Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

178 Arrested In US/EU Credit Card Cloning Ops

timothy posted more than 4 years ago | from the spreading-the-wealth dept.

Crime 103

eldavojohn writes with this report from Brian Krebs: "Authorities have moved in on 178 people accused of working in credit card cloning labs across the USA and Europe, but with the bulk of the work apparently operating out of Spain. The source states that 'Police in 14 countries participated in a two-year investigation, initiated in Spain, where police have discovered 120,000 stolen credit card numbers and 5,000 cloned cards, and arrested 76 people and dismantled six cloning labs. The raids were made primarily in Romania, France, Italy, Germany, Ireland, and the United States, with arrests also made in Australia, Sweden, Greece, Finland, and Hungary. The detainees are also suspected of armed robbery, blackmail, sexual exploitation, and money-laundering, the police said.' Krebs notes a new credit card debuting at Turkish banks that appears to have a built-in LCD that has a random six-digit number associated with each transaction much like RSA SecurID keys used for computer logins."

cancel ×

103 comments

Keepin' frosty.... (0)

Anonymous Coward | more than 4 years ago | (#32582962)

Frosty Clone, that is!

Do niggers steal cards? (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32582964)

I'm curious..

lol stealing from investment banks (2, Funny)

Anonymous Coward | more than 4 years ago | (#32582992)

if you are going to steal from someone, don't steal from professional thieves.

Doesnt sound very profitable. (4, Insightful)

Rivalz (1431453) | more than 4 years ago | (#32583102)

Close to 200 employees spanning multiple countries. And they take in only 25mil? Not just that but getting cash out of credit card companies I thought was a pain in the ass. Is it 25 mil per year or total? Because if it is total that seems like a shitty business investment. They should just stick to guns, drugs, and prostitution.

Re:Doesnt sound very profitable. (4, Funny)

mujadaddy (1238164) | more than 4 years ago | (#32583140)

They should just stick to guns, drugs, and prostitution.

Intrigued, newsletter, etc., etc.

Re:Doesnt sound very profitable. (1, Informative)

Anonymous Coward | more than 4 years ago | (#32583164)

No wonder they lacked profitability.

sexual exploitation

First rule: Don't use your own product

Re:Doesnt sound very profitable. (2, Insightful)

capo_dei_capi (1794030) | more than 4 years ago | (#32583318)

Nah, that's lesson number two.
Number one is: Don't underestimate the other guy's greed.
The latter lesson may also have played a role in them only netting 25M, tough.

I fucking hate pikeys (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32584424)

They'll get 6 months in a holiday camp, because it's racist to expect gyppo scum to obey the law.

Then they'll get 98 million euro - each - in compensation for judicial harassment.

Re:Doesnt sound very profitable. (1)

davester666 (731373) | more than 4 years ago | (#32587768)

The greed of the credit card companies?

Re:Doesnt sound very profitable. (5, Insightful)

Hatta (162192) | more than 4 years ago | (#32583248)

Most of these people aren't doing it because it's lucrative. They do it because they have no legitimate options. The lowest rungs of any criminal enterprise gets paid shit wages just like any business. 200 people at 20k a year is 4 million for payroll. That leaves over 20 million for the boss.

Re:Doesnt sound very profitable. (4, Insightful)

sznupi (719324) | more than 4 years ago | (#32583432)

For many people in those ops 20k a year might be actually a quite decent level of income; compared to, say, the average at the place they are or from which they are.

Re:Doesnt sound very profitable. But is. (1, Informative)

Anonymous Coward | more than 4 years ago | (#32583916)

You can win 10k month easily if you do the business by yourself, I'm talking about steal ccs using spam-scams, botnets etc and selling some bds, hacked host and logins you wont use.
Anyway if you to do that you have to discover so vulns to enter in some servers and have so hacked host to do spam and have scams, the mainserver for the botnet and the bds to have emails and eventually some ccs.
EgoPL

Re:Doesnt sound very profitable. (2, Interesting)

drspliff (652992) | more than 4 years ago | (#32584364)

I'm on less than £20k per year and it's plenty enough to live on.

Re:Doesnt sound very profitable. (2, Interesting)

guruevi (827432) | more than 4 years ago | (#32583804)

Which in Europe is still pretty good wages though. If you don't work (or don't report that you work), you still get paid a minimum wage, your housing and utility costs become subsidized and healthcare is practically free. If you have kids, you get free food and clothing for them. So you get 20k on top of that.

Re:Doesnt sound very profitable. (1)

dropadrop (1057046) | more than 4 years ago | (#32587892)

Add to this that you don't pay tax on the 20k (which could be almost 30% of it).

Re:Doesnt sound very profitable. (0)

Anonymous Coward | more than 4 years ago | (#32584478)

Most of these people aren't doing it because it's lucrative. They do it because they have no legitimate options.

My arse. Turn up in any western european country, claim asylum, live off the dole.

Re:Doesnt sound very profitable. (2, Interesting)

Hatta (162192) | more than 4 years ago | (#32584602)

Perhaps their conscience feels better stealing from credit card companies instead of average taxpayers.

Re:Doesnt sound very profitable. (3, Interesting)

WillDraven (760005) | more than 4 years ago | (#32585546)

Any countries let you flee from the USA yet?

Re:Doesnt sound very profitable. (0)

Anonymous Coward | more than 4 years ago | (#32588350)

By the way, the wide solution of that is described at writing service [iresearchpapers.com] employing blog. You should to read it.

Disappointed (0)

Anonymous Coward | more than 4 years ago | (#32583108)

I read "Authorities have moved in on 178 people accused of working in cloning labs across the USA and Europe"

Once I noticed my mistake, cc cloning seemed so trivial I no longer cared to read on.

T'riffic. (2, Interesting)

blair1q (305137) | more than 4 years ago | (#32583130)

Terrific. 6 more ways for a mouth-breathing cash-register operator to fuck up your transaction...

Re:T'riffic. (3, Insightful)

Anonymous Coward | more than 4 years ago | (#32583844)

Terrific. 6 more ways for a mouth-breathing cash-register operator to fuck up your transaction...

You're perfectly welcome to do the job yourself and do it better than they do. Step right up.

What's that? You're not willing to lower yourself to their level? That work's beneath you? You've got too much dignity? You're not willing to see what the little guy has to do to get by? You never had to work a day of retail in your pampered, high-class life? Well, by all means, you can STFU, ass.

Re:T'riffic. (0)

Anonymous Coward | more than 4 years ago | (#32584534)

How about "I used to do that, but I got education/qualifications/experience/skills/implants and moved on and up"?

Re:T'riffic. (0)

Anonymous Coward | more than 4 years ago | (#32584838)

Are you suggesting he take over the register of every place he ever wants to ever do business at using a credit card? No? Then STFU yourself.

Re:T'riffic. (1)

Xeleema (453073) | more than 4 years ago | (#32588266)

take over the register of every place he ever wants to ever do business at using a credit card?

Challenge:: ACCEPTED Now I only need to get every register (running Windows XP) to stop by a certain website [slashdot.org] ....

Re:T'riffic. (0)

Anonymous Coward | more than 4 years ago | (#32585528)

There is a reason that the mouth breathing fuck-ups are working a cash register and not a real job. Either they are smoking pot and playing World of Warcraft, or their criminal record keeps them from being hired by a real person for a real position and not a minimum wage position flipping burgers. These are morons who can't even type in the right total in a credit card register, then look slack-jawed at a pissed customer when they charge them $150.00 for a cup of coffee, and are unable to reverse the charges for a week. If they had the ability to do basic 10 key skills, they likely would be doing something more than "would you like fries with that?"

Marie Antoinette's fate was a fluke of history. Rabble are still rabble, and they can eat cake for all I care. Go right ahead, spit in people's food. I have a camera on my iPhone, and will be more than happy to get a DA to shut down the cafe and have the servers and waitstaff arrested for felonies of tampering with the food supply if it happens to me.

Re:T'riffic. (0)

Anonymous Coward | more than 4 years ago | (#32585714)

There is a reason that the mouth breathing fuck-ups are working a cash register and not a real job. Either they are smoking pot and playing World of Warcraft, or their criminal record keeps them from being hired by a real person for a real position and not a minimum wage position flipping burgers. These are morons who can't even type in the right total in a credit card register, then look slack-jawed at a pissed customer when they charge them $150.00 for a cup of coffee, and are unable to reverse the charges for a week. If they had the ability to do basic 10 key skills, they likely would be doing something more than "would you like fries with that?"

Marie Antoinette's fate was a fluke of history. Rabble are still rabble, and they can eat cake for all I care. Go right ahead, spit in people's food. I have a camera on my iPhone, and will be more than happy to get a DA to shut down the cafe and have the servers and waitstaff arrested for felonies of tampering with the food supply if it happens to me.

Do you, perchance , also have a troll application on your phone? oh, I'm sorry, iPhone!

Re:T'riffic. (1)

badboy_tw2002 (524611) | more than 4 years ago | (#32587858)

You could also put strychnine in the guacamole! There was salt, big grains of salt...

Re:T'riffic. (1)

mlts (1038732) | more than 4 years ago | (#32591858)

Nerd rage much?

This isn't the 90s anymore where if you could spell "TCP/IP", you could get a top tier job in some dot-com startup selling IPX socket wrenches. A college education is no guarantee of anything now. It is pure luck if someone has a job or not unless they are at a peak of their career where their name is their CV. So, count blessings. All it takes is one PHB saying, "OMG, we can offshore this department to Elbonia and I can take credit for the cost savings and buy myself a new BMW!1!1one!" and the job is history. I've seen engineers who have more knowledge than minor deities about their field be given the axe because a MBA [1] who was managing the department drank the offshore ODM/OEM Kool-Aid.

People have to earn a living these days, and ringing up people at a register may not be a prestigious occupation, but it keeps the repo truck away, and food on the table.

Oh, and for maximum revenge, it won't be someone spitting in food. A good number of waitstaff I know have a college background but made the mistake of choosing the wrong major. So they are not going to exact their revenge in such an overt way. Most likely, it will be a waiter saying in a discreet (but loud enough to be heard by other people), "I am sorry, but your card was declined."

[1]: Something I don't get about MBAs. They take ITIL and ethics classes. In fact, these are required for an accredited degree. Why don't they ever put what they had to pass with a "B" or better into practice once the degree is awarded?

based on your attitude towards those who serve you (1, Flamebait)

circletimessquare (444983) | more than 4 years ago | (#32584450)

i applaud and endorse them ripping you off, and spitting in your food

be gracious to other human beings, no matter what their socioeconomic status, or suffer, and deserve, the same fate as marie antoinette, for the same reasons

Re:based on your attitude towards those who serve (0)

Anonymous Coward | more than 4 years ago | (#32585716)

I don't think he was commenting on their socioeconomic status, just lamenting the fact that somehow in this universal scheme of things, the stupidity gene has some uncanny survival factor - (probably associated with the appendix). That and maybe frustrated with people with a minimum of 8 years of free education can't handle the whole make change thing.

p.s i don't eat at Mcdonalds, that's just asking for it.

Re:based on your attitude towards those who serve (0)

Anonymous Coward | more than 4 years ago | (#32587188)

the stupidity gene has some uncanny survival factor

stupid people are less selective during the breeding process

Re:based on your attitude towards those who serve (1)

Xeleema (453073) | more than 4 years ago | (#32588292)

the stupidity gene has some uncanny survival factor

stupid people are less selective during the breeding process

Agreed. That, and for some reason we have to warning labels on EVERYTHING. Granted, some of them are a bit misleading

"CAUTION: Do not iron while wearing shirt" [middlezonemusings.com]

Seriously, people?!?!

Re:based on your attitude towards those who serve (1)

mlts (1038732) | more than 4 years ago | (#32591948)

This reminds me of when I was working at a Fortune 100 company. My boss and I were at a restaurant and were talking to a salesperson about some new gizmo which was very expensive, but we had multiple bids for.

This salesperson was rude as hell to the maitre d' and waitstaff. He ordered one thing, said he ordered something else, yelled at her with choice epithets, demanded another alcoholic drink because the last one wasn't good, then finally stiffed her on the tip. It was so bad that my boss and I both went in and handed the woman more than was the proper gratuity after the salesguy left.

Guess what happened when it was time to purchase the gizmo after the bids were in? My boss and I told the salesperson that we liked the product. But because of the way he treated people under him, his bid was not considered.

Re:based on your attitude towards those who serve (1)

victorhooi (830021) | more than 4 years ago | (#32597540)

heya,

Err, I've worked some pretty "low-end" jobs. I've done various retail stints for a few years, and I actually still work at a local pool on the weekends now, teaching little kids how to swim. The pay there is terrible, but the work is actually pretty fun.

However, I have to agree with the parent - people who are stuck in low-end retails jobs, year after year, are often there because they're got no other choice. (I'm not talking high-school or college kids getting extra allowance on the side here - I mean people past this). These people don't *want* to be there. Which means they're often either unskilled, uneducated, illegal immigrants, or just plain unlucky etc.

I didn't mind the work when I was there (and I still wouldn't, I hope), and the people were nice. However, the older people who were stuck there, well, often they didn't want to be there, and they certainly don't put a lot of passion into their work. If you were driven, you tended to move on after a while.

Also, to the people making wisecracks about investment bank's above...geez. I work for an IB now, and they're actually pretty nice people ok *grins*. Seriously. Anyhow, it's just a job, and all this c*ap about "thieves", I think it's quite unfair - sure, there's bad apples, but I'm sure that's true about any industry.

Ironically, I get strange looks from one of my friends parents when they find out I still work my old job at the pool. you can't win...

Cheers,
Victor

Random? (1)

Stradenko (160417) | more than 4 years ago | (#32583132)

SecurID is pretty much the exact opposite of a random number.

Re:Random? (5, Informative)

Speare (84249) | more than 4 years ago | (#32583242)

SecurID is pretty much the exact opposite of a random number.

Er, a reasonable working definition of "random" is "you can't predict it." The card changes its displayed number every N seconds. The card's pseudo-random number generator has an algorithm and a seed value which are generally unknown to the user, and unknown to the merchant. It was produced in sync with the server, and continues to compute the numbers in parallel with the server. Even if the thief knows the algorithm, they would require significant time (an understatement) to acquire enough samples to accurately predict the next number that the server is expecting. So, for all practical purposes, yes, it's random.

Re:Random? (2, Informative)

Beardo the Bearded (321478) | more than 4 years ago | (#32583450)

Except that it's not a random number or a random number generator.

It's a cipher generator, which is what Stradenko is getting at -- it's also what you're getting at, ironically. If the numbers were totally random, they would be useless. What it's doing is applying the downside of PRNGs - namely, their predictability - to create a sequence that is known to the computers in question, but appears random to the observer. If you seed multiple generators, all with the same algorithm, then you'll get the same sequence. That's terrible if you're running a lotto, but pretty good if you're trying to get two things to sync up.

People have won millions by successfully outguessing PRNGs. I am not sure if this will add more security or if this is just security theater. Given the banking industry's track record, I'm going to go out on a limb and suggest that it's WIWTF security.

Re:Random? (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32584882)

There is no requirement that it use a PRNG. A simple LUT containing a list of predetermined values could be used instead. In this case, they would act as one-time pads and there would be no way to crack them.

16MB gets you 1 256-bit key every minute for a year.

Re:Random? (1)

Tim C (15259) | more than 4 years ago | (#32587794)

16MB gets you 1 256-bit key every minute for a year.

Given that you can get microSD cards in 32GB capacities now, at least from a size point of view that is definitely not a problem.

Re:Random? (2, Funny)

interval1066 (668936) | more than 4 years ago | (#32583484)

"Even if the thief knows the algorithm, they would require significant time (an understatement) to acquire enough samples to accurately predict the next number that the server is expecting. So, for all practical purposes, yes, it's random."

Yep, digital security, almost always infallible. When was the last time a digitally secure system was broken? About 15 minutes ago? Well, I'll be sleeping easier tonight, surely.

Re:Random? (0)

Anonymous Coward | more than 4 years ago | (#32585618)

The trick is to move the vulnerabilities from the endpoints to a system.

Example time:

Say people use some type of authentication token system such as an advanced ZTIC that shows charge requests on a device, and a user swipes a fingerprint and types a PIN to authenticate them. As of now, it would move identity theft from being trivial with just a dumpster dive or a grab of a wallet to having to attack a hardened system. Either the attackers do social engineering and fake transactions, compromise the device, compromise the PKI, compromise the bank, or compromise the encryption routines. Joe Crackhead who snagged a purse isn't going to be able to do much.

Is a SecurID system worth the trade? It might be. But the devil is in the details, and a good implementation will improve security. A crappy implementation like people allege Europe's "chip and PIN" systems are may make things much worse.

Re:Random? (1)

plover (150551) | more than 4 years ago | (#32589532)

Joe Crackhead might not be able to do much on his own, but an organized crime ring can use people like Joe to deliver a stream of stolen cards. If a smart crook can find a way to exploit them in batches, Joe will continue to steal them as long as he gets paid.

Regardless, the risks to ordinary people still drop by an order of magnitude or four.

Re:Random? (2, Interesting)

spacerog (692065) | more than 4 years ago | (#32583486)

"This short paper will examine several discovered statistical irregularities
in functions used within the SecurID algorithm: the time
computation and final conversion routines. Where and how these irregularities
can be mitigated by usage and policy are explored."

http://www.linuxsecurity.com/resource_files/cryptography/initial_securid_analysis.pdf [linuxsecurity.com]

My point is just because it is encased in plastic does not mean that the number can not be determined.

- SR

Re:Random? (1)

flaming error (1041742) | more than 4 years ago | (#32583488)

Great explanation. The way I like to think about it is that randomness is not a property of the number, but of the generator.

> a random six-digit number associated with each transaction
Validating transactions. It's about damn time.

Re:Random? (0)

Anonymous Coward | more than 4 years ago | (#32584100)

Er, a reasonable working definition of "random" is "you can't predict it."

Nothing reasonable about that definition. It's just wrong. I can't predict lots of things, but that doesn't mean they are random. It's entirely predictable by the server, so it's not random, just random to me? That's not a very good definition of random. I don't see any practical advantages to such a loose definition of random. Then, I'm the kind of nerd who uses arbitrary correctly when other people say random.

Re:Random? (3, Funny)

Hognoxious (631665) | more than 4 years ago | (#32584586)

a reasonable working definition of "random" is "you can't predict it."

No, it's that nobody can predict it.

You haven't got a hope in hell of predicting the next number I write down, but for me it's a certainty.

Re:Random? (2, Informative)

synackpshfin (1622285) | more than 4 years ago | (#32583778)

Hi. SecurID tokencode is calculated from current time + seed fed to the (AES) crypto algorithm. I believe that without knowing the seed it is quite hard to predict next tokencode...

Spain, Really? (1)

Nom du Keyboard (633989) | more than 4 years ago | (#32583152)

Here I thought that Spain was going broke only moments after Greece, and now I find out that insted they have innovated with entirely new forms of income.

Re:Spain, Really? (4, Insightful)

blair1q (305137) | more than 4 years ago | (#32583438)

Actually, innovating with new forms of income is why nations are going broke these days.

They're pretending that speculation is investment, borrowing is income, and money-multiplication through circular lending is economic growth.

And hidden among these obvious insanities is a much more subtle one that will snap the rubber band: they track money borrowed to speculate as risk at the interest rate of the loan, not at the rate-of-ruin of the speculation.

The United States was as usual the most innovative, and therefore led the world. To a precipice and beyond. As usual by setting a good example.

Very good (1)

zogger (617870) | more than 4 years ago | (#32583874)

One of the best and simplest and clearest descriptions of this huge ripoff economy I have read, mucho props to you.

The sad part is, millions of otherwise intelligent people are still defending those thieves, the thieve's political sockpuppets, and this conjob-based economic system in general.

Re:Spain, Really? (2, Interesting)

quenda (644621) | more than 4 years ago | (#32586538)

TFA is to PC to say it outright, but putting Romania at the head or the list says it is a Gypsy operation.
These are multi-generational career criminal families. And the Spanish police seem unable to do anything about it.
There was a good documentary on the BBC:

How Gypsy gangs use child thieves [bbc.co.uk]

Re:Spain, Really? (1)

rozz (766975) | more than 4 years ago | (#32589570)

TFA is to PC to say it outright, but putting Romania at the head or the list says it is a Gypsy operation. These are multi-generational career criminal families. And the Spanish police seem unable to do anything about it. There was a good documentary on the BBC:

How Gypsy gangs use child thieves [bbc.co.uk]

really? bet you never had contact with a gypsy your whole life.

I am a big fan of BBC documentaries almost all are very well done. The problem with those is that not any dummy can understand. Sometimes I cannot believe what some ppl get from such documentaries. And although I have not seen this one, sounds like it was your case too.

Gypsies are "low-tech" crime experts .. small time thieves, children/women exploitation, etc. The vast majority are illiterate and the bosses make no exception. And probably an even bigger problem is that you cannot count on them. Not even for using a counterfeit card to get the money out of the ATM .. even if they manage to do it, they will run away with the money or try to keep most for themselves.

This operation is way too high-tech for a gypsy clan .. at least for now. And judging by their appetite for education that is not going to change anytime soon.

False security (3, Insightful)

girlintraining (1395911) | more than 4 years ago | (#32583206)

178 people. Remember that number.

Unless the card is radioactive it's not "random"... it's pseudorandom, and therefore based on an algorithm. Figure out the seed (initial vector) and other inputs, and you're right where you started, only your clients feel more secure and the criminals have to spend an extra few bucks. Given that there are multinational laboratories churning out thousands of dup cards, and assuming they have an active distribution network... it's safe to say these aren't the only guys or the first.

Re:False security (0)

StuartHankins (1020819) | more than 4 years ago | (#32583276)

Mod up please, +1 Insightful. This is an important concept.

And no excellent karma yet? I thought they handed out karma to everyone...

Re:False security (1)

swb (14022) | more than 4 years ago | (#32583304)

Apparently it's more complicated than some hand waving at "other inputs" or nobody would use the RSA security cards that operate on the same principal.

Re:False security (0)

Anonymous Coward | more than 4 years ago | (#32583404)

Apparently it's more complicated than some hand waving at "other inputs"

Fine, then I'll just *waves hands* guess the 128 bit key. See? Useless.

Re:False security (2, Informative)

girlintraining (1395911) | more than 4 years ago | (#32583466)

Apparently it's more complicated than some hand waving at "other inputs" or nobody would use the RSA security cards that operate on the same principal.

No, it is not complicated: There's a number being displayed on the card every six seconds. For it to have any value in authentication, that number needs to be somewhere else every six seconds too. Which means it's not "random". It might pass every test for random, but it isn't. Which means there is an algorithm in place. That algorithm requires two things: First, that it stay syncronized (time), and second that there's a reference point shared between the circuitry on the card and the bank where that number is validated.

Those requirements all lead to one conclusion: PRNG. The seed is probably a key of some kind plus time. There are at least two places that key is kept: On the card, and at the bank, and probably more places. Access any of them, and you recover the key. It's just a question of cost.

Now here's the kicker: 100,000 credit cards linked to a random cross-section of the population is worth a fair amount of money. Probably more than the cost of cracking that protection. And that means it's still profitable and practical to crack it.

Re:False security (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32583792)

Those requirements all lead to one conclusion: PRNG. The seed is probably a key of some kind plus time. There are at least two places that key is kept: On the card, and at the bank

Congratulations, you have just deduced the information available in a SecurID brochure. The "key of some kind" is a 128 bit key associated with the serial number of the device. It is stored on the device, and on the RSA authentication server. If you're talking about cracking open a stolen device and *voila* extracting the key, you may have a matter of hours to a long weekend to do so before it is reported stolen; thus negating any benefit of cloning it. If your goal is to steal it from the server, well, I can't speak to their internal security but I suspect you would not go unnoticed any longer than stealing the token; it would just cost the company more to replace everything.

The idea behind a cloned credit card is that no one knows it's been stolen until they see a bill. If you're forced to tip your hand before your client gets to use the cloned card, you might as well have stolen it outright.

Re:False security (1)

swb (14022) | more than 4 years ago | (#32583976)

There's millions of RSA cards in use now that work basically like that, many are in the hands of business accounting folks who use them to manage cash accounts of $100,000 or more. Consumer credit cards are peanuts in comparison; why haven't the RSA cards been compromised if its so easy?

Re:False security (1)

Mattpw (1777544) | more than 4 years ago | (#32584814)

RSA tokens and in fact all OTP token devices are regularly defeated by most of the new trojans who simple MITB Man-In-The-Browser their way past them. Lookup Zeus for further info. The solution is transaction authentication which OTP devices cannot do.

Re:False security (1)

ArbitraryDescriptor (1257752) | more than 4 years ago | (#32585156)

This only works if you (the MITB) want to authenticate before the number changes, because that's all it grabs. That situation doesn't work for a card cloner who needs to have a valid sequence at an arbitrary time of purchase.

Re:False security (1)

Mattpw (1777544) | more than 4 years ago | (#32585296)

The OTP card shown in the article is purely used for online transactions. There is no hardware or method available for authenticating these OTP values in a personal way say at an ATM or a shop in these cases to prevent cloning they would opt to use the EMV secret key on the smartchip inside most cards, sadly there are ways around this too by tricking the devices that your card isnt running on the EMV standard so it goes into a non EMV mode. About the only solution which can fix the card cloning problem economically is the magtek.com method used in South America to cut cloning down to zero. They take a fingerprint of the background noise on the cards magnetic strip and then ad a special reader head to ATM's etc to check this fingerprint exists. The fingerprint is randomly created at time of manufacture and so is technically almost impossible to recreate.

Re:False security (1)

BosstonesOwn (794949) | more than 4 years ago | (#32586200)

And yet my family in colombia are having their accounts emptied by thieves who always find a way around anything magnetic based.

My card with it's number generator has been fine. It is so common down there that they actually have a number you call when you have used the card in what they consider a "shady" place.

I have seen the cards get skimmed first hand , they are not to good at it. And the cards are literally turned out in hours and being used to buy stuff.

Re:False security (1)

Mattpw (1777544) | more than 4 years ago | (#32586288)

Yes I understand the Magtek solution was widely introduced in Chile and Argentina. I am not associated with the company and have no idea where its been implemented all I know is a bank manager there who implemented it said that cloning went to zero since they did, I like their cost effective solution to the problem which from the article above EMV which Europe has gone for is failing to solve. I dont disagree the OTP generators are not better than nothing and do add an extra step for the attacker but the trojans are taking that extra step and winning, often the use of OTP absolves the banks of any liability in the fraud so in some ways it could be worse than nothing. To be clear the article is a little misleading from the point of view the OTP security has nothing to do with stopping cards being cloned, its an online authentication system.

Re:False security (1)

ArbitraryDescriptor (1257752) | more than 4 years ago | (#32586542)

I think you've missed the point. That code cycles every 60 seconds. If you MITM me while I'm using it, you get my code, and can buy things for 60 seconds. You can't sell it to anyone who expects it to work after the 60 seconds is up.

You could, however, sell it as a service with an app that displayed all 'hot' card #s and validation codes as they got intercepted, allowing your clients access to a sort of aggregate-clone card. You could even track the compromised cards usage statistics to offer up cards that their illicit purchase would be less likely to go noticed on; and sort by available credit limit.

Say, can I patent that, then if someone deploys it: sue them? I could go into business as a white-hat patent troll.

Re:False security (1)

sabt-pestnu (967671) | more than 4 years ago | (#32596670)

In an age where stocks are traded in millisecond timescales, I expect that some MITM attack that has "only" 60 seconds to take advantage of a number will indeed find a way to do so. Particularly if the MITM takes place on the internet. The information is already in a computer. There's even traffic going out *almost* concurrently with the attack, to cover the tracks.

Re:False security (1)

Mattpw (1777544) | more than 4 years ago | (#32597542)

There are plenty of phishing examples where they simply added a jabber instant messenger client to the phishing page to instantly transmit the OTP codes.

Re:False security (1)

plover (150551) | more than 4 years ago | (#32589632)

Sorry, but the magtek "solution" is a band-aid at best, and far more likely to be snake oil. It's expensive to deploy the fancy proprietary hardware to every single merchant, and as soon as the cloners improve their technology the whole thing fails epically.

The entire "security" of the magtek system comes from a technical difficulty that nobody's had the economic incentive to try to break, not that it's technically unbreakable.

If adopted, I predict that magtek will make their money, then collapse under the weight of the inevitable lawsuits.

Re:False security (1)

swb (14022) | more than 4 years ago | (#32593460)

Why would merchants need need new hardware? AFAIK the auth code from the card is checked on the back end; merchant systems may need new software to process the transactions so that they can include the auth code from the card.

Like any other security solution, it doesn't have to be perfect, it only has to make it complex and expensive enough that crooks move along to some other form of crime.

Re:False security (1)

plover (150551) | more than 4 years ago | (#32594456)

You missed that I was replying to the GP poster who said that the magtek solution (a discriminating read head is installed on the POS terminals) was a good one. It is not. The magtek solution is a terrible solution for all the reasons I mentioned.

This new card solution mentioned in the article has an actual basis in cryptography for being more secure than mag stripes. Yes, it can still be MITM and browser hijacked, and will still be susceptible to unauthorized stored reuse (keeping your card on file for automatic payments, for example) but the authentication will absolutely prevent cloning with the level of assurance that the crypto algorithms provide, instead of the faint hope that cloners will never figure out how to build good quality cloning hardware.

Re:False security (1)

Mattpw (1777544) | more than 4 years ago | (#32597452)

I am not associated with Magtek but at least they are offering a solution, you cant call it snake oil as it has been widely deployed (in Chile) and has worked quite well by all reports. Their technology security argument seems as strong as anyone else's argument. The question to you is whats the alternative? Magtek requires new read heads to be installed, EMV requires entirely new hardware and the new smartcards to go along with them which cost $2 a pop which by the million is no small change. The bank managers ive spoken to in emerging countries simply cannot justify the costs and neither solutions solve the biggest worry which is online CNP fraud. Until there is a better alternative solution banks must act on what they have in front of them now.

Re:False security (1)

plover (150551) | more than 4 years ago | (#32598278)

Once criminals get a hold of the new read heads, and learn how to measure the "fingerprints" they will be able to clone the mag stripes. If you can read it magnetically, you can copy it digitally, and you can create a clone that passes the digital tests perfectly. I am not saying I can personally clone the cards yet, but it is inevitable that if this new technology becomes the standard, it will be broken by criminals with the resources to do so. It has not been broken yet simply because it is not widely deployed to the world, and so is not profitable for the criminals -- yet.

Even if it were technically impossible to break the magtek system, it can do nothing to stop web fraud. A new smart-card based system will have to be put in place anyway in order to work over the web.

The main reason that telling the merchants to buy the magtek system now is such a bad idea is one of history. In the last few years the merchants spent lots of money buying new systems to comply with PCI, and they were unhappy at spending so much money on security. But they were told PCI was going to solve their security problems.

Now the banks are saying "All that PCI security you paid for last year, well, it was not good enough. But this magtek system is the greatest security system ever." The merchants will grudgingly buy it (having little say in the matter) and they will all spend lots more money to upgrade.

Next year, when the cloners start producing fraudulent cards (as they inevitably will), the banks will say "well, we knew that was not so good, but try these new smart cards, they're the greatest security system ever." The merchants will finally tell the banks "screw you, we spent millions last year when you said it was the greatest security ever, and you lied. We will not listen to you anymore."

It doesn't matter what the bank managers think of the system. Most of the bank managers are likely ordinary managers who believe the magtek salesmen, and are not asking qualified cryptographers who can understand the failings of relying on these "fingerprints". Besides, the bank managers are only too happy to hear a solution that passes the bill to the merchants, rather than pay for the real cryptographic security themselves by issuing smart cards.

Merchants ordinarily buy their POS equipment once every 10 or 20 years, no more often than until it falls apart. Being told that they must buy new hardware every other year because of the new security thing will lead to revolt. And we need to get smart cards deployed before that happens. The magtek system will waste money and burn any remaining goodwill that PCI had.

Re:False security (1)

Mattpw (1777544) | more than 4 years ago | (#32600420)

Please explain your smartcard web based system which will overcome online fraud? If you are thinking of the outrageously expensive EMV CAP readers there is a thread below about it being a monsterous fail in security, cost and usability.

Re:False security (1)

Mattpw (1777544) | more than 4 years ago | (#32600460)

regarding Magtek, im not their salesman and I dont know how the costs break down but I know they dont have the cost of replacing all the cards.

Re:False security (1)

ArbitraryDescriptor (1257752) | more than 4 years ago | (#32584272)

Now here's the kicker: 100,000 credit cards linked to a random cross-section of the population is worth a fair amount of money. Probably more than the cost of cracking that protection. And that means it's still profitable and practical to crack it.

No, it certainly does not. Assumptions about ROI do not prove a venture is profitable. Facts about the cost to obtain and crack one RSA token, and how much you could sell it for (which would be a fraction of it's value)*, might prove this venture feasible; but the current, dependable state of RSA-token-based security suggests that it is not.

Re:False security (1)

girlintraining (1395911) | more than 4 years ago | (#32584466)

Facts about the cost to obtain and crack one RSA token...

Why do people on slashdot invariably assume that the most difficult to attack component is the measure of the security of the system? O_o

Re:False security (1)

ArbitraryDescriptor (1257752) | more than 4 years ago | (#32585072)

Because not every system is secured with a single chain. This system is a lock, and it has 3 keys. To obtain one viable account, you have compromise the ID(card number), PIN, and the token (or the 128bit key within) linked to the account. None of them works without the other two, thus the combined inaccessibility of each is a measure of this system's security. The PIN and ID each have exploitable information chains, but if you want to clone the card, you need that key, there is no shortcut around that fact. MITM could get you the user, pin, and current hash, but not the key. You can't social engineer the key out of the user, they don't know it. Etc.

The fact, that the PIN and ID are easier to acquire without notice, makes the difficulty in discretely obtaining the key the minimum difficulty in compromising this system. Your options are: Steal it from the server or Steal it from the user. Those are the only two places it exists and it never moves. To make matters worse: If the theft is noticed, the clone is worthless. The time sensitive nature of credit card cloning only makes the situation that much more difficult to profit from.

Re:False security (1)

girlintraining (1395911) | more than 4 years ago | (#32586796)

Assuming there isn't a weakness in the key, or how it's stored on the chip. Perhaps simply having physical possession of the card for a minute is enough to 'scan' it and reveal the key.

Re:False security (1)

plover (150551) | more than 4 years ago | (#32596228)

Modern cryptographic (RSA-based) smart cards have demonstrated a consistently high cost of attack, and attacks currently require the destructive opening of the chip and a high resolution microscope and probe, or that they be hooked up to a precision power supply and are subjected to thousands of attacks on the power and timing, not to mention requiring the presence of a PhD to interpret the results. There is some speculation of an RF based attack on the timing as well, but that hasn't been demonstrated yet.

So far, smart cards appear to be quite safe from the waiter/skimmer type of casual attacks. They are certainly the most cost effective solution for widespread deployment. And they are recommended by serious three letter agencies for use in protecting US military assets and secrets. I'm not convinced that your speculation that they are inherently flawed is valid.

Re:False security (0)

Anonymous Coward | more than 4 years ago | (#32585004)

Wrong.
A number is random if it is not the result of any algorithm. This property doesn't go away upon duplication and is exploited by the most secure authentication method in use: The one-time pad.

Re:False security (0)

Anonymous Coward | more than 4 years ago | (#32583608)

Why am I remembering that number? Because 178 people (the bulk of whom are likely laborers) can brute force a 128 bit key in only ~1,911,698,690,567,070,019,457,160,715,908,800,000 attempts each? I couldn't even pronounce that without looking it up. In my experience, if you can't say the odds out loud and in standard notation, the situation they predict is dependably ridiculous.

Fun fact: at 12 trillion attempts per second, per person: it would take 5 trillion millenia to try every possibility.

Re:False security (1)

Mattpw (1777544) | more than 4 years ago | (#32585016)

No need to attack the algorithm, instead of running a keylogger just run a trojan which attacks the browser and MITB you way straight past this and other OTP devices. Zeus and most of the major trojans already do. While the device shows no information about WHAT they are authenticating its easy to get a user to authenticate whatever you like without spending any extra bucks.

Re:False security (0)

Anonymous Coward | more than 4 years ago | (#32587684)

Except that in a smart system (like the one we have in Scandinavia and probably many other parts of the world) one part of your input for your authentication is the actual information you want to submit.

1.) Log in authentication ("random" challenge, you answer with a hash of "random" challenge), this can be MitM, which gives the attacker access to see your bank details.

2.) All new recipients of payments needs to be added to the server, challenge is account number, authentication is "hash of account number", so the man in the middle can't change who gets the money except for changing between different of your trusted receivers.

3.) The amount transferred has the challenge "Amount" and the authentication is "hash of amount", so the MitM can not change the amount transferred.

My hash generator is a battery operated pad where I manually need to input the challenge, this is a bit of a hassle but it is extremely secure the only practical way to damage me is to steal the pad as well as the access PIN to the pad or to hack the server, and if they can hack the server I'm screwed anyways.

An USB pad would be more convenient but my thought is that anything that I connect to a computer isn't more secure than the computer I connect it to. I don't know enough about secure firmware to know if the firmware in the USB dongle could be changed at runtime to let MitM change the data as comes from the keypad on the dongle to the dongle. A USB-dongle without a keypad would be worthless since I cannot control what bites gets sent to the USB device.

Re:False security (1)

plover (150551) | more than 4 years ago | (#32596402)

The problem is you still cannot prove that you are paying your money to Ikea or to Big Tony's House of Theft. You personally don't know Ikea's account number, so you could still be falling victim to a spoofed site. The likely avenue of attack for Big Tony is to find a patsy to register a legitimate looking business with the banks, generate a usable account number, run a few fast scams, and tale off with the money once enough suckers have fallen for the bait.

The only truly secure way to avoid this kind of MITM attack is for you to enter the name of your intended payee into your pad and have that incorporated into the authorization code exchange. You can't trust a barcode, because humans can't read stripes. You could trust a camera to take a picture of their logo, though, or to do optical character recognition. It just has to be some data that both you and your pocket device can both understand.

Re:False security (1)

Mattpw (1777544) | more than 4 years ago | (#32597526)

Thanks I was just about to respond with the same answer, actually apart from that the usability of those devices is terrible. The demonstrations i have seen require 40+ digits back and forth from token device to terminal with no room for error. This is just too much for the average joe of the world to handle on a wide scale and many of the implementations of this I have seen the managers know this and simply dont enable that feature on their devices. To top it off as you mentioned if they control the browser there are lots of games attackers can play with switching account names. The devices are ridiculously big enough already with the necessary long life numeric keypads, to add a full character keyboard onto them would just be too much.

Re:False security (0)

Anonymous Coward | more than 4 years ago | (#32588390)

Given that there are multinational laboratories churning out thousands of dup cards, and assuming they have an active distribution network...

Prove me wrong! I can't agree with that. It' almost ridiculous claim, and it doesn't compare with my thoughts, Check writing services [iresearchpapers.com] blog, and you will figure out.

Wouldn't it be funny... (1)

swb (14022) | more than 4 years ago | (#32583366)

...if the bank card wasn't using some RSA-style system but instead just had an LCD display in the card that changed numbers and just made it LOOK like the numbers were used for some kind of high-strength cryptography?

It might even be half-assed effective if it made it all the more complicated to manufacture/obtain card blanks. Bonus points for the numbers displayed on the LCD display meaning something halfway useful (some kind of hash representing the card number and the current date) but not really representing hard encryption, making thieves work harder yet coming up with an algorithm that matched the card.

And maybe that's the future of these kinds of security systems -- not actually impossible to clone, but a continually changing nuisance that requires so much energy to overcome you seek a softer target.

T-Spam (1, Interesting)

Anonymous Coward | more than 4 years ago | (#32583994)

In a couple years, 90% of all financial transactions will be fraudulent, like spam e-mail.

Electronic OTP card is highly vulnerable (1)

Mattpw (1777544) | more than 4 years ago | (#32584900)

Like all OTP devices including the RSA OTP tokens the modern trojans simply MITB Man-In-The-Browser their way past these devices including the electronic card pictured in the article. Most of the new trojans (Zeus etc) have this feature or module and they simply hijack the browser dll and then create a second connection in the background. Often the banks require a second OTP value to authenticate the outgoing transaction and so the trojans usually just bounce the user to a "session expired, please login again" page and use the new OTP to validate the outgoing transaction. My own method http://www.passwindow.com/ [passwindow.com] does OTP without electronics and at zero cost of implementation, but more importantly it can do transaction authentication (including transaction details into the challenge itself) without any extra requirement from the user (ie no requirements to enter in long transaction account details into a separate device). The trojans are unable to bypass transaction authentication and I know of no other online 2 factor authentication method which is as cheap or usable.

Re:Electronic OTP card is highly vulnerable (1)

jonwil (467024) | more than 4 years ago | (#32585936)

I have followed PassWindow ever since it was seen on The New Inventors on Australian TV and I think its a GREAT idea. I for one would LOVE to see my bank offer this on my Visa Debit card.

Re:Electronic OTP card is highly vulnerable (1)

Mattpw (1777544) | more than 4 years ago | (#32586140)

Ah cheers, thanks mate, its hard pushing an entirely new method in such a conservative industry but ive finally got some banks implementing it and some online service networks in Asia where security was important. (Not in Australia yet however) Actually since the show ive improved it enormously, the main discovery was that I can do transaction authentication which prevents any type of trojan attack at a fundamental level and give it a security edge over the electronic OTP devices many banks currently use. The other difference is that you would have seen the static challenges on the show with static digits however I figured out that by animating single digits in an animated gif any deduction analysis on the challenge becomes exponentially more difficult and usability seems to have improved. You can see a demo at http://www.passwindow.com/ [passwindow.com] I wanted to show it on the grand final episode but the producers of the show had rules about introducing new material. Thanks again for the support.

Re:Electronic OTP card is highly vulnerable (1)

pipedwho (1174327) | more than 4 years ago | (#32588160)

There is a potential issue with your system in situations where the user makes multiple transactions over time.

The following assumes that a passive trojan is acting as a MITB (man in the browser) and can access both the outbound images and inbound responses. That is obviously not trivial, but possible none-the-less.

After a single transaction, it should still be theoretically impossible to deduce with 100% certainty the pattern on the user's card.

However, as the user performs more and more transactions, the pattern can progressively be 'decoded' as per a substitution cipher. By introducing animation, the trojan can further assume that 'inactive' digits do not visually resolve as real digits - this can be used to assist the deduction process.

Some banks use side channel communications in the form of mobile phones or pagers. Others use the OTP tokens. And as you've pointed out, a poorly implemented OTP / secure token system is still vulnerable to MITB attacks. The OTP systems were introduced as an improvement to single factor systems. Although not a panacea, they clearly helped enough to let the banks continue without too much effort.

At present, all the Australian banks are using some kind of improved system to secure their transactions. And being rather conservative, it's unlikely they'll change to a system that is not a significant improvement to their existing security and ease of use.

Your system improves on just entering the digits in the clear, and requires more effort from the trojan. It also requires the trojan to be resident for a longer period of time before it is able to deduce your key. But, this is only a marginal improvement to security, and in some ways could be considered a reduction in security if it was to replace an existing OTP system. This is because once the pattern has been deduced, any number of transactions could be made at any time without requiring the original card.

However, if your system was to be combined with a secure token - ie. a token that changes the 'key pattern' on a transparent LCD - then you could have the best of both worlds: the protection of blind entry combined with a continually changing pattern (requiring possession of the token - the second factor). The token could toggle between standard numeric display for regular OTP logins, and the pattern mask for online transaction approvals.

Your idea is very clever and really deserves as much industry attention as it can get.

Re:Electronic OTP card is highly vulnerable (1)

Mattpw (1777544) | more than 4 years ago | (#32588416)

Regarding deductive trojan analysis of PassWindow, you are correct each time the token is used a tiny bit of probabilistic information is leaked in an ideal trojan attack. Since this is the only online attack the method faces everything fom the beginning is done to eliminate that specific threat. When we generate a new key and associated challenge data we assume a trojan is intercepting all the challenges and all the correct user responses. Since the combinatorics inference is entirely predictable we can deduce exactly how many interceptions an attacker would require to break the newly generated key pattern. By tweaking several parameters of the challenges without even increasing the key size we can easily achieve interception rates up over 10,000 interceptions which means that in an attack situation assuming a user authenticates or logs in once a day for 27 years the trojan still wouldnt have enough data to crack the key pattern. Much higher interception protection rates can be easily achieved however it is technically unecessary and indeed is adjustable on the fly to make sure the an assumed attacker never gets anywhere near enough information. Of course the server keeps a track of every key's number of authentications , its pre analysed interception crack number and the life expectancy of a card is usually no more than a few years so this method of attack doesnt appear to be feasible.

Of course the main security advantage over expensive electronic OTP tokens apart from the cost is the ability to do transaction authentication preventing all trojans from doing harm at a fundamental level without hassling the user to enter in transaction information into a large electronic authentication device.

Weve had an electronic version on the table for awhile but the costs / reliability dont seem to justify the theoretical security increase and the odd extra transaction possibilities over the simple printed approach. In the future it will definitely be released but the card technology as shown in the article isnt really quite there yet. While it looks cool for an OTP the reality is cards go in wallets and wallets go into backpockets under backsides which can place enormous pressure on the liquid screens. I am sure the technology will improve in the future.

Thanks for the commendation, if you have any questions or theoretical attacks I am happy to talk about them, its really a simple idea and in some ways the simplicity leaves an attacker little room to manoeuvre for an attack.

Re:Electronic OTP card is highly vulnerable (1)

pipedwho (1174327) | more than 4 years ago | (#32588838)

The concept is excellent. It's great to see that your cryptanalysis suggests that there is more than sufficient security margin in the animated challenge / static key generator algorithms that you've created.

Although, they aren't immune from active attackers as you've described, the primary benefit of the OTP secure token is that passive evesdropping at any single point is insufficient to compromise the system.

Whereas, while PassWindow is immune to trojan interception, it doesn't solve the problem of the proverbial 'over the shoulder' camera or the trojan controlled web-cam. That is where the secure tokens have a huge advantage, and traditionally where the banks focused their attention.

To get the banks interested, both problems need to be solved. When your electronic version goes into production, the banks are much more likely to take notice. But, there are many other industries that I'm sure could gain huge benefits from the static mask PassWindow technology. And if nothing else, it's always going to be an improvement over the (in)security of typing a password into a keygrabber.

Re:Electronic OTP card is highly vulnerable (1)

Mattpw (1777544) | more than 4 years ago | (#32588934)

Regarding the personal attacks, ie hidden cameras etc actually I came up with a really simple solution, you tint the transparent background to a 75% darkness which appears almost black in normal lighting but then when placed over a electronic screen the key segments are clearly visible, most people just dont realise how bright the average screen is. From playing with it I know I would have a much easier time surveiling my OTP token screen with a hidden camera than the tinted key pattern. The best thing is that this doesnt cost any extra as the tinting is done with regular ink used to print other text on the cards. Of course if the attacker can get the card off you and out of your sight then with a light setup he will be able to take a photo of the card but in that scenario all devices fail. We have run the regular tinting through regular photocopiers which only saw black. The card factories are excited about reflective laminates and special angle viewable inks but of course that would all increase the cost so once again the security gain from these tricky solutions is only marginal compared to the free tinting idea (a similar situation with the electronic tokens) of course a purpose with a budget which is prepared to spend more than $1 per user could have special tinting effects for better protection.

I am letting clients choose their own tinting level based on their customer demographic and how likely they will be authenticating out in public. Ideally I would like to see tinting levels customized for individual users, ie if ($member_age>60) $tint = 40% etc

If you would like a sample card I am happy to mail a free one out to you if you put your details into the website contact form. Ultimately there will be alot of customizing going on for different uses and different levels of paranoia.

Re:Electronic OTP card is highly vulnerable (1)

pipedwho (1174327) | more than 4 years ago | (#32597692)

One great idea after the next!

Out of interest, how did you come up with your figure of 10000 interceptions?

After thinking about it for a bit, I get the impression that 10000 is quite high for this type of cipher.

The method boils down to a boolean 'OR' of two inputs to produce an output. Only one of the inputs and a section of the output pattern are known. The output pattern is known to exist, but at one of a few possible locations within the combined field. This implies that all other valid outputs do not exist at any location within the field, and assumes that the positions are exclusive between the inputs and the resultant pattern.

On the surface, it looks like the above function can be mapped with a series of simultaneous linear boolean equations. When the results of a few overlapping iterations are known, the equations can be expressed as a number of unknowns that are interrelated by position and pattern. Knowing that a particular pattern has been created at one of a few possible locations, and knowing one of the inputs; the second input can be equated against the unknowns of all other iterations. As more and more iterations are run (and assuming that the entire field is utilised fairly uniformly across iterations), the ability to completely map the key space tends towards certainty.

Looking at the numbers, we already know the following: Each digit is made up of 7 segments. The code weight of the digits varies from 2 to 7 with a fairly uneven distribution (assuming all ten values (0-9) are valid). If there are 16 possible locations for the resultant digit pattern, and there are 4 modified locations (1 real + 3 dummy) indicated by the known input, then each iteration leaks enough information to pinpoint the pattern with 1/4 probability. Since an 'on' segment is a weak correlation (it could have both or either inputs on), and and 'off' segment is a strong correlation (we know both segments are 'off'), the assumption is that we'll only need a few inputs for each location to determine the localised pattern. This amount of input data should also provide a sufficient number of simultaneous equations that could be solved for most of the unknown positions, and by extension the patterns at those positions.

Unless I'm missing something, I'd suggest that the upper bound on the complexity of the solution is on the order of two to three times the field width in digits. And assuming 4 digits per login, that means the entire key space could be leaked to passive interception in under 10 logins.

Re:Electronic OTP card is highly vulnerable (1)

Mattpw (1777544) | more than 4 years ago | (#32600152)

When I originally came up with the idea it seemed that 4 digits in 16 columns was going to be cracked in about 10 interceptions, with some careful management of the challenges we could get it up to around 50 but we still felt we might have to deploy a virtual keypad with it which didn’t sit right with everyone. Sadly it was at this point I first went on a TV in Australia and got a front page Slashdot story where the response from security people wasn’t great as nobody wants to hear 10 interceptions, the real breakthrough was by separating the digits into single frames of an animated loop and then using a unknown subset of those challenges as the authentication code is when the entropy really took off. So now the attacker has only a very vague probabilistic idea of which digits went to which frames in the challenge and where in those frame columns they might be. Because there is only 1 digit in each frame there is effectively a much wider ratio of possible locations for the digit too. There is some information about the cracking algorithm method in the whitepaper. The curious thing about this animated method is that the smaller ratio of digits to total frames exponentially increases the difficulty of analysis which in effect means smaller password are more secure than larger passwords (If the total number of frames is steady) If you take straight up guessing out of the equation a 4 digit in 10 frames challenge is exponentially more difficult to crack than a 6 in 10. Of course since it doesnt affect usability at all so we turn up the number of overall frames to keep the ratio low and essentially get extra security for free. The next problem for the analyser is the character set, many people don’t realise there are many ways to represent a 1 and others like 6 or 9 or 7 all have multiple versions of themselves, you essentially double the assumed character set. For the analysis we assumed the attackers know exactly which character set is being used and we also assume that 80% is the cracked level of a key is enough to assume it is broken, so I think we are quite generous when the analysis was done. There are actually 3 serious security adjustments which multiply the amount of interceptions, first is the ratio of digits to frames, second is the number of columns in the key and third is the level of obfuscational noise. After that there are a bunch of extra measures which can be easily taken such as increasing the screen challenge proportions and using random offset alignment markers, multiple rows in the key, and a few simple tricks which destroy the analysis permutations. The important thing is doing it the way we are doing it the analysis difficulty gets exponentially difficult with small tweaks so high interception numbers are easily achieved with reasonably sized keys. For the original static challenges we don’t recommend them at all for online authentication as there is no real cost to moving to the animated method and in fact some people report they prefer the usability of the animated method.

Failzor\s. (-1, Redundant)

Anonymous Coward | more than 4 years ago | (#32586460)

www.Zanti-slash.org
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...