Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
The Almighty Buck Businesses Security

South African Bank To Replace 12 Million Cards After Employees Stole Master Key (theverge.com) 36

Postbank, the banking division of South Africa's Post Office, has lost more than $3.2 million from fraudulent transactions and will now have to replace more than 12 million cards for its customers after employees printed and then stole its master key. ZDNet reports: The Sunday Times of South Africa, the local news outlet that broke the story, said the incident took place in December 2018 when someone printed the bank's master key on a piece of paper at its old data center in the city of Pretoria. The bank suspects that employees are behind the breach, the news publication said, citing an internal security audit they obtained from a source in the bank.

The master key is a 36-digit code (encryption key) that allows its holder to decrypt the bank's operations and even access and modify banking systems. It is also used to generate keys for customer cards. The internal report said that between March and December 2019, the rogue employees used the master key to access accounts and make more than 25,000 fraudulent transactions, stealing more than $3.2 million (56 million rand) from customer balances. Following the discovery of the breach, Postbank will now have to replace all customer cards that have been generated with the master key, an operation the bank suspects it would cost it more than one billion rands (~$58 million). This includes replacing normal payment cards, but also cards for receiving government social benefits. Sunday Times said that roughly eight to ten million of the cards are for receiving social grants, and these were where most of the fraudulent operations had taken place.

This discussion has been archived. No new comments can be posted.

South African Bank To Replace 12 Million Cards After Employees Stole Master Key

Comments Filter:
  • Shoulda used an HSM (Score:5, Informative)

    by netik ( 141046 ) on Monday June 15, 2020 @07:06PM (#60187564) Homepage

    This is exactly the sort of attack that Hardware Security Modules are designed to stop.

    You'd have to steal the box -and- have multiple users sign off on any cryptographic operations before they would be allowed to encrypt with this key. Additionally, you wouldn't be able to extract the Key at all.

    • Not entirely true.

      I know of someone that worked for the Queensland Dept Transport, with some user extension on the HSM. Just for fun he included the master key in some audit logs, and thus extracted them.

      Stupid knows no bounds.

    • by Anonymous Coward
      that is a complete myth, anyone with such poor security practises will fail just as badly even with HSM's. When people/banks invest in HSM's it usually is accompanied with good security practises and processes to ensure that the HSM isn't pointless. HSM's are great at protecting key management, but they are NOT a panacea for this.
    • this was probably the masterkey for one of the HSM's. a HSM is only as secure as the people that run it.
      • by netik ( 141046 )

        Unless it was really poorly configured (completely possible), you're not supposed to be able to extract "master" keys from an HSM.

        The article, sadly indicates: " It was compromised “after being stored in clear text on one laptop (at a minimum) and remains compromised to the present day,” the report said."

        The previous comment was right, stupid knows no bounds.

    • This story has some more information on what happened:

      https://securityboulevard.com/... [securityboulevard.com]

      The Sunday Times, which obtained a forensic report completed in July 2019, provided a detailed description of the events. It appears that the master key was exposed in July 2018 during a data center move. It was compromised “after being stored in clear text on one laptop (at a minimum) and remains compromised to the present day,” the report said.

      So it looks like they were using an HSM . . . but were in the process of migrating it . . . but trusted some folks who shouldn't have been trusted.

      Maybe some Slashdotter from South Africa can post a good "Van Der Merwe Joke" about this:

      "So Van Der Merwe copies the master key to his laptop, and . . . "

      By the way, if you want to try out an HSM but don't have the money to spend for one, take a look at OpenDNSSEC's Sof

  • by Pascoea ( 968200 ) on Monday June 15, 2020 @07:23PM (#60187618)

    This is the current second link in the article: https://www.theverge.com/2020/... [theverge.com]

    I'd say "A" for effort, but all I think this qualifies is a "Well, at least you tried" ribbon.

  • Oh fucking snap
  • by Aighearach ( 97333 ) on Monday June 15, 2020 @08:18PM (#60187770)

    I remember the time some South African bank exchange hired me off of an IRC channel to write a Perl script to bridge between two interchange systems that were merging.

    They didn't want or pay for any testing, just the script. They promised they'd test it by hand.

    The job was small, the pay was low, but they paid right away and I never heard back from them.

  • by fred911 ( 83970 ) on Monday June 15, 2020 @10:21PM (#60188056) Journal

    but what type of secure cryptography allows for a shared ''master key''? Isn't that what a properly designed ring of trust is designed to prevent?

    • by raymorris ( 2726007 ) on Monday June 15, 2020 @11:13PM (#60188168) Journal

      Put simply, there is no ring - the bank issues cards; the cards don't issue a bank.

      I guess you're thinking of the web of trust concept used in PGP. It's used in PGP to get around the fact that there is no issuer in PGP. You come up with a random number and decide the number identifies you. That would be like I you drew your own ID card on a piece of paper. Now when you present your homemade ID at the car rental place, how do they know it's you? What you do is have a bunch of people who know you sign the card. Then at the car rental place the person behind the counter looks over all the signatures until he finds someone he knows and trusts. Ah there ya go - the rental agent's brother signed your ID. He trusts his brother's signature, so he trusts your ID. That's the web of trust.

      Because we CAN have an issuing authority, what we actually do to rent a car is we have the DMV issue you an ID. The DMV is the trusted authority. No need to go around having people you know sign your ID in order for it to be trusted - it's trusted because people trust the DMV to check your identity.

      There's no need for a web of trust with a credit card. No need to go around having everyone you know sign your card, hoping to find people who arw known to shop owner and to you. The bank just signs the card. Merchants trust the bank.

    • but what type of secure cryptography allows for a shared ''master key''?

      None, not even the one in this article. I don't know why you read "shared master key" everywhere they wrote "master key", but that's your reading comprehension fail not their security fail.

      Their security failure was in allowing someone with access to the master key to walk out with it.

      Isn't that what a properly designed ring of trust is designed to prevent?

      You're confusing the different crypto schemes.

  • For a guy that doesn't know about bank infrastructure...
    Why is the key so small?
    What is that key used for?
    What does it have anything to do with CC? Why were the cards recalled? Why would the same key, used to sign CC also allow to "access accounts and make more than 25,000 fraudulent transactions"?
    This summary makes no sense at all.
    • The tiny size of the key is a very good question. Perhaps it's just very old?

      The master CA can generate certificates & sign private keys that will be trusted by the entire network, thereby rendering all encryption useless.

      CC stripes & chips are trusted because they're signed by the CA, however if the CA is compromised, anyone who has possession of it can sign their own cards. Cloning wouldn't be necessary, they could just generate any card number & trusted key pair they want.

      I'm not sure how the

      • The tiny size of the key is a very good question. Perhaps it's just very old?

        The master CA can generate certificates & sign private keys that will be trusted by the entire network, thereby rendering all encryption useless.

        This is a different key. The chips aren't signed by a CA, they have derived keys, all derived from a master (or set of masters) which allow the chip and the issuer of that chip to communicate securely. CAs don't come into it at all, CAs are generally used for the terminal, not the chip. The terminal will have a client certificate that allows the bank to communicate securely to their terminal. The chip's key allows the chip to communicate securely with the issuer (which may or may not be the same bank).

        I've never worked in a bank, so this conjecture is worth as much as you paid for it.

        I'm

    • by Eugene ( 6671 )

      That sounds like one of the master 3DES key for to generate Application Cryptogram on the chip cards has been leaked. Which is very unusal as those are highly guarded by HSM in place. And it's not the same RSA key to guard the certificates

      the master key is used to derive into sub level card keys to used on each chip card.

      The application cryptogram is generate on the chip card to uniquely identify the card and transaction context, and used by the EMV host to validate whether the card/transaction is geniune

      • If the key is 36 decimal digits, 10**36 which is about 2**120 or a 120-bit key. Odd that it would not be 128, unless by slim change the random value was small and leading zeroes truncated.
    • For a guy that doesn't know about bank infrastructure... Why is the key so small? What is that key used for?

      It's the master key that is used to generate symmetric keys for the chip on the card. It's big enough, as the card payload in a transaction is usually smaller than 36 bytes.

      What does it have anything to do with CC? Why were the cards recalled?

      With the master key you can effectively send cryptograms to a switch/bank that are encrypted using a derived key (derived from the master) and have the bank approve the transaction because the cryptogram was decrypted correctly with the correct master key (or a derivation thereof).

      Why would the same key, used to sign CC also allow to "access accounts and make more than 25,000 fraudulent transactions"?

      It's not the key on the card, it's a master key that is u

    • ZDNet (https://www.zdnet.com/article/south-african-bank-to-replace-12m-cards-after-employees-stole-master-key/) offers a pretty good explanation of the key's central role:

      "According to the report, it seems that corrupt employees have had access to the Host Master Key (HMK) or lower level keys," the security researcher behind Bank Security, a Twitter account dedicated to banking fraud, told ZDNet today in an interview. "The HMK is the key that protects all the keys, which, in a mainframe architecture, could access the ATM pins, home banking access codes, customer data, credit cards, etc.," the researcher told ZDNet.

      My guess is the key is either a 2-key or 3-key 3DES key, so the actual key size would be either 112-bit or 168-bit. The 36-digit form would be the human-readable encoded form used for transport (usually split across multiple parties). Taking into consideration known techniques for attacking 3DES, this gives a minimum of about 80-bits of

  • by kaur ( 1948056 ) on Tuesday June 16, 2020 @03:16AM (#60188486)

    The credit card key management crypto is
    a) hierarchical,
    b) using ancient standards (DES / 3DES) and symmetric keys for the magnetic stripe part,
    c) placing a lot of trust into people and procedures.

    Hardware Security Modules / HSM-s should help with the last part - the need to trust people. Their goal is to manage keys so that the operational staff can NOT break the trust and extract the keys. So the security officer can design the system, key holders can generate keys and initiate the operations, and then it should run without a chance of being compromised from the daily, less trusted staff.

    However, HSM setup is tricky and can be done in multiple ways, some less secure than the others.
    Also, if trusted key managers co-operate, they can break the security and extract the keys from HSM or its backup.
    This is probably what happened here.

  • Same problem as a monoculture. A single point of failure.

    Maybe this is a lesson, not to design your system in a centralized manner, even if that is hard or seems not applicable.

  • They deserve what they get

  • Jesus tap dancing Christ on roller skates!
  • by Kelerei ( 2619511 ) on Tuesday June 16, 2020 @03:43PM (#60190380)
    Can't call it a "master" key -- apparently that's racist now...

Beware of all enterprises that require new clothes, and not rather a new wearer of clothes. -- Henry David Thoreau

Working...