Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Hacker Posts Details of 3 Million Iranian Bank Accounts

samzenpus posted more than 2 years ago | from the I-warned-you dept.

Security 145

Jeremiah Cornelius writes "Khosrow Zarefarid warned of a security flaw in Iran's banking system providing affected institutions the details, including 1,000 captured bank accounts. When the affected banks, including the largest state institutions didn't respond, Khosrow hacked 3 million accounts across at least 22 banks. He then dropped these details — including card numbers and PINs — on his blog. Three Iranian banks Saderat, Eghtesad Novin, and Saman have already warned customers to change their debit card PINs. 'Zarefarid is reportedly no longer in Iran, though it is unclear when he left.'"

cancel ×

145 comments

Sorry! There are no comments related to the filter you selected.

"Zarefarid is reportedly no longer in Iran, though (2)

kefkahax (915895) | more than 2 years ago | (#39742323)

... it is unclear when he left." Yeah...

Re:"Zarefarid is reportedly no longer in Iran, tho (4, Interesting)

jamesbrx (2622061) | more than 2 years ago | (#39742595)

Interestingly, more than likely this is a joint operation between the United States and Israel. They have tried to get Iran trade embargoed for a long time, and more than likely are pissed off that Iran has developed their own technology to process payments and POS transactions. It is similar to USA's actions with North Korea, just that Iran is even more developed country. Both Israel and USA have been extremely aggressive towards Iran, despite the fact that I see no such aggression coming from them. I just think it's interesting.

Re:"Zarefarid is reportedly no longer in Iran, tho (2, Insightful)

Mashiki (184564) | more than 2 years ago | (#39742757)

...despite the fact that I see no such aggression coming from them. I just think it's interesting.

Yeah and arming hizbullah, hamas and having their fingers deep in both groups along with previously arming the PLO is 'no aggressive action' right.. Oh wait, let me guess the Jews control both groups.

Re:"Zarefarid is reportedly no longer in Iran, tho (0)

Anonymous Coward | more than 2 years ago | (#39743039)

Oh wait, let me guess the Jews control both groups.

Clever, trying to win by portraying your adversary as a conspiracy nut even though he never blamed the "Global Jewish Conspiracy" for anything. He did mention Israel, but even some Jews are against the existence of the Zionist state (at the present) so you shouldn't assume he's blaming every single Jew (just like one shouldn't blame every single Christian for the US attacks on Iran and mostly everywhere else).

Re:"Zarefarid is reportedly no longer in Iran, tho (2)

LittleImp (1020687) | more than 2 years ago | (#39743585)

He only believes Iran is a peaceful paradise that the capitalist west is trying to bring down.

Re:"Zarefarid is reportedly no longer in Iran, tho (1)

MrNaz (730548) | more than 2 years ago | (#39744221)

Do you have any evidence to the contrary*? There's plenty of evidence supporting that proposition.

Just sayin'.

* Deliberately mistranslated speech outtakes and vague references to financial support to terrorist groups doesn't count as "evidence" unless you're a moron.

Re:"Zarefarid is reportedly no longer in Iran, tho (0)

Anonymous Coward | more than 2 years ago | (#39744309)

UN needs to take control over Israel/Palestine. The geographical area is too important to too many groups of Humans to give it to one group. This way if anyone messes with the area, including Israelis and Palestinians, they can be dealt with by the international community. As it is now, their personal disputes are constantly falling on the rest of the world. How could a Jewish homeland in Arabia be a good idea? Three major religions call that area important. Not to mention archaeologists who might want free roam.

There can't be unchecked sympathy for Israel. While it would be nice for everyone on Earth to have a nation, you can kind of understand how things are unraveling in the middle east. If the United States was taken over by Russia/China, and the US was given to North Korea, I'd haunt them until the day I died. Nothing to do with being friendly or not, but everything to do with me being greatly wronged and needing to make things correct, at any cost. Not only was someone else's land given to Israel, but Israel discriminates against those people! Very poor choice in behavior.

Re:"Zarefarid is reportedly no longer in Iran, tho (4, Insightful)

schwit1 (797399) | more than 2 years ago | (#39744509)

Let the UN control? The same organization that put Cuba, Egypt, Russia, Saudi Arabia, China and Sudan on its human rights panel?

Re:"Zarefarid is reportedly no longer in Iran, tho (1)

Anonymous Coward | more than 2 years ago | (#39745049)

And the US !!

I know ... go figure !!

Re:"Zarefarid is reportedly no longer in Iran, tho (2)

dave420 (699308) | more than 2 years ago | (#39745171)

I take it you don't know what the human rights panel is there for, and why those countries were on it? That's the only possible reason for your mistaken thinking they're there to advise on how best to provide human rights, not on how best to fix the fucked-up shit happening in their countries. Get a grip - I know it's fun to have a go at the UN, but at least make the attempt to understand it before having a go. That way you can bring up legitimate issues with the UN, instead of childishly laughing at what you perceive to be incredible irony, which is actually anything but.

Re:"Zarefarid is reportedly no longer in Iran, tho (1)

Anonymous Coward | more than 2 years ago | (#39744625)

You do realize that the list of terrorists groups supported by the US makes your comment ridiculous, right? And Hamas is primarily supported by Saudi Arabia.... you know, US 'allies'.

Yup, terrorism is acceptable when it's done by your team. Fucking hypocrite.

Re:"Zarefarid is reportedly no longer in Iran, tho (3, Interesting)

gl4ss (559668) | more than 2 years ago | (#39743119)

http://www.nytimes.com/2011/10/12/us/us-accuses-iranians-of-plotting-to-kill-saudi-envoy.html?_r=1&pagewanted=all [nytimes.com]

iran plays the game too, although not too well(and they're amateurs - remember the regime doesn't have that long history and when they came to power they pretty much got rid of everyone working with international relations and operations who had any experience - making their plots like bad b-movies like trying to hire zetas or selling guns to some african rebel). mostly iran is pre-occupied with dealing with their domestic dissidents, throwing people to jail for porno and trying to make foreign export ends meet by any means their amateurs can think of and generally just being petty denialists. remember, as far as reports go and one outside the country can figure out most of the bomb attacks within iran have been actually carried out by iranian factions working toward overthrowing their petty government.

so, historically - what little there is of it - irans current regime has been quite aggressive both internationally and domestically, carrying out murders and attempts at them. what sets them apart from libya is that they're not so poor and they have more people and not just desert.

pissed off at a POS system? fuck, no, that's not the reason behind this hack, the reason is that it was hackable and they didn't fix it, they had time to fix it - but this guy did wise when he got out of the country because irans government has a history of outright killing guys like him.

Re:"Zarefarid is reportedly no longer in Iran, tho (-1)

Anonymous Coward | more than 2 years ago | (#39743717)

You're either an idiot, a worthless piece of Shiite, a typical bed-wetting Communist Slashtard, or some combination of that.

Re:"Zarefarid is reportedly no longer in Iran, tho (-1)

Anonymous Coward | more than 2 years ago | (#39742751)

I was never very fond of dune coons and sand niggers myself. Always causing trouble, they are. Usually with each other.

Re:"Zarefarid is reportedly no longer in Iran, tho (3)

Thanshin (1188877) | more than 2 years ago | (#39743031)

... it is unclear when he left." Yeah...

I also interpreted that as "it's unclear where they left the corpse" until I remembered he had thousands of numbers/pins.

It's not so hard to move around when you've got a huge lot of money and know how to use the internet properly.

Re:"Zarefarid is reportedly no longer in Iran, tho (2)

mwvdlee (775178) | more than 2 years ago | (#39744203)

All he was trying to do was to protect the banks from somebody doing exactly what he did himself.

"though it is unclear when he left" (5, Funny)

Black Parrot (19622) | more than 2 years ago | (#39742325)

But not unclear *why* he left.

Re:"though it is unclear when he left" (2)

Anonymous Coward | more than 2 years ago | (#39742345)

Yeah, he's going to be made out to be the villain in this case. And that same thing would happen in most countries.

Re:"though it is unclear when he left" (1)

Midnight Thunder (17205) | more than 2 years ago | (#39743633)

Yeah, he's going to be made out to be the villain in this case. And that same thing would happen in most countries.

The way he went about making his point was wrong. There were probably other ways that wouldn't have caused him so much trouble.

Re:"though it is unclear when he left" (1)

Overzeetop (214511) | more than 2 years ago | (#39744997)

Like...

Re:"though it is unclear when he left" (0)

Anonymous Coward | more than 2 years ago | (#39743649)

He is the fucking villain in this piece. He alerts banks to a security flaw and gets no response, so his only option... is to dump details of THREE FUCKING MILLION bank accounts on his public blog? Sorry, the banks are negligent and should be hauled over coals for this, but that makes him the fucking villain of it.

If you can't see that then you're as big an idiot as the losers who were supporting LulzSec last year and go all rah-rah for "Anonymous" attacks on random companies that dump private users' data.

Re:"though it is unclear when he left" (2, Insightful)

Anonymous Coward | more than 2 years ago | (#39743849)

If Anonymous/LulzSec, etc. does it against an American company, then they're heroes here on /. This guy does it against Iranian businesses and he's a villain.
I agree with you on this, Evil is as Evil does regardless of where it does it.

Re:"though it is unclear when he left" (1)

luis_a_espinal (1810296) | more than 2 years ago | (#39745109)

If Anonymous/LulzSec, etc. does it against an American company, then they're heroes here on /. This guy does it against Iranian businesses and he's a villain. I agree with you on this, Evil is as Evil does regardless of where it does it.

Slashdot posters are typically full of it, but I have never seen a situation where Anon/LulzSec get generally praised in /. for dumping millions of American bank user accounts info to the plain web for all to see. Citations plz?

Re:"though it is unclear when he left" (1)

Anonymous Coward | more than 2 years ago | (#39744485)

Nobody's making him out to be a hero, but tossing all the blame on him is a cop out. "Poor helpless banks were victimized by no good hacker"... that misses the entire point, which should be that security needs to be fixed.

Yeah, what he did was wrong, but the banks were so incompetent that they let him steal details of THREE FUCKING MILLION bank accounts, every after he told them how he was going to do it. That little detail needs to not get lost in the story. The people out there who are changing their pin ought to be pissed off at their bank as well as this guy.

can i haz the logix? (1)

luis_a_espinal (1810296) | more than 2 years ago | (#39745081)

Nobody's making him out to be a hero, but tossing all the blame on him is a cop out. "Poor helpless banks were victimized by no good hacker"... that misses the entire point, which should be that security needs to be fixed.

I'm not sure how you logically derived that line above that you wrote from what the other AC posted (and which you were replying to):

Sorry, the banks are negligent and should be hauled over coals for this, but that makes him the fucking villain of it.

Re:"though it is unclear when he left" (1, Insightful)

Auroch (1403671) | more than 2 years ago | (#39742469)

But not unclear *why* he left.

Yes, he "left".

I'm sure the Iranian government is outraged as his defection, and not secretly holding him in an north korean off-shore detainment centre.

Re:"though it is unclear when he left" (4, Insightful)

Alex Belits (437) | more than 2 years ago | (#39742547)

Right, because all enemies of US are related.

Iran is a rich Muslim theocracy with some attibutes of a Republic. North Korea is a poverty-stricken pseudo-monarchy with attributes of Stalinism. They are about as likely to be on the speaking terms with each other as Henry Kissinger with Alexander Chikatilo.

Re:"though it is unclear when he left" (4, Informative)

jamesbrx (2622061) | more than 2 years ago | (#39742633)

Exactly this. Iran and North Korea don't even do that much business together. They might do when necessary, but the two countries are otherwise completely different. It blows my mind how little US people know about rest of the world. Iran does more business and shares thinking more with Russia and CIS countries. North Korea does business and shares thinking with China and Myanmar.

Re:"though it is unclear when he left" (1)

Anonymous Coward | more than 2 years ago | (#39742661)

And yet, doesn't the USA have some sort of leasing agreement with cuba? It blows my mind at how little americans know about ... well ... everything they havn't heard on the telly.

Re:"though it is unclear when he left" (3, Insightful)

Black Parrot (19622) | more than 2 years ago | (#39742753)

It blows my mind at how little americans know about ... well ... everything they havn't heard on the telly.

And how much less we know about things we *have* heard on the telly...

Re:"though it is unclear when he left" (1)

Jawnn (445279) | more than 2 years ago | (#39744999)

Please do not generalize quite so freely. While there is clearly a large block of drooling ditto-heads here, who shape their world view from watching Fox News and listening to Rush Limbaugh, some of us actually have a much broader scope when it comes to our sources for such information.

Re:"though it is unclear when he left" (1)

Anonymous Coward | more than 2 years ago | (#39742975)

I've read that North Korea and Iran have a long history of working together on long range missile and nuclear technology.

Re:"though it is unclear when he left" (3, Interesting)

sg_oneill (159032) | more than 2 years ago | (#39742981)

Reminder that there are still Americans who believe Iran and/or sadam-era Iraq are/where in bed with Al quaida.

I mean, forget that Sadam was a secular authoritarian who used the fight against islamism as the pretext for his purges (Baath are arabic socialist, and like most socialists dont have a lot of time for theocracy) and Iran are Shiia, whom Al Quaida consider to be heretical.

Of course the US administration suffer this same sort of blindness as well. The fact that Iraq will fall into the hands of Iran, almost innevitably should have been obvious to anyone who understood the implications of shifting the power balance from the Suni to the Shiia in Iraq.

Of course when your in the business of *creating* enemies, sometimes you do get to dictate terms. Once you piss off enough people, chances are they might put aside their differences and hang together in mutual defence.

Honestly if the US gets involved in many more wars I can honestly see a day when a lot of these powers put their heads together to create an Anti-NATO that should scare the hell out of anyone in the west.

Its best if we just backed the fuck out of there and let nature take its course. When was the last time someone wanted to invade Switzerland?

Re:"though it is unclear when he left" (1, Troll)

Tastecicles (1153671) | more than 2 years ago | (#39743041)

Because one of the most important conditions for ANY person, corporation or Government to be doing business with any bank which has either primary or regional headquarters in Switzerland (read: most of them) is that they lay the fuck off of Switzerland? Plus the fact that it the Swiss have a higher number of firearms in private hands than in police or government hands - 3.4 million versus less than 360,000. Are you going to invade a country where half the population are trained in, and have immediate access to, automatic weapons?

Re:"though it is unclear when he left" (1)

228e2 (934443) | more than 2 years ago | (#39743353)

Sure.

Wars arent fought with ground troops anymore. Whats a machine gun going to do to a Hellfile missile sent from a predator? Miss horribly while it and its wielder melt.

Re:"though it is unclear when he left" (1)

Anonymous Coward | more than 2 years ago | (#39743901)

Wars aren't fought with ground troops anymore? Really? You mean Armor, Artillery, and Infantry are all obsolete because of UAVs? Wow, it's amazing what keen military insights I can learn here.
Let me guess, you've never served in the military in any branch. Seriously, do yourself a favor and read up on "combined arms" before you make any military related post.

Re:"though it is unclear when he left" (1)

SuricouRaven (1897204) | more than 2 years ago | (#39744171)

Depends on the objective. If the objective is to capture and control ground, then you need troops. If the objective is to simply obliterate an enemy, then you don't. You need bombers, missiles, and artillery. While the last one is ground-based, it also gets kept far away from the front line and so is at no risk of ground-based attack. If you're desperate, there are nukes. The old war of obliteration isn't politically feasable any more though - no matter how hostile the target has been, the world will react really badly to the mass-slaughter of civilians. This isn't WW2 any more, where both sides could quite happily carpet-bomb each other's cities.

Re:"though it is unclear when he left" (0)

Anonymous Coward | more than 2 years ago | (#39744411)

Or use Spooky [wikipedia.org] :)

Re:"though it is unclear when he left" (1)

Bigby (659157) | more than 2 years ago | (#39744705)

You don't take over a country for their resources anymore. You take over their people and use them to accomplish your goals about the resources. That means you can't just kill everyone. But if everyone can defend themselves, then you will have to kill everyone. And to that means, it is pointless to try, as you will never take control of the people.

This is why a country without a government is so darn hard to take over. What good is governing a country without people or people who abide by the rules?

Re:"though it is unclear when he left" (3, Informative)

Nidi62 (1525137) | more than 2 years ago | (#39744713)

Wars arent fought with ground troops anymore. Whats a machine gun going to do to a Hellfile missile sent from a predator?

They most certainly are. War for the next 50 years or so (unless things get really bad) will be primarily long term, low intensity conflict like what we've seen in Iraq, Afghanistan, Syria, and Libya (admittedly we got lucky with Libya, as it was relatively short). Conflicts such as these tend to stretch on for years. See the Sri Lankan insurgency that lasted roughly 25 years. Insurgencies are usually fought with small arms; the largest weapons usually available to insurgents are large-caliber machine guns, mortars, and RPGs. Combine this with the fact that most insurgencies cannot afford a large stand-up fight, and you get a lot of hit and run contact. Thompson, the man who pretty much led the British during the counterinsurgency in Malaya back in the 50s (and who pretty much wrote the bible on COIN doctrine; he started it all) realized that you cannot do sweep and destroy methods to defeat an insurgency; you must use sweep and control. To defeat an insurgency, you have to control ground. To control ground, you need group troops. While armed drones are good for patrolling and attacks on vehicles or fixed positions (camps, emplacements, etc), this is very expensive, and in many cases overkill. Most states cannot afford technology such this, and tactically armed troops on the ground usually make much more sense anyway, as even in predator strikes troops still have to go in afterward to look for intelligence.

Re:"though it is unclear when he left" (4, Interesting)

Anonymous Coward | more than 2 years ago | (#39743169)

What sort of natural resources does Switzerland have?

All of these wars are about one thing: resources. Thats it. It has nothing to do with democracy, religion, west vs. whoever, etc. Those are all guises for the boob tube crowd. It is all about, as are all wars, resources.

Not making this realization is the fundamental flaw in all analyses of these issues. You run off on a tangent about how the stated goals make no sense and we need to this and that, its not working, blah blah blah. However, if you understand the true motivations, it works like a charm. Not only are we destabilizing the region, we are enriching powerful people/corporations by funneling American tax dollars through a war torn state, right back into the pockets of the wealthy. Its a great money laundering scheme for stealing from the people, and it creates a destabilized region where military might is the only "solution" to peace. Which in turn gives access to the resources and keeps them available for the nations with the most powerful military.

Re:"though it is unclear when he left" (1)

Auroch (1403671) | more than 2 years ago | (#39742663)

Right, because all enemies of US are related.

Iran is a rich Muslim theocracy with some attibutes of a Republic. North Korea is a poverty-stricken pseudo-monarchy with attributes of Stalinism. They are about as likely to be on the speaking terms with each other as Henry Kissinger with Alexander Chikatilo.

Ah, so about the same speaking terms as the president of cuba and the president of the usa?

Re:"though it is unclear when he left" (5, Informative)

Sir_Sri (199544) | more than 2 years ago | (#39742833)

Not really true. Iran and North Korea are very much in the 'enemy of my enemy' stage of life, and they are both quite friendly with russia and to a lesser extent both with china.

They may not be ideologically aligned to each other, but given their mutual enemy and mutual ally, they're willing to talk to each other. Who do you think is still buying all this iranian oil that is being extracted now that the previous markets can't and won't buy it? China and North korea. Who does North Korea sell missiles and technology to? (The Taepodong series specifically, as well as some shorter range surface to surface missiles), Yemen, Syria, Iran and a few others. The north koreans need currency, the iranians have currency, the north koreans need oil, the iranians have oil, the iranians need missiles to strike Saudi, Iraq and Israel, the north koreans have missiles.

They are as far apart ideologically as Stalin and Hitler, and yet for years those two managed to get along oddly well, exchanging training and agreeing to carve up poland together. Iran and North Korea may not be all that ideologically compatible, but they have nothing to particularly drive a wedge between them (unlike stalin and hitler). They each have things the other wants, no directly overlapping or conflicting interests and a shared enemy in the united states, who, helpfully, binned them together in an 'axis of evil', and if they weren't playing nice before, that gave them a good kick in the ass to start playing nice with each other.

They very much are on strong speaking terms and technological exchange, through russia, through china and at sea. They are both under heavy sanctions meaning their selection of possible trade partners is rather limited, and that means they take what they can get. If you think they at least up until recently weren't on very good terms you should pull your head out of the sand. The new North Korea, under Kim Jong Un, and the current state of affairs in Iran, along with the situations in Burma and Pakistan throw into question any future agreements. A Burma out of chinas sphere of influence, and a pakistan not interested in technological exchanges significantly limit their access to resources and cash, and might significantly shake up their desired alliances.

That said, you're right, in that they have no real long term collaborative goals. At the first opportunity I'm sure both of them would love to do business with someone else. But until a better opportunity comes along you go with the friends your enemies have given you.

Re:"though it is unclear when he left" (0)

Anonymous Coward | more than 2 years ago | (#39744167)

You forgot to mention that North Korea needs food. Iran doesn't have any food for North Korea.

Re:"though it is unclear when he left" (0)

Anonymous Coward | more than 2 years ago | (#39744429)

Only the people need food, not those in power.

Re:"though it is unclear when he left" (4, Insightful)

Shoten (260439) | more than 2 years ago | (#39743243)

And yet, both got the technology to produce weapons-grade uranium from the same Pakistani, A.Q. Khan. Don't assume that differing political systems and ideologies is an absolute block against cooperation. I think it's ridiculous that they'd have this guy in North Korea; Iran isn't exactly a country with a need to offshore their state security apparatus, nor do they have some fanatical devotion to not saying anything that is technically untrue.

Re:"though it is unclear when he left" (1)

kamapuaa (555446) | more than 2 years ago | (#39743509)

Iran and North Korea have a history of working together on missile development and nuclear programs. They're in similar diplomatic positions with the rest of the world.

You seem to be arguing that the countries are fundamentally different, which really is an entirely different question. Surprise! Countries often can have a working relation despite their differences.

Re:"though it is unclear when he left" (1)

Alex Belits (437) | more than 2 years ago | (#39743571)

^^^

Replies to my comment that insist on "cooperation" between Iran and North Korea:

THIS IS WHAT AMERICAN PUBLIC REALLY BELIEVES

Re:"though it is unclear when he left" (0)

Anonymous Coward | more than 2 years ago | (#39744977)

Wait, what? We know they are related. George W. Bush told us so. They are the Axis of Evil. You can't be an Axis without being somewhat related. Are you trying to say George W. Bush was wrong about something?

Re:"though it is unclear when he left" (1)

Okian Warrior (537106) | more than 2 years ago | (#39742917)

With Iran's penchant for brutal legal sentences ending in death and/or dismemberment, I have to wonder: Is he still alive?

Perhaps he left in easy-to-assemble "kit" form?

Is this what one would call "career suicide"?

Re:"though it is unclear when he left" (1)

arglebargle_xiv (2212710) | more than 2 years ago | (#39742923)

But not unclear *why* he left.

"Behram, make a hole in the desert".

Re:"though it is unclear when he left" (0)

Anonymous Coward | more than 2 years ago | (#39742937)

That's right, he left.

Zarefarid now renamed to Zehr Afraid?

Seriously, if this was in another country, he may have a heap of trouble coming his way... with Iran - torture and death, if he's lucky.

Re:"though it is unclear when he left" (1)

Anonymous Coward | more than 2 years ago | (#39743001)

How is Bradley Manning doing nowadays anyway, people still pushing for the death penalty for him and Assange?

Re:"though it is unclear when he left" (1)

Nidi62 (1525137) | more than 2 years ago | (#39744869)

His trial is in progress. And yes, if it is found that he committed treason, then he can legally be executed. But as right as it would be, it would be a PR nightmare, so he'd probably just get life at Leavenworth, which not a fun place to spend the next 50-60 years.

most common PINs (1)

supersteve1440 (652591) | more than 2 years ago | (#39742341)

I wonder what the most common PINs were.
Related: http://amitay.us/blog/files/most_common_iphone_passcodes.php [amitay.us]

Re:most common PINs (2)

methamorph (950510) | more than 2 years ago | (#39742903)

People don't usually change PIN's so I would expect there are no "common" PIN's in the list. It's a number that comes with the card and you just use it.

Re:most common PINs (1)

wmbetts (1306001) | more than 2 years ago | (#39743467)

At all the banks in the US I've used they make me set the PIN when I get the card.

What a great guy (1, Funny)

l0ungeb0y (442022) | more than 2 years ago | (#39742347)

And we wonder why the general public has a sense of distrust and suspicion regarding "hackers".
Iran should be groveling before Allah that it's not the 40's and he wasn't trying to warn them about nukes.

Re:What a great guy (4, Insightful)

deek (22697) | more than 2 years ago | (#39742399)

Not quite as much distrust and suspicion as they have regarding "bankers".

Re:What a great guy (0)

Anonymous Coward | more than 2 years ago | (#39742451)

> Not quite as much distrust and suspicion as they have regarding "bankers".

thank you. couldn't have said it better myself.

Re:What a great guy (2)

Gaygirlie (1657131) | more than 2 years ago | (#39742425)

And we wonder why the general public has a sense of distrust and suspicion regarding "hackers".

"When the affected banks, including the largest state institutions didn't respond" is the part that worries me, instead. The hacker in this case was just trying to help and pointed out a REALLY bad security flaw, but since the general public didn't know about it the institutions apparently decided to just ignore it. Publishing all the details was a bad move, that I definitely agree with, but atleast it got the institutions' attention, too bad that this will be spun in the media as the hacker's fault and not the institutions' fault, though.

Re:What a great guy (3, Insightful)

Nyder (754090) | more than 2 years ago | (#39742511)

And we wonder why the general public has a sense of distrust and suspicion regarding "hackers".

"When the affected banks, including the largest state institutions didn't respond" is the part that worries me, instead. The hacker in this case was just trying to help and pointed out a REALLY bad security flaw, but since the general public didn't know about it the institutions apparently decided to just ignore it. Publishing all the details was a bad move, that I definitely agree with, but atleast it got the institutions' attention, too bad that this will be spun in the media as the hacker's fault and not the institutions' fault, though.

hmm, you think it's a bad move. So what you are saying is, if the public doesn't know about it, it's good security? You do realize that if the dude who warned them found it, anyone could of found it. So while the public may not know about it, criminals might. So, in my view, the hacker did good, because the people in charge weren't listening, so it made them listen.

I don't know what world you live in, but in this world, there isn't only 1 smart person, there is many. When 1 person finds a flaw, you should figure that other people have found the flaw. And someone is going to exploit the flaw to steal something, because that is how the world rolls.

Re:What a great guy (3, Insightful)

gstrickler (920733) | more than 2 years ago | (#39742585)

I don't know about the OP reasoning, but in my opinion, publishing full details including full card numbers and pin codes was a bad idea. Publish enough to demonstrate that you do in fact have the data, but not enough to make it trivial for someone to use the data. Partial card number, enough that the cardholder can be reasonably certain that's his card and the last 2-3 digits of the pin. It's one thing to go public and embarrass the banks, it's another to expose 3M customers to fraud and abuse by making it easy for the crooks.

Re:What a great guy (1)

RagingMaxx (793220) | more than 2 years ago | (#39742739)

I know it's standard practice on /. not to RTFA, but it even says in the first sentence of the summary that this guy demonstrated the legitimacy of his findings with 1,000 captured accounts.

Yes, he exposed sensitive data. Data that was already exposed by this vulnerability. Now at least everyone knows that their data isn't safe, as opposed to before when there was an illusion of security.

Re:What a great guy (2)

crutchy (1949900) | more than 2 years ago | (#39743443)

not that i think the banks were innocent for a second, but the whole point of security is to prevent what this guy did, so he has gone beyond simply demonstrating a flaw. he's taken advantage of it in the same way as any criminal might. he may not personally empty the accounts, but he may as well have by publishing the means to access them.

yes the vulnerability already existed, but he merely took advantage of it like a criminal that security is intended to combat.

Now at least everyone knows that their data isn't safe, as opposed to before when there was an illusion of security

would you similarly argue that terrorists flying jet airliners into the WTC was a legitimate means to expose flaws in US intelligence?

would you light your house on fire to test your smoke alarm?

testing IT security by engaging in what it was designed to prevent is classic black hat behavior

Re:What a great guy (1)

Gaygirlie (1657131) | more than 2 years ago | (#39744035)

Do note that he only presented those account details to these institutions in question, he didn't publish them anywhere. He could have done that instead, he didn't need to publish all 3 million just to prove the flaw exists.

Re:What a great guy (1)

gstrickler (920733) | more than 2 years ago | (#39745005)

I know it's standard practice on slashdot to misunderstand what is written, so, from RTFA:

...providing affected institutions the details, including 1,000 captured bank accounts.

Proving it to the institutions, and embarrassing them by disclosing it publicly are not the same thing. His public disclosure included too much information.

Re:What a great guy (1, Flamebait)

Fluffeh (1273756) | more than 2 years ago | (#39742635)

So, in my view, the hacker did good, because the people in charge weren't listening, so it made them listen.

I think you missed the point. He didn't "make them listen". The banks haven't fixed the security problem. All they have done is asked their customers to change their PIN as well as blocking some ATMs.

So, no, this isn't a good move, because all it has done is caused three million card users to be further annoyed as their cards are still no safer than before - in fact less so, because there is a proof of concept out there now with guaranteed ROI - they can't get to their own cash as easily as they have to go around changing PINs and if there is a deluge of crookery going on, the banks are now going to say "Ha! We TOLD you to change your numbers!"

What he should have done is gone to the credit agencies like Visa and Mastercard who would likely cut off the banks accounts in very quick order, thereby forcing the banks to fix the security hole. Even though a debit visa isn't touching the bank's money, the big credit companies take these things rather seriously if it has their name on it.

Re:What a great guy (1)

jamesbrx (2622061) | more than 2 years ago | (#39742655)

So, in my view, the hacker did good, because the people in charge weren't listening, so it made them listen.

I think you missed the point. He didn't "make them listen". The banks haven't fixed the security problem. All they have done is asked their customers to change their PIN as well as blocking some ATMs.

How do you know this? Are you in Iran and working for the banks? Even the article notes that they might have silently fixed, or are in the process of fixing them. Most of the ATM's have stopped giving out money. I think that clearly shows they are working on it. Or do you think they will just close it all down and never start working again?

Re:What a great guy (2)

jamesbrx (2622061) | more than 2 years ago | (#39742679)

Oh and for

What he should have done is gone to the credit agencies like Visa and Mastercard who would likely cut off the banks accounts in very quick order, thereby forcing the banks to fix the security hole. Even though a debit visa isn't touching the bank's money, the big credit companies take these things rather seriously if it has their name on it.

These aren't Visa or Mastercard issued cards, but Iran's own. The stupidity in your post, oh my god.

Re:What a great guy (1)

Tastecicles (1153671) | more than 2 years ago | (#39742933)

Security through obscurity? Seriously bad idea when it comes to dealing with other peoples' money. You just don't know who is the wrong person to piss off, until their card details (and their PIN!?) are published...

Re:What a great guy (1)

Gaygirlie (1657131) | more than 2 years ago | (#39744033)

So what you are saying is, if the public doesn't know about it, it's good security?

No, I clearly said the institutions in question think so. I do not have any idea how you missed that.

You do realize that if the dude who warned them found it, anyone could of found it.

Yes, but then again, I never claimed anything in the contrary. I am merely saying that he could've published only a handful of details like e.g. the name and address of the person holding the card, the beginning and the end of the card number and 2 of the PIN digits. That would've been enough, that would've proved beyond doubt that there is a very serious security flaw that needs to be fixed, and with missing numbers the PIN+card number would have not been that useful for criminals, thereby making him seem less bad and drawing more attention towards the institutions. As it is these institutions will undoubtedly spin all the negative press towards the hacker in question and away from themselves, simply because he made himself an easy target.

Re:What a great guy (1)

Nidi62 (1525137) | more than 2 years ago | (#39744891)

Publishing all the details was a bad move, that I definitely agree with, but atleast it got the institutions' attention, too bad that this will be spun in the media as a plot by Israel and the West to destabilize Iran's economy and not the institutions' fault, though.

FTFY, at least if you get your news from Fars.

sigh. (0)

Anonymous Coward | more than 2 years ago | (#39742439)

the fuck did he use his real name for?

Doesn't matter (0)

Anonymous Coward | more than 2 years ago | (#39742489)

Since Iranian banks have been cut off from the rest of the world this is sort of pointless from an international theft point.

Re:Doesn't matter (1)

dbreeze (228599) | more than 2 years ago | (#39742519)

crap. I just can't get a break.......

Let a lesson be (3, Informative)

cosm (1072588) | more than 2 years ago | (#39742569)

Let a lesson from this be that no matter where you are on the globe managerial types will typically disregard known and reported vulnerabilities until it is too late, generally failing to assess risk properly and address reported findings.

Karma whoring, dude's blog linked here [blogspot.com] (yay for in browser translation)

Re:Let a lesson be (1)

Stiletto (12066) | more than 2 years ago | (#39742881)

The message probably never had a chance to get to someone who could do something about it. Not everyone moves at Internut speed...

What a hack job of reporting! (5, Informative)

masouds (451077) | more than 2 years ago | (#39742609)

Points of fact:
1) He didn't hack any banks. He was working in a payment processing company that had monopoly in Iran.
2) The card numbers and pin numbers were kept in clear text in their internal systems
3) He did complain about it repeatedly to his bosses, who blew him off
4) He posted the pin numbers and account numbers to a blog. Pin numbers have some digits before and after; They are not quite usable in person. In order to use them online a second pin is required which was not posted.
5) the Payment processing center's license has been revoked, and all people are in panic trying to change their pin numbers. The only action all ATMs allow is pin change.

Re:What a hack job of reporting! (0)

Anonymous Coward | more than 2 years ago | (#39743373)

Sometimes it's hard for the rest of the world to follow american vernacular. is "his bosses, who blew him off" related in any way to the retort "blow me". If so what kind of bosses do they have in iranian banks? Are they often on their knees?

Re:What a hack job of reporting! (0)

Anonymous Coward | more than 2 years ago | (#39743589)

AC, bringing you the lamest of all tryhard jokes daily.

Re:What a hack job of reporting! (0)

Anonymous Coward | more than 2 years ago | (#39743601)

Not true. With so many numbers it's no problem to perform frauds using it, calculate or extract other numbers like missing PINs. Don't forget these might even be still using 56bit DES encryption for calculating security codes and PIN offsets. Before they will secure it, there will be thousands of frauds.
He thought it's safe to do so, so he will learn that it wasn't, it was massive and will cause huge losses. He wasn't that smart as he thought.

Re:What a hack job of reporting! (1)

Midnight Thunder (17205) | more than 2 years ago | (#39743707)

Indeed. If your boss won't listen escalate until someone will. Also try to explain things in terms they will understand, like case history.

Re:What a hack job of reporting! (3, Funny)

olau (314197) | more than 2 years ago | (#39743757)

True, he should have posted his boss's pin number only.

Re:What a hack job of reporting! (1)

helix2301 (1105613) | more than 2 years ago | (#39744797)

This is an example of ethical hacking going to far and where white hat meets black hat. He wanted to prove a point and did he now he has to be on the run.

Financial security through obscurity? (1, Funny)

acidradio (659704) | more than 2 years ago | (#39742723)

Just when I thought Iran was the safest place to stash my money now THIS happens? Where should I go next? Somalia?

Re:Financial security through obscurity? (1)

Black Parrot (19622) | more than 2 years ago | (#39742767)

Just when I thought Iran was the safest place to stash my money now THIS happens? Where should I go next? Somalia?

I put all mine in the Bank of Atlantis.

At least I don't have to worry about someone else getting it.

Re:Financial security through obscurity? (2)

arglebargle_xiv (2212710) | more than 2 years ago | (#39742939)

Just when I thought Iran was the safest place to stash my money now THIS happens? Where should I go next? Somalia?

I put all mine in the Bank of Atlantis. At least I don't have to worry about someone else getting it.

I used to do that too, and then one day they told me they'd lost it all. Some nonsense about "water damage".

Re:Financial security through obscurity? (3, Funny)

sempir (1916194) | more than 2 years ago | (#39742839)

Just when I thought Iran was the safest place to stash my money now THIS happens? Where should I go next? Somalia?

No!!!No, No, No!

Nigeria is the country where your money is safest. Here's what you do: Send the money to me personally and I will place it with all the other money I have for distribution on behalf of "Lotto"winners", "Deceased Estate Distribution A/C's" etc, you money is safe with me as I am a very honourable person, do this quickly before someone tries to cheat you out of all your money!
Honourably
Mr Sempir
Reliable Banking Services

Re:Financial security through obscurity? (1)

dhaen (892570) | more than 2 years ago | (#39743769)

Just when I thought Iran was the safest place to stash my money now THIS happens? Where should I go next? Somalia?

Nigeria seems to be able handle a lot of cash...

Proof that the term ... (1)

Skapare (16644) | more than 2 years ago | (#39742749)

... "stupid bank" is redundant.

Whoohoo! (0)

Anonymous Coward | more than 2 years ago | (#39742809)

Weee! I gots teh Iranian bank account numbers. Gonna order so much shit on eBay wid dat. Wadat? Frozen? Gitmo??? Terrorist, WTF... NO CARRIER.

A new nominee... (0)

Anonymous Coward | more than 2 years ago | (#39742919)

I think we have a nominee for "The biggest cojones of 2012" right here...

Um ... Is This Even An Accurate Story? (1)

DakotaSmith (937647) | more than 2 years ago | (#39743007)

Three million accounts intrigue me, so naturally I went looking for the posted list.

I can't find it. I find endless references to the story, but no list. I can't find Zarefarid's blog. This strikes me as odd, since the list was supposedly publicly posted there. Usually by this time, there are downloaded copies on all the file-sharing services, torrents, etc. There's nothing.

Knowing as I do that the majority of stories on which the press reports are wildly sensationalized or at worst entirely fictional, the lack of a list makes me think this may fall in the latter category.

Re:Um ... Is This Even An Accurate Story? (3, Informative)

Cruorin (1453909) | more than 2 years ago | (#39743539)

http://ircard.blogspot.com/ [blogspot.com] Click older about ten times, he posted them in plaintext without text wrapping, once you click one of the links. The reason this isn't all over the net is because it is useless to anyone not in Iran.

Much good it'll do you. (1)

multicoregeneral (2618207) | more than 2 years ago | (#39743013)

Even if they are real, Iran was booted out of the swift system a couple of weeks ago. They can't transfer money anywhere.

Hacker? (1)

Anonymous Coward | more than 2 years ago | (#39743083)

He didn't hack into the system. He just stole some information from the company he was working at, Eniac (eniac-psp.net) and put it on the Internet, because he couldn't make money out of it. He blackmailed the bankers to get 1$ for every of the 3 million accounts, and they refused to pay the money.
Now, he's claiming to be a hacker!

Pay peanuts get monkeys (1)

barv (1382797) | more than 2 years ago | (#39743685)

The nerd told them they had a security problem and they did nothing.

Conclusion. So their software people were incompetent.

Inference. The theocracy are not buying the best. Probably only hiring "theologically safe" programmers.

m6od 3own (-1)

Anonymous Coward | more than 2 years ago | (#39744379)

of 04en-source.

White Hat Meets Black Hat (1)

lipanitech (2620815) | more than 2 years ago | (#39744857)

This guy wanted to prove a point & he sure did now he is on the run. Example of White Hat hacker taking it to far.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?