Magicians rely on sleight of hand and target the human perception of the way things are construed by the human mind. They are always on a lookout for loopholes and technology to assist them in their acts.
Weakness and lack of common sense, is an inherent part of the human psych, however, when it comes to Information Technology, to overcome these disabilities, we have RFCs and compliance guidelines, to assist us to make this virtual world a better place to live.
A few years ago, I had raise some questions about the internal working of Indian organizations especially those in the banking sector. Here is a small snippet for quick read:
I have observed a lot of Shopping Malls, which store entire Credit-Card and Debit Card Data on their personal servers and their employees are encouraged to swipe the Card into their own POS along-with the one provided by the Banks, its only a matter of time until someone hacks into these and finds a treasure trove of information. Whether the information stored by Indian Shopping Malls, is using the PCI-DSS norms or not, only time will tell.
The security of Indian Organizations will be severely tested or has it already been tested and no one knows about it?
Sounds untrue?
A few weeks ago, Bank of Muskat and National Bank of Ras Al Khaimah PSC (RAKBANK) based in Oman and United Arab Emirates respectively, lost around $45 million in a well coordinated global cyber-heist. In the center of this action, were two Card processing companies having major operations in Pune and in Bangalore.
In the hit against Bank of Muscat, the processor is enStage Inc, based in Cupertino, California, a source close to the Bank of Muscat said. Bank of Muscat has not commented on the attack.
Officials at enStage did not respond to requests for comment on Saturday. EnStage CEO Govind Setlur said in a statement in the Times of India his company had implemented security enhancements since the attack.
In the RAKBANK case, the processor is India’s ElectraCard Services, according to people familiar with the situation. RAKBANK has not confirmed that ElectraCard Services is the payment processor and ElectraCard Services has not commented.
Sources : NDTV and Yahoo.
How was this Cyber Heist done?
The hackers had intruded into the networks of these Card processors and had targeted a few pre-paid debit card , the limit for balances and withdrawal were raised. The copies of the cards were then distributed and in two different coordinated attacks on the ATMs, the cash was withdrawn within a few hours. The first wave targeted $5 million on 21st December 2012 and later on Feburary 19th 2013 these criminals withdrew $40 million . The ATMs were located in geographically separate areas.
From the looks of it, this is a wakeup call for Indian outsourcing partners to understand that data security and data integrity are highly sensitive issues and every effort should be made to protect , not just the data but also the network. Insider Threats in such cases cannot be ruled out, however if the entire system itself is susceptible then insider threats can be ruled out.
A lot is still desired from the Indian organizations especially when it comes to IT security and its compliance. I wouldn’t be surprised if you find yet another Indian organization in the news in the next few months for all the wrong reasons.
Los magos enfocan en la percepción humana de la manera que las cosas se interpretan por la mente humana. Siempre están usando la tecnología para ayudarles en sus actividades.
La debilidad es un parte inherente de la psicología humana, sin embargo cuando se trata de la tecnología informática contamos con RFC y reglas para ayudarnos tener un mundo virtual mejor para vivir.
Hace unos años, he tenido algunas preguntas sobre el trabajo interno de organizaciones de la India especialmente los del sector bancario. A continuación se encuentra información para leer:
He observado bastantes centros comerciales que almacenan todos los datos de tarjeta de crédito y debito en sus servidores personales y sus empleados son animados a deslizar la tarjeta en su propia posición. Con esto una persona puede robar los datos de tarjeta crédito/debito. Solo el tiempo dirá si la información almacenada por centros comerciales está usando las normas de PCI-DSS.
Hace unas semanas, el Banco de Muskat y Banco Nacional de Ras Al Khaimah PSC (Rakbank) perdió $45 millones en un robo de ciber global bien coordinado. En el medio de esta acción fueron dos empresas teniendo operaciones en Pune y en Bangalore.
En el ataque contra Banco de Muscat, el procesador es enStage Inc, localizado en Cupertino, California. El Banco de Muscat no ha comentado sobre el ataque.
La gente de enStage no ha respondido a solicitudes de comentarios el sábado. El CEO de EnStage Govind Setlur dijo que su empresa había implementado mejoras de seguridad después el ataque.
En el caso de Rakbank, el procesador son los servicios de ElectraCard de la India, según personas familiarizadas con el caso. RakBank no ha confirmado si los servicios de ElectraCard es el procesador de pagos y tampoco ElectraCard no ha comentado sobre esto.
Como se hace este Robo de Cyber?
Los hackers han atacado las redes de estos procesadores de tarjetas y habían atacado unas tarjetas de debito prepagado. Distribuyeron las copias de las tarjetas. En dos eventos de ataques coordinados en los cajeros automáticos, el dinero fue retirado en unas pocas horas. Los criminales retiraron $40 millones el día 19 de Febrero 2013.
Todo esto se trata de una llamada de alerta para entender que la seguridad de los datos y la integridad de los datos son cuestiones muy delicadas y debemos hacer todo lo posible para proteger no solo los datos pero también la red. Las amenazas internas no pueden ser excluidas.
Las organizaciones de la India tienen una necesidad, especialmente cuando se trata de la seguridad informática y su cumplimiento. No me sorprendería si hay una organización de la India en las noticias en los próximos meses por todas las razones incorrectas.
