Cyber Crime

An Epic Thread Yields Rapid Internet Justice

Posted Wed, 05/27/2009 - 15:29 by jesse

Yesterday I was sent a link to an incredible and epic thread, which a meta-mob of auto enthusiasts formed to mete out rapid Internet justice on a car parts thief who had been preying upon them.

Suspicious Acura TSX without license plateIt all started in the parking lot of Toronto's Yorkdale Mall. While the victim was at work, someone stole a specialized front lip from his car, an Acura TSX, in the middle of the day, using his own car to block what he was doing. The victim went to mall security, got video of the crime, but because the thief took the plates off his car, and there are no witnesses, the police said there was nothing they could do.

Frustrated by this lack of action, the victim turned to the TSXClub.com site, a forum for Acura TSX owners. He started the thread in the early hours of May 21st 2009.

As a bit of background, forums online are one of the largest and most vibrant elements of social media, and automotive forums tend to have a character and class all of their own. What is particularly interesting in this case is the not only way the forum responded, but also automotive forums of all kinds right across the web.

Immediately a suspect emerged, as one of the members recognized the car in the security video as being almost identical to photos of a car posted by another user of the site. At first people were hesitant to point fingers, but when the user tried to defend himself with a poorly written reaction, intense scrutiny started to fall on the suspect.

New PIN Hacking Techniques Threaten to Further Destabilize the Banking System

Posted Mon, 04/20/2009 - 15:03 by jesse

This week one of my columns on CBC Radio sheds light on a story circulating in network security circles that depicts a new and rather alarming attack on the banking system's transaction process. I'm getting a lot of emails from CBC listeners asking for more info, so here's an article on Wired's Threat Level Blog that elaborates further. Here are some key highlights from the article:

The revelation is an indictment of one of the backbone security measures of U.S. consumer banking: PIN codes. In years past, attackers were forced to obtain PINs piecemeal through phishing attacks, or the use of skimmers and cameras installed on ATM and gas station card readers. Barring these techniques, it was believed that once a PIN was typed on a keypad and encrypted, it would traverse bank processing networks with complete safety, until it was decrypted and authenticated by a financial institution on the other side.

But the new PIN-hacking techniques belie this theory, and threaten to destabilize the banking-system transaction process.

Information about the theft of encrypted PINs first surfaced in an indictment last year against 11 alleged hackers accused of stealing some 40 million debit and credit card details from TJ Maxx and other U.S. retail networks. The affidavit, which accused Albert "Cumbajohnny" Gonzalez of leading the carding ring, indicated that the thieves had stolen "PIN blocks associated with millions of debit cards" and obtained "technical assistance from criminal associates in decrypting encrypted PIN numbers."

But until now, no one had confirmed that thieves were actively cracking PIN encryption.

Syndicate content