The scam netted the alleged identity thieves millions of dollars. But more significantly for consumers, it indicates criminals were able to access PINs - the numeric passwords that theoretically are among the most closely guarded elements of banking transactions - by attacking the computers responsible for approving the cash withdrawals.
The case against three individuals in U.S. District Court for the Southern District of New York highlights an important problem: Hackers are targeting the ATM system's infrastructure, which is increasingly built on Microsoft Corp.'s Windows operating system and allows machines to be remotely diagnosed and repaired over the Internet.
Despite industry standards that call for protecting PINs with strong encryption - which means encoding them to cloak them to outsiders - some ATM operators apparently are not properly doing that. The PINs seem to be leaking while in transit between the automated teller machines and the computers that process the transactions.