08 December 2016
Visit aciworldwide.com

Apacs staffer outed as anonymous Chip and PIN research basher

24 February 2010  |  11548 views  |  5 anonymous figure in front of stock exchange

A computer registered to UK payments body Apacs was used to anonymously rubbish research by Cambridge University academics into vulnerabilities in the Chip and PIN system.

The research, Chip and PIN is broken, demonstrated a middleperson attack on EMV which lets criminals use stolen chip and PIN cards without knowing the PIN.

The paper was published the day after a nine-minute slot on prestige TV show Newsnight which detailed the loophole uncovered by researchers Saar Drimer, Ross Anderson, Mike Bond and Steven Murdoch.

The publication of the research - which had been circulating in the banking industry for about two months - on a Cambridge University technical blog prompted a long rant by an anonymous poster using the handle Scrutineer.

"The quality of this so called research leaves a lot to be desired," railed Scrutineer. "At a time when other academics are under pressure because of doubts over the validity of their research and findings on climate research it is very worrying that others seem hell bent on following the same path...For Cambridge post graduates with doctorates one would have expected more than a first year electronic engineering student could achieve. Can we please have some meaningful security research rather than this alarmist opinion speak."

The poster was outed by a simple whois IP address search, which pointed to an computer registered at Apacs (aka the UK Cards Association).

As Ross Anderson acidly commented: "Pity Apacs couldn't get it together to put up a spokesman for Newsnight."

A spokeswoman for UK Card Association told tech newswire The Register that the posts violated staff Internet-use guidelines.

"We have a very clear policy on staff posting comments to blogs/newsgroups and as such this has now become a disciplinary issue," she said.
KeywordsEFTPOS

Comments: (5)

A Finextra member
A Finextra member | 24 February, 2010, 16:18

What the &*@$ is a "middleperson attack"?

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Paul Penrose
Paul Penrose - Finextra - London | 24 February, 2010, 16:53

New jargon alert: It's the PC (as in politically correct) equivalent of a man-in-the-middle attack. Popular in academe.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Adam Nybäck
Adam Nybäck - Anyro - Stockholm | 24 February, 2010, 18:31

If this is something "a first year electronic engineering student could achieve", then it's even more likely that criminals have used this attack already.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Lachlan Gunn
Lachlan Gunn - BenAlpin Ltd - Perth | 24 February, 2010, 19:18

if the man (umm.. person!) was up for carrying a backpack with a card wired to it down his sleeve, or otherwise concealed on his person................a real gift for 'stop and search'

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Paul Rattray
Paul Rattray - Private - Edinburgh | 25 February, 2010, 08:45

If only there were more cyber criminals as inept as "Scrutineer" at hiding their tracks then we just email them asking that they hand themselves in at the nearest police station/ psychological evaluation unit.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Cambridge scientists blast 3-D Secure system

Cambridge scientists blast 3-D Secure system

27 January 2010  |  13582 views  |  0 comments
Researchers crack e-banking card readers

Researchers crack e-banking card readers

27 February 2009  |  15822 views  |  13 comments
PIN devices vulnerable to 'tapping' attacks, researchers warn

PIN devices vulnerable to 'tapping' attacks, researchers warn

27 February 2008  |  10956 views  |  0 comments
Researchers warn of Chip and PIN relay threat

Researchers warn of Chip and PIN relay threat

06 February 2007  |  18940 views  |  0 comments
Game over for Chip and PIN?

Game over for Chip and PIN?

05 January 2007  |  15805 views  |  0 comments

Related company news

 

Related blogs

Create a blog about this story (membership required)
Visit contisgroup.comFind out moreVisit VocaLink.com

Who is commenting?

A Finextra member Finextra Member Commented on: Payments regulator blo...
A Finextra member Finextra Member Commented on: Payments regulator blo...

Top topics

Most viewed Most shared
Guesswork alone can crack Visa card security - Newcastle UniversityGuesswork alone can crack Visa card securi...
7513 views 12 comments | 15 tweets | 27 linkedin
OCC to offer fintech firms bank charter statusOCC to offer fintech firms bank charter st...
7069 views comments | 25 tweets | 15 linkedin
China tops world fintech rankingsChina tops world fintech rankings
6870 views comments | 34 tweets | 30 linkedin
Fed Governor sounds warning on alternative credit scoring dataFed Governor sounds warning on alternative...
6261 views comments | 19 tweets | 20 linkedin
Big tech policy group calls on Trump to promote fintech innovationBig tech policy group calls on Trump to pr...
5738 views comments | 22 tweets | 11 linkedin

Featured job

Find your next job