ALERT:ATM PIN NUMBERS HACKED!

Hackers broke into Citibank's network of ATMs inside 7-Eleven stores this year and stole customers' PIN codes, according to recent court filings that revealed a disturbing security hole in the most sensitive part of a banking record.

The scam netted the alleged identity thieves millions of dollars. But more importantly for consumers, it indicates criminals were able to access PINs -- the numeric passwords that theoretically are among the most closely guarded elements of banking transactions -- by attacking the back-end computers responsible for approving the cash withdrawals.

The case against three people in U.S. District Court for the Southern District of New York highlights a significant problem.

Hackers are targeting the ATM system's infrastructure, which is increasingly built on Microsoft Corp.'s Windows operating system and allows machines to be remotely diagnosed and repaired over the Internet. And despite industry standards that call for protecting PINs with strong encryption -- which means encoding them to cloak them to outsiders -- some ATM operators apparently aren't properly doing that. The PINs seem to be leaking while in transit between the automated teller machines and the computers that process the transactions.

"PINs were supposed be sacrosanct -- what this shows is that PINs aren't always encrypted like they're supposed to be," said Avivah Litan, a security analyst with Gartner research firm. "The banks need much better fraud detection systems and much better authentication."

It's unclear how many Citibank customers were affected by the breach, which extended at least from October 2007 to March. The bank has nearly 5,700 Citibank-branded ATMs inside 7-Eleven Inc. stores in the U.S., but it doesn't own or operate any of them.

ALERT:Credit Cards Able to Be Cloned!

It's a near ideal scene: a family riding a train, traversing hundreds of miles in a few hours. As the train chugs along at incredible speeds, they cross mountains,valleys, chug through forests and along beaches. The son begins to tug at his fathers curtail, accidentally knocking his dad into someone passing through the hallway.

No problem right?

Wrong. A group of hackers from the Netherlands used a technique that was popularized at DEFCON 15 to develop means to clone England's "Oyster" transit card. The cards use a microchip from the manufacturer "Mifare". A brief scan of a legitimate card reader (I.E, turnstiles to access the London Underground) reveal the cryptographic key that reads and authorizes a card to be used. Once the attacker uploads this key to his/her laptop, they are carrying a portable card reader wherever they go. This means that if the attacker is able to interrupt your cards RFID signature, they are able to clone your card onto a card of their choosing. This allows them to consume the balance of your card.

The Mifare chips are also used in numerous secure site authentication methods, which have drawn attention from the British government. When it was revealed that the same technology could be used to gain forged access to nuclear and governmental sites, they announced they would be replacing over 100,000 Mifare "Secure" RFID smart cards. At a cost of over 60 euros a piece, this security screw up could end up costing the British government over 3 million US dollars.

These events lead me wondering, how long before:
A.Credit Cards Have RFID
B.Hackers Crack It
C.Cloned Credit Cards
D.Aluminum Plated Wallets