you have a machine that scans your finger

like at aerports

Jimbo

Phlann wrote: »

You guys don't know the half of how insecure your money is.

There is a major financial institution in this country whose entire credit card system is wide open. All their administrator accounts have the exact same password.

The password is 'password'

I sh1t you not.

Pubishing it on a public forum isn't going to help the situation.

Better not be my bank

Flamed Diving

I, for one, welcome our etc, etc.

Run_to_da_hills

Maybe the social welfare dept are going it about the right way by giving out the dole out in cash at local the post offices, thus eliminating the use of dodgy banking cards. Maybe we can hit our employers to go back to the old days of being paid in cash

Phlann

jimbo78 wrote: »

Pubishing it on a public forum isn't going to help the situation.

Better not be my bank

Well, I haven't given the name of the institution or the usernames (which tbf are laughably easy to guess).

They have so many superficial failsafes in place, like high and low user classes to prevent low-level employees from messing about (everything needs to be approved by supervisor accounts)... and then there's this series of super-user accounts - all with the same password - that allow anybody access to the entire system!

Jokeshop.

Jimbo

Retina scanners in shops ftw

Gran Hermano

Time for Run to da hills weekly tin-foil hat thread.
You're going to give yourself an ulcer or heart-attack with all the
worry.

I'm off to Feedback to see if we can have the Conspiracy Theories
board renamed in his honour.

thelordofcheese

shenanigans1982 wrote: »

Are all you're threads designed bore us rigid?

I fixed that for you.

shenanigans1982

Archeron wrote: »

The next big idea in international security is having us all connected at the base of our consciousness's to a huge central computer that can monitor our every thought, never mind our every move.
Unfortunately, word has it that the current approved version means we will all have to be attached to this supercomputer by wires, so it be may be a bit awkward in busy places, or on trains.

If I was connected now, I would know the plural of consciousness, so in a way, its a good thing.

I'll get John Connor and get him to a safe house.

humanji

Nonsense. Urine Samples ftw!

Guy:Incognito

Yawn. Anyone can buy a card reader. whats so newsworthy about that,

No system is secure when people on the inside can be bought or decide to organise a scam. Thats obvious. Theres nothing wrong with the system but when someone with acess turns bad theres very little can be done till they are found and stopped.

brianthebard

Archeron wrote: »

The next big idea in international security is having us all connected at the base of our consciousness's to a huge central computer that can monitor our every thought, never mind our every move. Unfortunately, word has it that the current approved version means we will all have to be attached to this supercomputer by wires, so it be may be a bit awkward in busy places, or on trains. If I was connected now, I would know the plural of consciousness, so in a way, its a good thing.

consciousness can't have a plural.

El Weirdo

Stekelly wrote: »

Yawn. Anyone can buy a card reader. whats so newsworthy about that,

No system is secure when people on the inside can be bought or decide to organise a scam. Thats obvious. Theres nothing wrong with the system but when someone with acess turns bad theres very little can be done till they are found and stopped.

Therefore, there is something wrong with the system.;)

Dave!

Flamed Diving wrote: »

I, for one, welcome our etc, etc.

Welcome our what?

jester77

Run_to_da_hills wrote: »

Seems a bit of a cat and mouse game between organised criminal gangs and financial institutes, first it was the magnetic strip which was hacked by skimmers, next the chip and pin was supposed to be "fool proof", Now we have heard that this has also been cracked, What else can they think of next :eek:


http://www.ft.com/cms/s/0/de5e5960-69a2-11dd-91bd-0000779fd18c.html

SCOOP:
They will hack our minds :eek: :eek: :eek:





FOR SALE:
Tin foil hats, only €99

Guy:Incognito

el_weirdo wrote: »

Therefore, there is something wrong with the system.;)

Well unless someone can create a system that isnt created by someone and that no one has access to (skynet? ) then every system is fallible.

d22ontour

Skynet is already upon us.

http://www.skynet.be/

And there bb pisses on everyone elses too.

:pac:

jimmycrackcorm

This is typical of the news media bending the truth to sell more. The chip and pin system has not been hacked. All that is happening is that instead of criminals using cameras to capture what pin is being entered, they can now record the pin from the keypresses. Then to use that pin they have to go back to the old method of using the magnetic stripe on an atm that doesn't have chip capability. They can't clone the chip because even with the pin, you can't actually read the essential data off it.

DanGerMus

{(-_-)}HeadShoT** wrote: »

why dont they get cards that use your finger

instead of using the buttons to type in ,you have a machine that scans your finger

like at aerports

Well thats all well and good until you consider two things.

1. There will always be a scumbag criminal who will want to rob your money from the bank.

2. What do you think he will have to do to get a hold of your finger.

\/\/\/Similarly Retina scans not so good\/\/\/

Savman

Run to da hills...prolly the most apt username on boards.

I'm convinced he's recruiting for the Movementarians.

Alun

Stekelly wrote: »

Yawn. Anyone can buy a card reader. whats so newsworthy about that,

No system is secure when people on the inside can be bought or decide to organise a scam. Thats obvious. Theres nothing wrong with the system but when someone with acess turns bad theres very little can be done till they are found and stopped.

Absolutely .. nothing at all has been "cracked" :rolleyes::rolleyes:

thelordofcheese

d22ontour wrote: »

Skynet is already upon us.

http://www.skynet.be/

And there bb pisses on everyone elses too.

:pac:

Theres an irish skynet as well, though i think they are all linux nerds and therefore no threat to anybody

hobochris

the only solution is Biometrics.

finger print scanners can and have been cracked already.

for the moment it'll have to be iris scanners.

eventually I'd say it will be a DNA scanner that doesn't require a separate sample. i.e. it can scan you DNA from just being in contact with your skin, but thats a few years down the line, they are still trying to decipher the DNA coding.

Run_to_da_hills

hobochris wrote: »

the only solution is Biometrics.

finger print scanners can and have been cracked already.

for the moment it'll have to be iris scanners.

eventually I'd say it will be a DNA scanner that doesn't require a separate sample. i.e. it can scan you DNA from just being in contact with your skin, but thats a few years down the line, they are still trying to decipher the DNA coding.

Thumb print reading instead of the pin readers would be the obvious for ATM and shops. I have already seen biometric readers for clocking employees to stop misuse of guys clocking each other out.

syklops

Most biometric fingerprinting scanners, if not all, are very easily circumvented. Did you know that most will read a photocopy of a print?

To stop people cutting off other people's fingers, most check for a pulse aswell, which is laughable if it reads a photocopy, as all you need to do is cover your finger with the photo copy, and press it to the sensor.

Also, I wish people would stop handing out their privacy. Its bad enough the system knowing your PIN number. What happens when the finger prints and DNA of the entire country is held on a computer managed by the same people who brought us the e-voting machines? I am not saying the guv'ment will do anything too much with the information, I am more afraid of them leaving it wide open for someone else to take control of.

As for who ever said that you can not read the information directly off the chip, I ask "And why not? How does the ATM machine read it?"

stepbar

Phlann wrote: »

You guys don't know the half of how insecure your money is.

There is a major financial institution in this country whose entire credit card system is wide open. All their administrator accounts have the exact same password.

The password is 'password'

I sh1t you not.

Gob****es banks like deserved to be robbed.....

Capt'n Midnight

http://news.bbc.co.uk/1/hi/uk/3042819.stm
France has had chip and pin since '93 - it's old technology
AFAIK the link between some readers and the computer isn't encrypted so it could be sniffed there

IIRC the French also expiremented with thumb print readers too, but chip was cheaper. Other ideas are putting the users photo on the card

Random

Run_to_da_hills wrote: »

Seems a bit of a cat and mouse game between organised criminal gangs and financial institutes, first it was the magnetic strip which was hacked by skimmers, next the chip and pin was supposed to be "fool proof", Now we have heard that this has also been cracked, What else can they think of next :eek:


http://www.ft.com/cms/s/0/de5e5960-69a2-11dd-91bd-0000779fd18c.html

The whole thing is warped. I put the wrong PIN in three times today. The shop assistant apoligised (why??) and asked me to sign for it instead.

Run_to_da_hills

Capt'n Midnight wrote: »

http://news.bbc.co.uk/1/hi/uk/3042819.stm
France has had chip and pin since '93 - it's old technology
AFAIK the link between some readers and the computer isn't encrypted so it could be sniffed there

IIRC the French also expiremented with thumb print readers too, but chip was cheaper. Other ideas are putting the users photo on the card

Typing your pin was also used in the US back in the early 90ies, photo ID was also required such as a driving license. Photo on card is grand for a visual purchase over the counter, but no good for ATM machines etc.

I worked for a sub contractor at a pharmaceutical plant in Shannon last September, they had a thumb print clock machine, Any tredesmen that had marks or cuts or dirt impregnated in their fingers would have difficulty reading it. If this technology was applied to ATMs and retail those working in the metal or mechanical trades would have trouble getting an accurate reading and would just be as frustrating as a machine swallowing your card if you needed cash in a hurry.

Flamed Diving

stepbar wrote: »

Gob****es banks like deserved to be robbed.....

Yes, damn them for giving people access to credit. I, for one, welcome a return to a bartering system.

Run_to_da_hills

Flamed Diving wrote: »

Yes, damn them for giving people access to credit. I, for one, welcome a return to a bartering system.

I can see more and more people choosing to take on some kind of a bartering system once things start to turn towards a cashless society, particularly those working in the black economy.

Flamed Diving

Run_to_da_hills wrote: »

I can see more and more people choosing to take on some kind of a bartering system once things start to turn towards a cashless society, particularly those working in the black economy.

Mint Sauce

just heard this morning on the news, criminals posing as maintance employees for a number of banks have managed to fit skimming devices to shop chip and pin terminals, scam was uncovered of the weekend, more here

Capt'n Midnight

Run_to_da_hills wrote: »

I worked for a sub contractor at a pharmaceutical plant in Shannon last September, they had a thumb print clock machine, Any tredesmen that had marks or cuts or dirt impregnated in their fingers would have difficulty reading it. If this technology was applied to ATMs and retail those working in the metal or mechanical trades would have trouble getting an accurate reading and would just be as frustrating as a machine swallowing your card if you needed cash in a hurry.

you could have a code like

Please enter the fourth digit , please enter the first digit ...
so you could use all 10 digits or combinations thereof so as long as you had a few of them left you would he still able to validate , instead of having one point of failure.

Run_to_da_hills

Capt'n Midnight wrote: »

you could have a code like

Please enter the fourth digit , please enter the first digit ...
so you could use all 10 digits or combinations thereof so as long as you had a few of them left you would he still able to validate , instead of having one point of failure.

It was a main contractor that had this device, any sub contractors were obliged to use it. When I registered first day with the company they gave the option of any of your ten fingers, You had to register the finger several times. I chose my right hand index. I suppose they could have given two options. I have the same biometric system on one of my laptops but disabled the function because it is a pain in the as&, also I don't like the idea of spyware etc having access to this stuff if i use it on line. Dell also have it as a security feature on some of their XPS range.

Back on topic, I can see Chip and pin being phased out and replaced by RFID soon, already a system wide open to cloning. http://ie.youtube.com/watch?v=4jpRFgDPWVA

listermint

Run_to_da_hills wrote: »

Seems a bit of a cat and mouse game between organised criminal gangs and financial institutes, first it was the magnetic strip which was hacked by skimmers, next the chip and pin was supposed to be "fool proof", Now we have heard that this has also been cracked, What else can they think of next :eek:


http://www.ft.com/cms/s/0/de5e5960-69a2-11dd-91bd-0000779fd18c.html

Regardless of what you have read in the papers, the chips are incripted and are not "hackable" The info the gangs took from this current scam is the magnetic information. They obtained card numbers and expiry dates utilising the pinpad devices. These gangs still need your pin number. They cannot replicate your card onto another chip card and take cash out of an atm. They were in fact selling the card "details" abroad or ordering goods online. Its about the banks/credit companies being on the ball as regards unusual activity on a card holders accounts e.g. you suddenly buy a carpet in bangladesh...

andrew

I have a solution: Quantum Cryptography. For everything.

bug

http://www.irishtimes.com/newspaper/ireland/2008/0819/1218868120438.html

That seems a bit more relevant to ROI.

javaboy

Run_to_da_hills wrote: »

Any tredesmen that had marks or cuts or dirt impregnated in their fingers would have difficulty reading it. If this technology was applied to ATMs and retail those working in the metal or mechanical trades would have trouble getting an accurate reading and would just be as frustrating as a machine swallowing your card if you needed cash in a hurry.

Interesting point. AFAIK the London 2012 Olympic building sites will be using hand recognition systems as opposed to fingerprint scanners to avoid this exact problem.

Run_to_da_hills

shenanigans1982 wrote: »

Are all you're threads designed to instill fear/paranoia in us? Keep this up and pretty soon I'll be living in a basement having no contact with the outside world and eating beans from a tin......or ignoring your threads.

My posts are based on FACTS quoting either articles from the British or Irish press or legitimate researched information on the subject. I have studied "bar codes" since the mid 80ies and RFID technology since the mid 90ies with books going back to same and have also given talks on the subject.

You can go ahead and live in a cocoon and not speak out about the up coming privacy concerns on RFID technology and how it can intrude on your every day living from anything from heading down the M50 to travelling on the Luas or making a cashless transaction. YOU will be the very one that will gladly accept the microchipped national id card, smart cards, e tags etc as a great and modern convenient cashless tools.

Already the dogs are barking in the streets about what is in store around the corner. I.E. The Global microchip implant or forbidden mark. Revelation 13vs 16 to 18.

http://news.bbc.co.uk/nolavconsole/ukfs_news/hi/newsid_4590000/newsid_4591700/bb_wm_4591760.stm
http://news.bbc.co.uk/1/hi/technology/4247275.stm
http://news.bbc.co.uk/1/hi/technology/3582779.stm
http://news.bbc.co.uk/1/hi/technology/3211373.stm
http://news.bbc.co.uk/1/hi/england/berkshire/3110650.stm
http://news.bbc.co.uk/2/hi/technology/3121652.stm