Loss of Privacy

In the latest twist in hacking ATMs, hackers in Russia and Ukraine are using ATMs to obtain all the details necessary to clone a card and use it in criminal activity.

It allows a gang member to walk up to an ATM, insert a “trigger” card, and use the machine’s receipt printer to produce a list of all the debit card numbers used that day, including their start and expiry dates – and their PINs. Everything needed, in fact, to clone those cards and start emptying bank accounts. In some cases, the malicious software even allows the criminal to eject the machine’s banknote storage cassette into the street.

Once installed, the malware implements a “card data harvesting” routine, SpiderLabs said in an alert to banks issued at the end of May. When a customer inserts their card, the malware records to hard disc its account number, start date, expiry date and three-digit security code, as well as the PIN entered.

“That PIN data gets encrypted when it is transmitted through to the bank,” explains Henwood, “but inside the machine it’s in the clear. So this little bugger just sits there stealing all the card data.”

The hardest bit for the criminals is installing the malware in the first place, as it requires physical access to the machine. That most likely means an inside job within a bank, or using bribes or threats to encourage shop staff to provide access to a standalone ATM in a shop or mall.

SpiderLabs’ analysts studied lsass.exe malware on 20 ATMs. They found multiple variants, and warn that it is almost certainly programmed to evolve further. One big concern is that it will become network capable – able to spread from machine to machine over the closed networks used by banks.

They need to move fast; SpiderLabs expects the technology to spread from eastern Europe to the US and Asia. European countries using chip-and-PIN cards will initially be immune because these ATMs encrypt PINs as they are typed, but it probably won’t take hackers long to get around this too.

The biggest problem is that ATMs should not be using any type of OS at all.  All that’s required for an ATM is a microcontroller and a small amount of RAM (a few K is enough).  Furthermore, the fact that these “professionals” were astonished that lsass.exe can be used for nefarious reasons proves they haven’t a clue about malware and virii that have been using this for at least ten years.

The fact is, this was an inside job, so do a proper investigation and solve the problem.  You also know what the malware is, so scan that and clean out the problem.

The pentagon has plans to build a blimp that will fly for ten years, spying on everything.  It will be capable of detailed radar surveillance of vehicles, planes, and people.

The 450-foot-long craft would give the U.S. military a better understanding of an adversary’s movements, habits and tactics, officials said. And the ability to constantly monitor small movements in a wide area — the Afghanistan- Pakistan border, for example — would dramatically improve military intelligence.

It could also be used in the USA.  They just like to test things in the Middle East first.

The United Kingdom’s Ministry of Justice is now piloting a program that will, eventually, make a lie detector test a mandatory part of probation for sex offenders.

A three-year pilot project in East and West Midlands will aim to establish whether polygraph testing should be introduced across England and Wales.

Between 350 and 450 offenders are expected to be tested over the three-year period of the latest pilot scheme. Those who refuse risk being sent back to prison.

Claude Knights, director of the children’s charity Kidscape, said she believed the tests could help to assess risk.

“I’m hoping that this will be an incentive for paedophiles to disclose more information, which would help us to manage their release more effectively.”

What she really meant to say is, “We must think of the children.  Oh, and we must keep these dirty bastards off the street.  This sort of testing is just what we need as an excuse to throw people back into jail.”

The long-expected move had been a commitment of the government, he said, and he was “proud to say that this can now legally happen from Wednesday”.

Is anyone else bothered by the fact that the government is now happy and proud that this can legally happen now?  Have they been doing this all along and just now legalized it?

Up next, all criminals on probation will be required to submit to a polygraph.  Once the criminals are finished and in a database, we’ll move on to people arrested for anything.  Next we’ll move on to speedsters, boy racers, and loiterers.  Don’t worry, citizen, we’ll get to you soon enough.

The Phoenix police department raided the home of Jeff Pataky, a blogger who writes about, and criticizes the Phoenix police department.  The reason behind the raid, Pataky believes, is that sources inside the police department confirmed that the police don’t like him questioning the behavior of the department.

Pataky, a former software sales and marketing executive who now focuses his energy shoveling content on www.badphoenixcops.com, said he believes his online criticism of the department – along with past criticisms of police investigations – led officers to serve a search warrant at his home last week.

“We have heard internally from our police sources that they purposefully did this to stop me,” Pataky said. “They took my cable modem and wireless router. Anyone worth their salt knows nothing is stored in the cable modem.”

As it appears from the current news reports, the police are violating Pataky’s 1st, 4th, and 5th amendment rights as well as Title 18, U.S.C. Section 241 and Title 18, U.S.C., Section 242.

While Pataky’s case is complex and disturbing, they aren’t just targeting him.  Former homicide detective David Barnes was demoted for questioning the handling of evidence in the crime lab.  It appears that anyone who questions the police is a target for harassment.

The entire county has been accused of being corrupt and incompetent [pdf].

Unfortunately, today’s law enforcement is seen as a place filled with tyrannical individuals only interested in themselves and what they can take for themselves.  Instead of being a help to the citizens of the United States, they are a hindrance, becoming the very threat to our security and liberty that they are supposed to protect.

I believe more people would fight back against this sort of behavior if only normal citizens would not be seen as dissenters, “terrorists,” protesters, and a threat to society.  It also doesn’t help that the police are the ones armed to the teeth and can ruin your life with a swift arrest and a blurb on the news.

Two and a half years ago, Mayor Daly said that he wanted a CCTV camera on every street corner by 2016.  It appears that he might just get his wish.  Despite overwhelming evidence to the contrary, he still believes that this will cut crime and, now, give Chicago a shot at hosting the olympics.

Many of these cameras were installed in high crime areas in Chicago.  They are still high crime areas.  Little has changed.  No matter where in the world they are installed, CCTV cameras still don’t prevent crime.