A particularly disturbing exploit was reported recently (October 11) by Wall Street Journal reporter Siobhan Gorman at http://online.wsj.com/article/SB122366999999723871.html?mod=googlenews_wsj with the title “Fraud Ring Funnels Data from Cards to Pakistan.” This particular exploit involved the insertion of specialized programmable circuitry within point-of-sale card scanners. The circuitry records credit card information and transmits the data daily to a remote server in Pakistan.
This type of exploit raises many questions. How did such sophisticated circuitry find its way into the card readers, which were manufactured in China? Were the circuits installed during the original manufacturing process or inserted later? If the latter, when and by whom? Is this limited to specific card scanners or is it pervasive? If pervasive, what other devices contain rogue circuitry? Do they all just communicate out or can they be remotely controlled? If the latter, which strategic and critical systems might contain circuitry which can be triggered remotely? And for what nefarious purposes? Are we concentrating on detecting and eliminating crimeware from our software when, all the while, these implants are doing their thing or awaiting instructions?
Popularity: 1%
