Slashdot Mirror
Metel Hackers Roll Back ATM Transactions, Steal Millions (threatpost.com)
msm1267 writes: Researchers from Kaspersky Lab's Global Research & Analysis Team today unveiled details on two new criminal operations that have borrowed heavily from targeted nation-state attacks, and also shared an update on a resurgent Carbanak gang, which last year, it was reported, had allegedly stolen upwards of $1 billion from more than 100 financial companies. The heaviest hitter among the newly discovered gangs is an ongoing campaign, mostly confined to Russia, known as Metel. This gang targets machines that have access to money transactions, such as call center and support machines, and once they are compromised, the attackers use that access to automate the rollback of ATM transactions. As the attackers empty ATM after ATM—Metel was found inside 30 organizations—the balances on the stolen accounts remained untouched.
English, Español or ?
Quote:
Originally Posted by patman
Why do you keep taking my statements so personally. I don't think you believe rape is ok. You just think the Bible doesn't say it is worthy of death. All I am doing is arguing against your interpretation of the passage.
Then why would you even bring up the subject of whether or not rape is OK, if you know that it's completely irrelevant to my point?
Quote:
I am not reading into the passage. "They are found out" means both of them. If I were to tell you a story about a girl who was raped, I wouldn't describe the act as "they were having sex," because you would know from my wording that "THEY" both were having sex; they both welcomed the act. Instead I would tell you he was having sex with her, or he was raping her.
He was having sex with her = they were having sex. Whether it was consensual or not is additional information. The passage has already implied that it was not consensual, so it's you against the Bible here.
Quote:
The "lets find other examples" argument is in no way full proof because language just doesn't work that way all the time. Words can take on different meanings, making different uses of them unrelated.
So I suppose that we should just take your opinion of the word as the final authority then? I don't think so. Scripture interprets scripture, and words have objective meanings. As I pointed out in the other thread, the meaning of the word "taphas" here is even less ambiguous than the meaning of the word "chazaq" in the earlier rape section.
Quote:
It can be very useful at times, but in this case it does not work. God doesn't have to reuse the same word from one example to another, and the lack of use means nothing.
If that was the case then one could make the same argument about the earlier rape passage as well. But that would be reading one's own bias into the text, just like you're doing.
.
Quote:
"Lay Hold" and "Force" are two different words. The first part of the passage uses force distinctly speaks to rape. The second is not rape, it is "lay hold", and it indicates he took her virginity but not forcefully.
This would be a radical departure from it's use elsewhere in scripture and elsewhere in the book of Deuteronomy as well.
Deuteronomy 21:18-21
If a man have a stubborn and rebellious son, which will not obey the voice of his father, or the voice of his mother, and that, when they have chastened him, will not hearken unto them: Then shall his father and his mother lay hold[taphas] on him, and bring him out unto the elders of his city, and unto the gate of his place; And they shall say unto the elders of his city, This our son is stubborn and rebellious, he will not obey our voice; he is a glutton, and a drunkard. And all the men of his city shall stone him with stones, that he die: so shalt thou put evil away from among you; and all Israel shall hear, and fear.
Quote:
You don't have to use "force" to "lay hold" of something. It is like you take hold of wisdom, or take hold of honor..
Those are not people. I addressed this point in the other thread already. But I'll go ahead and quote it here, since you can't seem to be bothered to read the other thread.
Such an argument ignores the fundamental distinction between people and objects that makes such a usage absurd in the case of objects. Namely, inanimate objects have no will. This actually reinforces my interpretation, since, when used of people, it would imply a disregard of their autonomy, i. e. using people like objects.
I'm on the mobile site, as I usually am, reading /. on my phone while having a cig (no judgments please). I can't, for the life of me, find the link to RTFA when it's not included in the summary text! What am I missing?!?!
Just to confirm...
Rollback means playback, right? Like, they record how the ATM communicates the authentication portion of the transaction, and replay that same communication with the ATM until its stored cash has all been dispensed and it's now empty?
Seems like the people that designed the ATMs and their authentication protocols have some 'splaining to do. This kind of vulnerability should have been anticipated and the software hardened against, given that this is machine-to-machine encryption, not person-to-machine.
Do not look into laser with remaining eye.
One of the most common attempts at rejecting this interpretation is to cast doubt on the meaning of the Hebrew word "taphas", which is translated as "lay hold on" in the King James version of this passage. Strong's dictionary defines it as follows.
8610. taphas (taw-fas')
A primitive root; to manipulate, i.e. Seize; chiefly to capture, wield, specifically, to overlay; figuratively, to use unwarrantably
catch, handle, (lay, take) hold (on, over), stop, X surely, surprise, take.
It is claimed by the opposition that this word should not be interpreted with a forceful interpretation of "seize" or "capture", but is instead better interpreted as consistent with consensual relations. To adopt such a position, however, one would have to ignore a large amount of scriptural evidence to the contrary.
Jeremiah 52:8,9
But the army of the Chaldeans pursued after the king, and overtook Zedekiah in the plains of Jericho; and all his army was scattered from him. Then they took [taphas] the king, and carried him up unto the king of Babylon to Riblah in the land of Hamath; where he gave judgment upon him.
Jeremiah 37:13,14
And when he was in the gate of Benjamin, a captain of the ward was there, whose name was Irijah, the son of Shelemiah, the son of Hananiah; and he took[taphas] Jeremiah the prophet, saying, Thou fallest away to the Chaldeans. Then said4 Jeremiah, It is false; I fall not away to the Chaldeans. But he hearkened not to him: so Irijah took[taphas] Jeremiah, and brought him to the princes.
Jeremiah 26:8
Now it came to pass, when Jeremiah had made an end of speaking all that the LORD had commanded him to speak unto all the people, that the priests and the prophets and all the people took[taphas] him, saying, Thou shalt surely die.
Isaiah 36:1
Now it came to pass in the fourteenth year of king Hezekiah, that Sennacherib king of Assyria came up against all the defenced cities of Judah, and took[taphas] them.
2 Chronicles 25:23
And Joash the king of Israel took[taphas] Amaziah king of Judah, the son of Joash, the son of Jehoahaz, at Bethshemesh, and brought him to Jerusalem, and brake down the wall of Jerusalem from the gate of Ephraim to the corner gate, four hundred cubits.
2 Kings 25:6
So they took[taphas] the king, and brought him up to the king of Babylon to Riblah; and they gave judgment upon him.
2 Kings 18:13
Now in the fourteenth year of king Hezekiah did Sennacherib king of Assyria come up against all the fenced cities of Judah, and took[taphas] them.
2 Kings 16:9
And the king of Assyria hearkened unto him: for the king of Assyria went up against Damascus, and took[taphas] it, and carried the people of it captive to Kir, and slew Rezin.
2 Kings 14:13
And Jehoash king of Israel took[taphas] Amaziah king of Judah, the son of Jehoash the son of Ahaziah, at Bethshemesh, and came to Jerusalem, and brake down the wall of Jerusalem from the gate of Ephraim unto the corner gate, four hundred cubits.
2 Kings 14:7
He slew of Edom in the valley of salt ten thousand, and took[taphas] Selah by war, and called the name of it Joktheel unto this day.
2 Kings 10:14
And he said, Take[taphas] them alive. And they took[taphas] them alive, and slew them at the pit of the shearing house, even two and forty men; neither left he any of them.
1 Kings 18:40
And Elijah said unto them, Take[taphas] the prophets of Baal; let not one of them escape. And they took[taphas] them: and Elijah brought them down to the brook Kishon, and slew them there.
1 Samuel 15:8
And he took[taphas] Agag the king of the Amalekites alive, and utterly destroyed all the people with the edge of the sword.
Joshua 8:22,23
And the other issued out of the city against them; so they were in the midst of Israel, some on this side, and some on that
>In the United States, as late as the 1880s most States set the minimum age at 10-12, (in Delaware it was 7 in 1895).[8] Inspired by the "Maiden Tribute" female reformers in the US initiated their own campaign[9] which petitioned legislators to raise the legal minimum age to at least 16, with the ultimate goal to raise the age to 18. The campaign was successful, with almost all states raising the minimum age to 16-18 years by 1920.
>Also: see: Deuteronomy chapter 22 verses 28-29, hebrew allows men to rape girl children and keep them: thus man + girl is obviously fine. Feminists are commanded to be killed as anyone enticing others to follow another ruler/judge/god is to be killed as-per Deuteronomy. It is wonderful when this happens from time to time: celebrate)
http://usa.kaspersky.com/about-us/press-center/press-releases/carbanak-and-beyond-banks-face-new-attacks
Is there a real article here or just some guy's rant about something?
just bits displaced to make room for more vodka-soak cells.
let's hear it for the boyz.
smells.
The only reason why an ATM transaction should be able to be "rolled-back" is if the machine dispensed never dispensed the cash.
Cash dispensers aren't generally "smart enough" to know if they actually dispense cash or not. They try hard (photo-sensors, knowing how much cash in the system, etc) -- but at the end of the day you're talking about ejecting paper. Paper jams do occur. A rollback mechanism must be in place.
Here's the thing - we're talking VERY small amounts. $200 at a shot. Multiple ATMs. This is a LOT of work and the security cams at the ATMs should be seeing who's getting the cash (thus the ski mask).
And they're claiming they've hit the banks for Billions?
An ATM would hold...maybe...$100,000 (5000 $20 bills)?
1) the ATMs run windows
2) they outsourced some or all of the production side of this to India.
Now, with that known, why should ie surprise ANYBODY that an Indian company who has NO sense of loyality to American companies that are not allowed to operate in their nation, and where the Americans pay them under $10,000 / year, while paying Americans more than $100,000 / year, should not take 100,000 (i.e. 10x their salary) to leave a backdoor in that the russians access, put in a new back door and then remove the old one.
Until the west gets past their insane political correctness, this will continue.
I prefer the "u" in honour as it seems to be missing these days.
Really people, don't use abbreviations, or ambiguous terms. No matter how 'cool' you think you are, there are less technical people out there that still want to know what you have to say. Using that kind of crap without explaining it doesn't make you see knowledgeable, it just makes you seem like a fool. Nor is it that hard to put an actual LINK in the article.
excitingthingstodo.blogspot.com
... that have borrowed heavily from targeted nation-state attacks
'nough said.
Select from tblFriends where interesting >= 4;
I am not certain if you are Indian and take this personal, OR, if you are simple a liberal that sees this as 'politically incorrect', but obviously, you are one likely 1 of these. I am not being racists in this. In the past, the very situation of this kind of monetary difference was seen as being prone to security issues. What is needed is to keep this situation out of production. Yet, many companies choose to go with foreigners on implementing production code and never think about the security implication. It does not mean that foreigners can not be used to code, or in other arenas. BUT, the money should be much closer and the company should be operating withing that nation's borders. That way, the employee has a loyality issue to their fellow country men.
But, it is long past time for you to get past your OWN racism (I am married to an Indian and we have children ), and realize that this situation is occurring.
I prefer the "u" in honour as it seems to be missing these days.
A team of 50 people - that's $5 million a day. Do it sporadically over the course of a few years - yeah, a billion is possible...
Browsing at +1 - no ACs, I ignore their posts. So refreshing!
Modded down because - The TFA didn't mention that the ATMs ran Windows and even if they did, what is notable is the access to the databases. Also, why rant about the loss of american jobs ... in Russia?
But TFA DID. It spoke of the value to the hackers in gaining control of the domain controller. That's a Windows thing.
People are generally upset with our banks because while they accept them as basically essential, they don't approve of much of what they do.
The banks can and do screw me, from time to time, yet yes - I leave my money with them. I might not have an "obligation" to do so, but it becomes very difficult to go around them. Most employers prefer to pay with direct deposit to a bank account, for example. If you opt out? They might cut you checks which you've got to go to check cashing places to cash, and incur fees for doing so right off the bat. Then you incur the risk of carrying that much cash around with you everywhere too.
Try to make a major purchase and the country flags you as a terrorist suspect the minute you make a large cash payment for it! Try to take cash on an airline flight and again, you're flagged and pulled out of the security line. If you ever do try to make monthly payments with a business on something, they typically run your credit and find that your credit score stinks too -- since there's no record of you having your name on a savings or checking account or any other real credit history.
I'm not suggesting all of us think bank robbers are "heroes". I know I don't. There's still a system in place that those people think they're "above everyone else", bypassing it, and costing everyone else in the long run. (Banks that lose money are covered by FDIC insurance, but eventually -- it's we the taxpaying public who gets to pay to keep that insurance program going.)
This is awesome.
The bank still has the same digital balance, it just doesn't have the physical notes any more.
It's the perfect victimless crime.
Where did I rant about loss of American jobs? Not a once. I spoke ONLY of the security issue. And I will bet that each of these are running windows which makes it easy to leave backdoors in.
I prefer the "u" in honour as it seems to be missing these days.
go fuck yourself and your religious bullshit, this is /. so keep it geek not religious
initial compromises were carried out via spear-phishing and a malicious RAR archive disguised as a Word document
People sure love clicking random email attachments
Why are these ATMs connected to the Internet and who decided to run Windows on them: Carbank ring steals $1 billion from banks
Cash dispensers aren't generally "smart enough" to know if they actually dispense cash or not.
I've experienced the very thing you're speaking of - the machine could not dispense the entire amount I requested due to a mechanical malfunction. The screen informed me of such and the amount that _was_ dispensed was reflected on the receipt. My account balance reflected my original withdrawal and a refund for the amount the machine couldn't dispense.
So yeah, they have those kinds of brains in them. I wouldn't be surprised if it was required by law.
If are reading this, you have called my bluff (as this was a really dead story ...). It is being used as a pseudo-citation and was intended to be humor, but feel free to mod as a troll or flamebait or whatever else strikes your fancy.
can't say anyhing bad about windows.
check cashing places to cash, and incur fees for doing so right off the bat. Then you incur the risk of carrying that much cash around with you everywhere too.
So the bank is supposed to take this risk you don't want to take and guarantee the safety of your money at no cost?
The alternative is for you to hire a security company to escort the money to your safe.
Try to make a major purchase and the country flags you as a terrorist suspect the minute you make a large cash payment for it!
Wrong, they flag your transaction for review. Two very different things.
Try to take cash on an airline flight and again
If you are crossing borders that makes absolute sense. If you aren't crossing borders you can carry as much money as you want. You should notify TSA ahead of travels: http://www.airsafe.com/issues/...
since there's no record of you having your name on a savings or checking account or any other real credit history.
Would you loan your money to someone else without a way to check who they are and how reliable they are? Probably not. Borrowing money is not a given right, it's a privilege that's become a standard in our society but that still requires validation.
What did the banks actually do to you to make you hate them OR are you one of the sheeps that flames said entities because it's the popular thing to do?
In my life banks have allowed me to collect interest on savings, build large gains on mutual funds and borrow money at low interest rates. I'm not sure where they screwed me. Are we talking about the $2-$4 / month I get charged for transactions?
Seriously? I'm a "sheep" for hating the banking system we've got in place?
Let's talk about that "interest collected on savings", shall we? It's so little these days, it's pretty much worthless. Meanwhile, you let the bank use your money while it sits there, to lend out to someone else at a FAR higher interest rate than you're being paid on it.
Or let's talk ATM machines.... Ostensibly deployed for customer convenience, they're ALSO quite popular with banks because it allowed them to stop hiring nearly so many tellers to help people in person with transactions. That means, a big cost savings for the banks. All fine and good, except why then do I get dinged for $2.00 or more each time I try to take my OWN money out of my account using a machine not owned by my particular bank? And why, in most cases, will the bank who owns that ATM *also* add on a $2.00 or more fee for withdrawing the money? If I only need $10, that's a good 40% of what I'm withdrawing they want as a cut for doing it! With almost all of these machines in the same "network", it should be a trivial process for banks to sort out who owes who for a "foreign transaction" and straighten that out on the back end. Maybe worth a 25 cent surcharge, at most.
In fact, pretty much ANY interaction with a bank involves surcharges tacked on. Want a new box of checks ordered? You can be sure they'll sell them to you for at least 2x the going rate from any of the custom check printing services that advertising in the local newspaper and elsewhere (and get less choice about how you want them to look). Accidental overdraft? Now we're really talking extra charges! I guess they figure since YOU made the mistake, they can soak you with impunity on those, right?
I have no problem with a lender verifying a person is reliable and statistically likely enough to repay them before agreeing to the loan. But loans are where banks really should be making all the money they need to survive and thrive! All of the savings or checking accounts should just be tools to gather up some of that money to lend back out, and not viewed as MORE ways to profit from people. Most of the people opening one of those accounts will eventually need an auto loan, a home loan, or some kind of personal loan anyway.
And lastly -- I never found a bank that would lend me money at an interest rate as low as a local credit union. They're simply not competitive with them!