An example of obscurantism in this country in terms of computer security leads us to a story, little known, that I explained recently in the book "The Fifth Element" about the hacker attack on VISA in Spain that could expel us from the plastic money system.
In the United States, computer attacks on listed companies have, by legal obligation, to be communicated to users. There is a certain obligation of transparency. Explanations must be given, and customers should know that their accounts have been compromised, Passwords, credit cards, etc.
However, in Europe, to this day, there is no such legal obligation – although it seems that the European Commission will soon demand it. That is one of the reasons why it seems that nothing happens here.; maybe that's why we live in a kind of Yupi world where these things seem more like science fiction movies.. Especially, our banks seem to be invulnerable, whereas, from across the Atlantic, we get frequent news of incursions, Theft, Scams, etc.
Although in Europe these attacks are usually hidden, and today they hide mainly so as not to put reputation at risk and to prevent the flight of customers, that doesn't mean they don't happen and, above all, that have no consequences.
We all have a VISA or Mastercard in our pocket. What the ordinary citizen does not know is that the change that took place a few years ago, fast and running, of the "plastic" that he carries in his wallet for another was due to a severe computer attack that the networks of our country received, So what, Of course, did not transcend.
A European directive forced this change before the end of 2011. Cards with built-in chip were much more secure. In fact, fraud with the above, magnetic stripe, began to be everyday. To duplicate them, a reader that read and cloned the magnetic stripe and a camera placed in an ATM was enough., For example, that will record the user's pin. But, despite the European directive, the different operators did not agree on the standard to be used. And so the months passed.
Then the unexpected happened. He started a series of strange very sophisticated computer attacks, since they acted on a norm that until now was believed to be safe, Standard X.25. These attacks were not the stuff of four or five kids trying things out., so the state security forces and bodies were immediately alerted. This was a vitally important economic issue.. Hundreds of thousands of credit cards were being compromised that were being inexplicably and very sophisticatedly stolen.. And no one knew how or where.
On its own, the police had no capacity to stop these attacks or to identify how they were occurring., so it applied for help from specialised companies. One of them was the one who discovered what until then was not explainable.. That the attacks occurred under the aforementioned standard X.25.
This fact, and the hundreds of thousands, maybe millions, of credit cards committed in Spain accelerated what to date was taken in stride. Quite possibly, your card and mine were also among them. Not to create social alarm, that was carried with great discretion, and to date it had never transcended.
The immediate consequence was the urgent change of the "plastic" that all Spaniards carried in their pockets for a safer one., with chip. As always late but fast and running. Safer until when? Well, hopefully it will last a few years, but what is impregnable today will cease to be so little by little, as technology advances, and it will have to be changed again.
The question may be who carried out these attacks and managed to steal a very relevant amount of credit cards from Spaniards?? The obvious answer is to think of mafias, common crime, etc. However, years later, two people who had worked on this operation met casually.
One of them was one of the policemen who had worked on the detection of the information leak.. The other was one of the security firm's employees who had detected the X.25 attack., until that moment impregnable. By matching, they remembered the subject and wanted to have a coffee apart from the group they were with. Over time, both had a rare trace of all that and wanted to share it: "I've thought a lot... And the more I think about it., no matter how much time passes, less fits me... Did they use us?», said one of them.
And it is that the culprits were never discovered. That suspicion that both the police and the computer scientist had unknowingly shared over time was formulated in a question.: Couldn't such a complex and sophisticated attack be destined to "scare" to provoke the switch to the new chip system as soon as possible?? The situation was stagnant, since the different operators did not agree on the system to be used, a lot of money was at stake with the change of all "plastics". When a crime is committed, a basic police rule is to always think of the beneficiary of everything as a suspect. In this case, several companies benefited from contracts of millions of euros. The police and the hacker will not ensure that these companies were involved, but, without any doubt, in that café both acknowledged thinking the same thing. His feeling was clear.
That didn't add up.. They had been used!!
Fountain: Merca2