Chip ‘n Pin Fails to Stop Criminals
Yesterday’s news that the UK banks’ Chip ‘n Pin card security system has been (easily) cracked is yet more evidence that ID Cards will be a colossal waste of money and a major plough through our freedoms and liberties. The only people hurt by the scheme will be normal, average, citizens trying to go about their daily lives.
The crooks will just by-pass it. Just like the Chip ‘n Pin cards in most people’s pockets.
The system used by Apacs cost £1.1 billion three years ago. So far, the UK High St losses have fallen from £218million per annum to £73million per annum, that is, a maximum saving of £435million – so the system hasn’t even paid for itself yet! In actual fact, all the savings are swallowed up by the increase in card fraud abroad, which doesn’t use C ‘n P.
This Marshal article, Spam Volume Doubles and Is More Likely to Be Malicious points another way that security systems are easily breached by criminals, usually, for financial gain.
Marshal says that 90% of all spam comes from just seven botnets! These control >105 computers that are used for many nefarious schemes by really nasty men. Nowadays, a large part of the spam I see is carrying a trojan payload to set up my machine as another ‘bot in the network. Social and other methods are used to tempt me to open attachments. I have stuff spoofing MSDN with the latest news and others that say I have a nice eCard ready to be opened. All have attachments or point to hacked websites that carry the package.
I had a test today – NOD32 & Firefox 3 both trapped them. IE7 hung for ages thinking about them. Say no more…
My point is that it looks like the criminals are starting to use network computers as a form of “Distributed Computing“. If the normal methods of cloning and reverse engineering don’t provide a solution for them (like in Birmingham yesterday), then the vast power used by SETI for example, can be easily harnessed with or without the machine owners permission or knowledge, to provide a formidable code cracking tool.
What would they want to crack? Anything that makes money! Forged ID Cards are a start.
Remember. Any security system made by man can be broken. All it takes is time – or lots of examples of the target….
There will be millions of ID Cards floating about. The usual way to start cracking into a code is to find repetetive sequences, and the more examples there are, then the more chances of finding some relevant sequences to open the gates.
Saying all that, the main weak spots are humans and their behaviour. And this all goes against having ID Cards as a “defence” against terror and immigration and more as an attack on all our freedoms which have taken so long to accumulate.