On 8th December 2011, news broke that US police officials had been deployed to North Miami Beach Senior High School to investigate the alledged theft of 2,000 student ID cards. According to a local media outlet, these ID cards contained sensitive personal information on the holder – including details of each students’ social security number.
Commentators on the situation have said, “…it’s very concerning because it has our social security numbers [on the ID card].”
Some will suggest that this is an excellent example of how any ‘foolproof’ system, (not least one that’s designed to improve security for its participants), is only 100% effective until the moment when something goes wrong.
Expect the unexpected – these are words to live by.
The original article can be found at: BayPay Forum
And the trend continues…
According to Alien Vault Labs, the U.S. Defense Department ‘Common Access Cards (CAC)’ and Windows smart card are now being targetted by a new variant of the already infamous Sykipot malware. Re-engineered in March 2011, this new variant has ‘raised the bar’ – with dozens of attack samples evident over the past 12 months. The malware would appear particularly interested in government agencies, and a view has been expressed elsewhere that China may be behind this development – since a main goal in these attacks is to access information specifically from the US defense sector. (Smart cards are in common use across the US Defense sector as a means of identifying employees and allowing them access to facilities or services.)
Alien Vault Labs explain how these attacks work by stating, “…the attackers use a spear phishing campaign to get their targets to open a PDF attachment which then deposits the Sykipot malware onto their machine. Then, unlike previous strains, the malware uses a keylogger to steal PINs for the cards. When a card is inserted into the reader, the malware then acts as the authenticated user and can access sensitive information. The malware is controlled by the attackers from the command & control center.”
You can read the full report here: Alien Vault Labs
Once again this news adds weight to the growing argument that as encryption systems improve those of a criminal disposition will raise their game accordingly. There’s probably nothing to worry about for the moment (unless you’re in the US defense industry?), but just to be on the safe side then why not avoid potential mayhem and consider a low-cost ‘anti-skim’ sleeve for that new ‘contactless’ credit or debit card; such as those that can be purchased from RFID Protect.