A finance technology manager named Khosrow Zarefarid discovered a critical flaw in Iran's online banking systems. He extracted 1,000 account details (including card numbers and PINs) and emailed them to the CEOs of 22 Iranian banks along with detailed information about the vulnerability. A year later, nothing had been done. Zarefarid extracted 3 million accounts' details from the bank's systems and posted them to ircard.blogspot.ca. Many Iranian banks have now frozen their customers' accounts and are only allowing PIN-change transactions at ATMs. Some banks have texted their customers to warn them of the breach. The Central Bank of Iran has published an official notice of the breach, but the notice does not say that the underlying vulnerability has been fixed, or even whether it is being addressed. Zarefarid is said to have left Iran, though his whereabouts are not known, at least to Emil Protalinski, who wrote about the breach for ZDNet:
It does not appear as if Zarefarid stole money from the accounts; he merely dumped the account details of around 3 million individuals, including card numbers and PINs, on his blog: ircard.blogspot.ca. I found the link via his Facebook account, along with the question “Is your bank card between thease 3000000 cards?”
...Zarefarid previously worked as a manager at a company called Eniak, which operates the
Shetab (Interbank Information Transfer Network) system, an electronic banking clearance and automated payments system used in Iran. The company also manufactures and installs point of sale (POS) devices. In other words, Zarefarid worked for a firm that offered services to Iranian banks for accepting electronic payments.
Update: In a post to the ircard blog, Zarefarid clarifies what he has done, and claims he is not a "hacker." (via "Khosrow Zarefarid, in the comments)
3 million bank accounts hacked in Iran
An unprotected Kingo Solar database with the personal data and photos for thousands of off-the-grid electricity customers was accessible for months, reports Zack Whittaker at ZDnet. “Thousands of remote villagers in Guatemala and South Africa are living off the grid, but their personal information isn’t,” he writes.
A report out this week from Bloomberg says that since January, 2016, people in the city of Baltimore, Maryland have secretly and periodically been spied on by police using cameras in the sky. Authorities today effectively admitted that the report is accurate.
Singapore, fearing cyberattacks — especially ones related to the ongoing South China Sea cold war — will, as of next May, disconnect its entire civil service from the internet, airgapping the whole government.
Finding quality icons is a challenge for designers, and can also get pretty costly if you use them often. And when you’ve got a lot to do, the last thing you want to spend your time on is creating new icons from scratch That’s why we recommend using the Noun Project ($49). Noun Project is a site […]
While Netflix and Hulu have seemingly dominated the streaming market with their limited selections, we’ve looked a little outside the box and found something pretty great as an alternative. SelectTV combines all the content of cable with the convenience of streaming, and it’s affordable too.SelectTV is an online subscription service that packs an impressive library of over […]
These days, the vape market is saturated with low-quality products, making it nearly impossible to separate the gems from the duds. The Atmos Rx Dry Herb Vaporizer stands out from crowd for two reasons: its impressive battery life and durable construction. This high-end little gadget is compact enough to fit in your pocket, and packs a powerful punch, […]