A finance technology manager named Khosrow Zarefarid discovered a critical flaw in Iran's online banking systems. He extracted 1,000 account details (including card numbers and PINs) and emailed them to the CEOs of 22 Iranian banks along with detailed information about the vulnerability. A year later, nothing had been done. Zarefarid extracted 3 million accounts' details from the bank's systems and posted them to ircard.blogspot.ca. Many Iranian banks have now frozen their customers' accounts and are only allowing PIN-change transactions at ATMs. Some banks have texted their customers to warn them of the breach. The Central Bank of Iran has published an official notice of the breach, but the notice does not say that the underlying vulnerability has been fixed, or even whether it is being addressed. Zarefarid is said to have left Iran, though his whereabouts are not known, at least to Emil Protalinski, who wrote about the breach for ZDNet:
It does not appear as if Zarefarid stole money from the accounts; he merely dumped the account details of around 3 million individuals, including card numbers and PINs, on his blog: ircard.blogspot.ca. I found the link via his Facebook account, along with the question “Is your bank card between thease 3000000 cards?”
...Zarefarid previously worked as a manager at a company called Eniak, which operates the
Shetab (Interbank Information Transfer Network) system, an electronic banking clearance and automated payments system used in Iran. The company also manufactures and installs point of sale (POS) devices. In other words, Zarefarid worked for a firm that offered services to Iranian banks for accepting electronic payments.
Update: In a post to the ircard blog, Zarefarid clarifies what he has done, and claims he is not a "hacker." (via "Khosrow Zarefarid, in the comments)
3 million bank accounts hacked in Iran
It’s been thirteen years since we started writing here about the shenanigans of the electronic voting machine industry, who were given a gift when, after the contested 2000 elections, Congress and the Supreme Court signaled that elections officials had to go and buy new machines.
In July, the Electronic Frontier Foundation filed a federal lawsuit on behalf of Dr Matthew Green, a Johns Hopkins Information Security Institute Assistant Professor of Computer Science; now the US government has asked a court to dismiss Dr Green’s claims. A brief from EFF explains what’s at stake here: the right of security experts to […]
So, that huge hack of 500 million Yahoo user accounts last week that Yahoo blamed on a “state-sponsored actor”? A private internet security firm is calling bullshit on the “state-sponsored” part.
#1. A-Audio Legacy Noise Cancelling Headphones with 3-Stage Technology The A-Audio Legacy Headphones are the Boing Boing Store’s best seller this month, and it’s easy to see why. With 40mm drivers, powerful circuitry, and memory foam padded circumaural ear cups, these are clearly super high-quality headphones. Plus, the patented 3-Stage Technology lets you toggle between passive […]
Vaping is getting more mainstream by the day, which means there’s been an influx of quality yet affordable vaporizers on the market. We’re particularly excited about the APX Wax Vaporizer Kit, which is an easy-to-use, high-quality vape that works with both dry herbs and waxy concentrates.If you’re a beginner trying to get into vaping, the APX […]
When you’ve had a long day and it’s time to unwind, there’s a lot you can do to relax: drink some tea, take a shower or even read a book. But there’s one thing that’s essential to a comfortable night’s rest—and that’s investing in some really good sheets. Enter Bamboo Bed Sheets. These quality sheets retail for $120, but […]