A finance technology manager named Khosrow Zarefarid discovered a critical flaw in Iran's online banking systems. He extracted 1,000 account details (including card numbers and PINs) and emailed them to the CEOs of 22 Iranian banks along with detailed information about the vulnerability. A year later, nothing had been done. Zarefarid extracted 3 million accounts' details from the bank's systems and posted them to ircard.blogspot.ca. Many Iranian banks have now frozen their customers' accounts and are only allowing PIN-change transactions at ATMs. Some banks have texted their customers to warn them of the breach. The Central Bank of Iran has published an official notice of the breach, but the notice does not say that the underlying vulnerability has been fixed, or even whether it is being addressed. Zarefarid is said to have left Iran, though his whereabouts are not known, at least to Emil Protalinski, who wrote about the breach for ZDNet:
It does not appear as if Zarefarid stole money from the accounts; he merely dumped the account details of around 3 million individuals, including card numbers and PINs, on his blog: ircard.blogspot.ca. I found the link via his Facebook account, along with the question “Is your bank card between thease 3000000 cards?”
...Zarefarid previously worked as a manager at a company called Eniak, which operates the
Shetab (Interbank Information Transfer Network) system, an electronic banking clearance and automated payments system used in Iran. The company also manufactures and installs point of sale (POS) devices. In other words, Zarefarid worked for a firm that offered services to Iranian banks for accepting electronic payments.
Update: In a post to the ircard blog, Zarefarid clarifies what he has done, and claims he is not a "hacker." (via "Khosrow Zarefarid, in the comments)
3 million bank accounts hacked in Iran
Most Facebook users have no idea how the company tracks and profiles everything they do to target ads, a new Pew Research study confirms.
Federal agents today arrested a man in Georgia who they say was planning an attack with weapons and explosives on the White House, the Washington Monument, and the Lincoln Memorial in Washington, DC.
Noah Rotem got an intriguing error message from El Al's reservation system ("PNR: https://fly.elal.co.il/LOTS-OF-NUMBERS-HERE*) and by tugging at the loose thread it revealed, he was able to view any "Passenger Name Record" in El Al's system, allowing him to "make changes, claim frequent flyer miles to a personal account, assign seats and meals, and update […]
Things move fast in the world of social media, and they don’t slow down for marketers looking to make an impact. Whether you’re grabbing eyeballs for a major company or a local business, you’ll need to adjust your strategy for every platform. Don’t have a strategy to begin with? That’s where the Social Media Marketing […]
It’s a rude awakening for that rookie vacationer abroad when they try to plug in their gear for the night. Veteran jet-setters know that outlet shapes can vary wildly from country to country, which necessitates that most boring must-have for any world-traveler: A sackful of clunky power adapters. Awkward problem, elegant solution: The Twist Plus […]
Looking for a career in music behind the boards, either as a music producer or DJ? It’s a good bet that you’re going to be working with Ableton Live. Each new iteration of this powerful workstation gives the user more tools to create, and it’s just as well suited for the task of meticulous track […]