Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Tesco Bank admits security breach to an estimated £2.5 million stolen

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

November 30, 2016

A former technician at Tesco Bank says the recent high-profile security breach may be down to security shortcomings at the bank's parent supermarket, although we are still waiting for more details to come soon.

Three weeks ago, Tesco Bank admitted that an estimated £2.5 million had been stolen from about nine thousand bank customer accounts in the largest cyber-heist of its kind to affect a British bank.

The National Crime Agency (NCA), with technical support from the newly established U.K. National Cyber Security Centre (NCSC), is leading a full-fledged criminal investigation into the security breach.

NCSC issued an official statement saying it was unaware of any security threat to the wider U.K. banking sector, however. More details are to be made public soon.

Tesco Bank's overall security procedures were deemed 'solid' but the bank was exposed because of Tesco's "not-very-secure-at-all systems", a serious weakness that hackers might well have exploited on their own, our informed source (who requested anonymity) speculates.

Tesco Bank had one security breach when they first opened Current Accounts. Someone in the card printers got a list of card numbers and sold them to hackers. It was caught in time, and the cards were then destroyed.

It is hoped that the overall security at the printers has been improved since, but we could consider that to be a continuing possible vulnerability.

But the bank's major security vulnerability is its ownership by Tesco, and the links between its secure systems and Tesco's not-very-secure-at-all systems. There was no evidence of patching and monitoring occurring in Tesco systems that we linked to at all.

We strongly suspect that the 'Clubcard System' has been breached and a list of the bank's account numbers were farmed out from there. We also suspect that nothing will be done to trace that possible route.

Tesco Bank has no influence over Tesco (the store) at all, due to its relative scale, and the apparent bad relations between the chief executives.

In a follow-up email, the former Tesco Bank worker, who worked in IT for the bank and at one time on its anti-fraud system, offered more details on security failings at the parent retailer.

He worked on a Tesco Bank project that had to verify certain customer information on Tesco systems. The said systems would fall over on a regular basis, and we would have to tell Tesco it was down since they wouldn't monitor it.

It later became clear that it was an app server running on a very outdated piece of middleware, completely unpatched. This was standard procedure for Tesco systems. The only exception was the credit card payment system, which was secure because it was regulated.

Separately, I was aware of an effort to tie some systems more closely to Clubcard. However, it had to be abandoned once the system architects discovered how insecure Clubcard itself was.

Various theories about what might have caused the security breach at Tesco Bank have already been suggested. Security watchers have variously blamed credential stuffing, an inside job, and exploitation of a 3rd-party supplier retail partner for the security breach.

About 136,000 customers hold current accounts with Tesco Bank. Holders of other accounts were not affected by the security breach.

Security intelligence firm Digital Shadows recently applied various techniques for the Analysis of Competing Hypothesis (ACH) to assess the likelihood of the various competing explanations on offer.

It concluded that either payment system compromise or the cash-out of cloned cards were the two theories that best matched the available facts. Cash-out of cloned cards would likely have been simpler to execute than payment system compromise, according to Digital Shadows, prompting the firm to lean towards this theory while not ruling out other possibilities.

We ran some insights from the former Tesco Bank technician past Digital Shadows. In response, Digital Shadows said that it had seen nothing so far which would suggest security problems at the Tesco supermarket was behind the security breach before conceding that it was still investigating the incident.

Ken Munro, a director at security consultancy Pen Test Partners, described the former Tesco staffer's theory as all too plausible, based on his several years of experience in the IT industry rather than any direct knowledge of the supermarket's systems.

"Many times (more often than not), it's the incidental systems that can cause many security issues of one type or another," Munro asserted. "Someone builds a secure app, but then has to hook it up to an existing access/authorisation system, or something similar. I remember a pen test a few years back of a network that was pretty much bulletproof: up to date, pretty well configured, reasonable passwords etc."

"Then we found an aging FAX server that was on the same domain. It didn't take long to compromise that unsecure FAX server and from there the domain controller. All the good work was undone by some failed oversight of one single element. And that's usually what happens in 90 percent of similar incidents," he asserted.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer