I-Team: 'Ethical hacking lab'

Jason Knowles Image
Wednesday, September 3, 2014
Chicago's 'ethical hackers' look for vulnerabilities
At Trustwave's Ethical Hacking Lab, Chicago-based experts are working to enhance security.

CHICAGO (WLS) -- Banks, stores and online accounts are more vulnerable than ever to data breaches. At Trustwave's Ethical Hacking Lab, Chicago-based experts are working to enhance security.

Some data beaches are software attacks, like the cyber criminals obtaining information in Russia. Others compromise the hardware.

"A hacker could also install some sort of hardware that would gather those credit cards as they swipe," Matthew Jakubowski said.

Jakubowski works for Trustwave. Businesses hire his company to enhance security. They look at keypads, credit card machines and ATMs.

"We like to do a deep level scan where we take a look at the hardware and look at it inside out to try to find these flaws," Jakubowski said.

The findings are eye-opening: Bluetooth tools inside credit card machines and a skimmer in a gas pump payment system.

"Install this inside - return after a few days- take it out, load it up to a computer," Jakubowski said.

Technology like this could hold about 10,000 credit card numbers. Skimmers can also be hidden in ATMs.

"So we are trying to discover any kind of flaws we can find on the network level and software level with ATMs. We have been able to get into the operating system on this one and gain remote access on it," he said.

His team was also able to open one ATM.

"So this gives us actual access to the ATMwith a key we purchased at an online auction site," Jakubowski said. The cost for the key? "Ten dollars or so."

The ultimate goal is to tell stores and manufacturers how to beef up security. For example, how to stop a hacker who has swapped out computer key pads.

"Instead of the POS system just accepting the new key pad, it will actually alert the store that hey something has happened here the serial numbers are different," Jakubowski said.

Consumers should also take precautions with their numbers:

Be cautious if a clerk asks you to type in card numbers; it's an easy way for data to be stored.

Ask to peak underneath the credit card machine.

"Make sure the sticker is over that. It isn't going to guarantee that it's not been compromised but if there is a hole like that there, I wouldn't swipe my card," Jakubowski said.

Consumers should also make sure to check online accounts at least every other day for suspicious activity.

Some experts are even now suggesting consumers stick to credit cards and cash. Even though most debit cards are protected, the reversal process may take time.

Those Trustwave representatives tell the I-Team findings with authorities.