Stories
Slash Boxes
Comments

SoylentNews is people

posted by takyon on Thursday October 22 2015, @01:44AM   Printer-friendly
from the slim-pickings dept.

Four years ago, about a dozen credit cards equipped with chip-and-PIN technology were stolen in France. In May 2011, a banking group noticed that those stolen cards were being used in Belgium, something that should have been impossible without the card holders inputting their PINs. That's when the police got involved. The police obtained the international mobile subscriber identity (IMSI) numbers present at the locations where the cards were used and at the times they were used, and then they correlated those IMSI numbers to SIM cards.

Using that information, the police were able to arrest a 25-year-old woman carrying a large number of cigarette packs and scratchers, which were apparently intended for resale on the black market. After her arrest, four more members of the fraud ring were identified and arrested. That number included the engineer who was able to put together the chip card hacking scheme that a group of French researchers call "the most sophisticated smart card fraud encountered to date."

25 stolen cards, specialized equipment, and €5,000 (approximately $5,660) in cash was seized. Ultimately police said about €600,000 (or $680,000) was stolen as a result of the card fraud scheme, spanning 7,000 transactions using 40 cards.

[...] The stolen cards were still considered evidence, so the researchers couldn't do a full tear-down or run any tests that would alter the data on the card, so they used X-ray scans to look at where the chip cards had been tampered with. They also analyzed the way the chips distributed electricity when in use and used read-only programs to see what information the cards sent to a Point of Sale (POS) terminal.

According to the paper, the fraudsters were able to perform a man-in-the-middle attack by programming a second hobbyist chip called a FUN card to accept any PIN entry, and soldering that chip onto the card's original chip. This increased the thickness of the chip from 0.4mm to 0.7mm, "making insertion into a PoS somewhat uneasy but perfectly feasible," the researchers write. The hackers took advantage of the fact that PIN authentication was, at least at the time, decoupled from transaction verification on EMV cards in Europe.

[...] In their paper, the researchers note that the forged chip cards looked similar to a scheme put forward in 2010 by researchers at Cambridge University. At the time, the Cambridge researchers were able to show that they could complete a transaction using a similar man-in-the-middle attack, but they weren't able to get the form factor down to credit card size. The French researchers who did the forensic analysis of the cards noted that "producing the forgery required patience, skill and craftsmanship."


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Interesting) by MrGuy on Thursday October 22 2015, @02:48AM

    by MrGuy (1007) on Thursday October 22 2015, @02:48AM (#253061)

    It's good to know that well after the fact, without need for any witnesses, real-time recording, or stingray devices, as long as we know that a person was in certain approximate known locations at certain known times, we can use the fact that they had their cell phone on to unambiguously identify that person.

    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 2) by frojack on Thursday October 22 2015, @03:05AM

    by frojack (1554) on Thursday October 22 2015, @03:05AM (#253065) Journal

    The police obtained the international mobile subscriber identity (IMSI) numbers present at the locations where the cards were used and at the times they were used, and then they correlated those IMSI numbers to SIM cards.

    Yes, towers keep records of cell phones associating with them. That's well known.

    The tricky bit is finding that one cell number in the vicinity of the fraudulent transactions that might have been responsible.

    At any given cash machine in a modern city there are probably hundreds, if not thousands of cell phones in the area at any give time. Some are always near that site (owners live or work there), so you would have to analyse widely dispersed fraud sites.

    Finding those one or two that phones that appeared at more than one fraud site would take require a great deal of luck.

    I still can't figure out what the cigarette packs and scratchers have to do with it. (Or what a scratcher is).

    --
    No, you are mistaken. I've always had this sig.
    • (Score: 2) by jmorris on Thursday October 22 2015, @04:56AM

      by jmorris (4844) on Thursday October 22 2015, @04:56AM (#253099)

      Finding those one or two that phones that appeared at more than one fraud site would take require a great deal of luck.

      Not really. Get a list of phones near site #1, compare to the list near site #2. Odds are only one will be in common, if you get really unlucky and get a couple of matches use a third and any that are still in common are almost certainly owned by a group of people involved in the crime. Nothing you couldn't reduce down at a UNIX command line in seconds. Given lists of unique ids of handsets seen near two sites in site1.txt and site2.txt, "cat site[12].txt | sort | uniq --repeated" would do the trick.

      And yes, everybody who knows how cell tech works knows the towers must know where each handset is to within a few hundred feet and that carriers never delete that valuable, oh so marketable 'big data.' We are all lojacked and we pay for it. If I didn't need to be reachable for work I would have mine in airplane mode most of the time. The takeaway from this story is if you want to do naughty deeds, turn off the danged phone!

      • (Score: 2) by frojack on Thursday October 22 2015, @06:20AM

        by frojack (1554) on Thursday October 22 2015, @06:20AM (#253105) Journal

        I've never seen any evidence of any cell company marketing me or to me based on which tower I was connected to.
        I Wager you haven't either.

        Police seem to use this data far more than marketeers.

        --
        No, you are mistaken. I've always had this sig.
        • (Score: 1) by Osamabobama on Thursday October 22 2015, @05:21PM

          by Osamabobama (5842) on Thursday October 22 2015, @05:21PM (#253298)

          Have you ever noticed that there are more ads where there are more people?

          --
          Appended to the end of comments you post. Max: 120 chars.
          • (Score: 2) by frojack on Thursday October 22 2015, @09:47PM

            by frojack (1554) on Thursday October 22 2015, @09:47PM (#253411) Journal

            In a word, No.

            --
            No, you are mistaken. I've always had this sig.
          • (Score: 1) by pipedwho on Thursday October 22 2015, @11:20PM

            by pipedwho (2032) on Thursday October 22 2015, @11:20PM (#253435)

            This was true before the dawn of first cell-phone. And I expect also true for the very first advertisement in the history of mankind.

      • (Score: 0) by Anonymous Coward on Thursday October 22 2015, @03:20PM

        by Anonymous Coward on Thursday October 22 2015, @03:20PM (#253253)

        Tower data is certain, but I would be surprised if the TLAs didn't have some GPS logs as well.

    • (Score: 0) by Anonymous Coward on Thursday October 22 2015, @09:49AM

      by Anonymous Coward on Thursday October 22 2015, @09:49AM (#253142)

      cigarette packs & scratchers: low weight/low volume, high value (and legal) items.
      Scratchers being those "gambling notes" you buy at the newsstands and so on. Scratch to win...