A finance technology manager named Khosrow Zarefarid discovered a critical flaw in Iran's online banking systems. He extracted 1,000 account details (including card numbers and PINs) and emailed them to the CEOs of 22 Iranian banks along with detailed information about the vulnerability. A year later, nothing had been done. Zarefarid extracted 3 million accounts' details from the bank's systems and posted them to ircard.blogspot.ca. Many Iranian banks have now frozen their customers' accounts and are only allowing PIN-change transactions at ATMs. Some banks have texted their customers to warn them of the breach. The Central Bank of Iran has published an official notice of the breach, but the notice does not say that the underlying vulnerability has been fixed, or even whether it is being addressed. Zarefarid is said to have left Iran, though his whereabouts are not known, at least to Emil Protalinski, who wrote about the breach for ZDNet:
It does not appear as if Zarefarid stole money from the accounts; he merely dumped the account details of around 3 million individuals, including card numbers and PINs, on his blog: ircard.blogspot.ca. I found the link via his Facebook account, along with the question “Is your bank card between thease 3000000 cards?”
...Zarefarid previously worked as a manager at a company called Eniak, which operates the
Shetab (Interbank Information Transfer Network) system, an electronic banking clearance and automated payments system used in Iran. The company also manufactures and installs point of sale (POS) devices. In other words, Zarefarid worked for a firm that offered services to Iranian banks for accepting electronic payments.
Update: In a post to the ircard blog, Zarefarid clarifies what he has done, and claims he is not a "hacker." (via "Khosrow Zarefarid, in the comments)
3 million bank accounts hacked in Iran
When security firm Sucuri investigated the source of a 50,000-request/second DDoS attack on a jewelry shop, they discovered to their surprise that the attacks originated on a botnet made of hacked 25,500+ CCTV cameras in 105 countries.
In Workarounds to Computer Access in Healthcare Organizations: You Want My Password or a Dead Patient?, security researchers from Penn, Dartmouth and USC conducted an excellent piece of ethnographic research on health workers, shadowing them as they moved through their work environments, blithely ignoring, circumventing and sabotaging the information security measures imposed by their IT […]
In a new paper, researchers from Ben-Gurion University demonstrate a fiendishly clever procedure for getting data off of airgapped computers that have had their speakers removed to prevent acoustic data-transmission: instead of playing sound through the target computer’s speakers, they attack its fans, varying their speeds to produce subtle sounds that humans can barely notice, […]
If you want a quality vaping experience, it’s usually going to cost you. Vaporizers that deliver a fast, controlled burn will set you back up to $300, which is why the FEZ Vaporizer (now just $99) is an absolute steal.The FEZ dry herb pen does everything that more expensive models handle at a reduced price. It heats up […]
Taking pictures can be challenging. There are a million factors that can influence each shot you take – and unless you’re a trained photographer, you often just focus, click…and cross your fingers.Of course, you can take some of the ambiguity out of your picture-taking with this Hollywood Art Institute Photography Course & Certification package, now […]
Experienced shutterbugs with DSLR cameras have boatloads of lens options for capturing the moment. Unfortunately, smartphone photographers often get stuck with their one crummy lens, which means limited zoom and focus for their final image.Step up your smartphone’s photographic power with the Acesori 5-Piece Smartphone Camera Lens Kit, now just $9.99 in the Boing Boing Store.Magnetic rings easily […]