The South African Postbank (post office in South Africa) has lost more than $ 3,200,000 due to an insider attack. Now the financial institution will be forced to replace more than 12 million cards, as its employees stole and printed a master key in one of the data centers, and then used it to steal money.
The master key is a 36-digit code (encryption key). It allows you to decrypt banking operations, as well as gain access and make changes to banking systems. In addition, it is the master key that is used to generate keys for customer cards.
According to the publication Sunday Times of South Africa, the incident occurred in December 2018. It was then that an unknown person printed a master key on an ordinary sheet of paper in an old data center located in the city of Pretoria. Referring to the results of the internal security audit, the publication notes that Postbank representatives believe that their own employees are behind the incident.
Thus, an internal report states that between March and December 2019, offending employees used a master key to access customer accounts and, in total, completed more than 25,000 fraudulent transactions, thus stealing more than $ 3.2 million ( 56 million rand).
Now, after a hack is detected, Postbank will be forced to reissue all customer cards ever generated using the same master key. The bank believes that this will cost more than one billion rand (approximately $ 58 million). You will have to replace both ordinary payment cards and social cards to receive state social benefits. Journalists write that about 8-9 million cards are designed to receive social benefits, and it was with them that most of the fraudulent operations were associated.
Edition Zdnet asked a security specialist who maintains a Twitter account Bank securitydedicated to banking security, comment on this case. He explained that the Host Master Key (HMK) is a key that protects all other keys that in the mainframe architecture can be used to access PIN codes for ATMs, access codes for banking, customer data, credit cards, and so on.
The expert also explains that the incident at Postbank is in many ways unique, since the master keys of any bank are one of the most protected secrets. Such data is extremely rarely at risk, not to mention theft.
“As a rule, in accordance with modern practices, the HMK key is located on dedicated servers (with a dedicated OS) and it is reliably protected from physical access: simultaneous access using several electronic cards is required, moreover, we are talking about a separate data center. Moreover, usually one person simply does not have access to the full key, since it is divided between reliable managers or management representatives, and it is possible to fully collect the key only if they are all corrupt.
Usually both people and the key change periodically. It is in order to avoid such attacks and problems, which we observe in the case of PostBank. As far as I know, the management of such keys is left to the discretion of the banks themselves, and the internal processes governing the frequency of changes and other aspects of security are determined by the banks themselves, and not by any specific rules. ”