That means adding memory chips (like SD cards) and connectors

The hidden lab where bankcards are hacked

It couldn’t get any more steampunk if it tried: a wooden robot hisses like an airbrake as a blast of compressed air shoves its arm sideways, sending a credit card attached to it clattering through a card reader. The machine then hisses again and yanks the card back, ready for yet another swipe. This pneumatic push me pull you routine is comically hypnotic to watch and it continues until someone decides its task is complete.

This wheezing automaton is no museum exhibit, however. It has a key job in pre and post crime forensics at payment firm MasterCard’s digital security lab in the north of England. This is where MasterCard’s engineers try to work out how thieves will attack the vast array of digital payment systems we all use today whether they are old style magnetic stripe credit cards, contactless chip and PIN debit cards, smartphone based biometric systems like Apple Pay or even upcoming wearables that will use novel biometrics like your heartbeat pattern for payment authentication.

To do this, the Mastercard DigiSec Lab, as it is called, has an impressive arsenal of hi tech machinery including electron beams, lasers, x rays and ionising radiation to try and break the payment technology encryption, passwords and PINs we use and that moncler outlet store increasingly well resourced cybercriminals are desperate to break. They can also work out how and where criminals who try to game such systems will leave tell tale traces of their own DNA on ATMs, cards and hacked PIN entry machines.

moncler jackets outlet But it is results that count and if an improvised steampunk lash up can do the job as well as an expensive piece of kit, the lab’s chief researcher Simon Blythe appears to have relished the task of building it. “I got the wood from my local hardware store and the pneumatic actuator online,” he says, grinning. moncler jackets outlet

Watch the wooden moncler sale card tester in action (Credit: Paul Marks)

The wooden robot’s aim is to see if a suspect payment card had been tampered with by a hacker group. If fitted with a malicious RFID chip it could broadcast a radio signal containing account and PIN details to an attacker who has hidden a receiver antenna near, say, a shop’s point of sale terminal or an ATM. But it must be moncler sale outlet swiped many times to allow the team to tune into the signal so the robot automates that swiping.

moncler outlet online MasterCard wants to shed light on the constant arms race to both predict and prevent such crime moncler outlet online

moncler outlet store On top of this, the robot operates in an electromagnetic version of an anechoic chamber which, rather than eradicate sound, screens out all powerline, wi fi, cellphone and broadcast radio/TV signals, allowing the hacker’s feeble signal to be detected. And to prevent absorption of this weak signal by a regular robot’s metallic structure, it had to be made of wood with plastic and rubber pneumatics. moncler outlet store

moncler jacket sale So how do we know what is going on inside this secure lab? After decades of keeping the activities of its security lab secret, Mastercard has decided to bring it and its sister labs in New York and St Louis, Missouri cheap moncler sale out of the shadows. In an era when criminals are pillaging our payment and online data seemingly at will the 56 million payment card details taken in the Home Depot hack, for instance, or the Target attack, in which 40 million were plundered MasterCard wants to shed light on moncler outlet online the constant arms race to both predict and prevent such crime. moncler jacket sale

cheap moncler jackets sale “We’ve not spoken about this before but we have a huge investment in predicting attacks and protecting payment systems both digitally, in a cyber sense, and physically,” says Ajay Bhalla, MasterCard’s president of enterprise security solutions. cheap moncler jackets sale

cheap moncler View image of (Credit: Mastercard) cheap moncler

moncler factory outlet The first surprise on arrival at the facility is its startling anonymity. On a small industrial lot squeezed between a sprawling country park and a working dairy farm languid cows chomping grass can be seen from the lab’s front door it does not exactly shout about its existence. “Locals know it’s there but they don’t know what it does. Basically, the less eyeballs the less interference,” says a MasterCard spokesman. moncler factory outlet

moncler sale outlet That matters because mass e fraud and hacktivist denial of service attacks on banks means payment resilience has become a matter of national security and the MasterCard labs have their share of visitors from the intelligence sector as well as law enforcement, says Bhalla. “In a bank hack, the intelligence agencies like the Secret Service in the US cover multiple jurisdictions and get an overall view. But most of our lab effort is focused on ensuring it does not happen.” moncler sale outlet

The lab’s work starts with the oldest payment tech: the magnetic stripe credit card. While this is being slowly phased out in major markets like the US in favour of Europay, MasterCard and Visa (EMV) otherwise known as chip and PIN technology there are plenty of card issuing banks still using the old strip technology elsewhere in the world.

moncler outlet jackets Up until now, we have not seen a cloned chip card Alan Mushing moncler outlet jackets

cheap moncler coats To highlight its vulnerability, lab chief Alan Mushing sprays a sample magnetic stripe with a fluid suspension of iron filings instantly showing up the patterns of zeroes and ones on the card as a series of light buy moncler jackets and dark bands. “You can work out the account number, the expiry date and other key data. The issuers are all surprised to see how vulnerable it is,” he says. cheap moncler coats

moncler outlet Researchers from MasterCard’s laboratory explain their hacking work in this video produced by the company (Credit: MasterCard) moncler outlet

This is speeding the move to chip and PIN so the lab is trying to predict the technologies cybergangs will use to break that as well. The chip in an EMV card is a complex beast containing 250,000 logic gates arrangements of transistors that execute the series of instructions in a computer program on a three millimetre square slice of silicon. It contains programmable memory for storing data like PINs and cryptographic keys, rewritable memory (RAM), read only memory (ROM) and a microprocessor. What is critical is that it is as hard as possible to copy through reverse engineering. “It mustn’t be easily cheap moncler cloned or counterfeited,” says Mushing.

cheap moncler outlet Criminals tend to work on an entrepreneurial scale where they look for weak spots cheap moncler outlet

By watching how electrical charge which shows up under an electron microscope as bright flashes play out across the connections on top of the EMV chip, it’s possible to work out the sequence of 0s and 1s being generated. That could help hackers reverse engineer the chip or work out how to extract the cryptographic keys. Or both. So the trick moncler outlet is to learn how an EMV chip’s connecting tracks can be buried or rerouted, or logic gate positions shuffled, to head off such attacks. “So far it is working. Up until now, we have not seen a cloned chip card,” says Mushing.

No one at the lab looks terribly convinced it won’t ever happen, however: attack attempts are constant indeed, two engineers leave cheap moncler jackets our visit briefly to discuss a just breaking attack and the impression is that it’s only a matter of time. “Criminals tend to work on an entrepreneurial scale where they look for weak spots and ways to get in. They monlcer down jackets are not nine to five workers,” says Paul Trueman, senior vice president of enterprise security solutions at MasterCard. One of those ways is power analysis: monitor how the power use of a chip changes during a cryptographic operation and you might get clues to the encryption tricks in the chip. That yet another thing to defend against.

Another criminal way in is to attack the PIN entry devices (PEDs) used at points of sale the devices the teller hands us to put our cards into. That means adding memory chips (like SD cards) and connectors inside the device that an attacker can access at some point to, for instance, download a few days worth of card numbers and associated PINs. That is where the lab’s X ray machines, much like those at airports, come in. By looking right through a device, the lab’s engineers can look for tiny changes that suggest circuitry that has been added by attackers. It can sometimes be as little as a stray wire leading to an illicit USB connector. The trick, says Mushing, is to keep perfecting the tamper resistance functions in the PED, ensuring anyone trying to add something untoward wipes the device’s cryptographic software and renders its unusable.

The lab team demonstrates the wood glue option and gets into an iPhone6 via its Touch ID scanner in seconds

cheap moncler jackets To see how transistors are connected in suspect chips the lab uses red and infrared laser scanning microscopes and because chip geometries are ever shrinking electron microscopes, too. This is becoming Moncler Outlet more important because the criminals are getting much smarter, moncler mens jackets says Mushing. They are distributing the task of reverse engineering across crime teams cooperating on the internet a crime cloud, of sorts. cheap moncler jackets

moncler outlet uk Should a hacked contactless chip make it into service the kind the steampunk robot is trying to detect the lab has also been trying to predict the kind of receivers hackers might place unobtrusively nearby to steal data. One, suitably dubbed the ‘bintenna’ by Blythe, is a wastepaper basket with a receiver coil wound around a hidden core. You pay for your goods or use an ATM but while you are stood still and at close range a gamed RFID chip (which may even be in the ATM) chirps your details and PIN to a receiver like the bintenna. The DigiSec team seem to get quite a kick out of second guessing such bizarre crime mechanisms. moncler outlet uk

moncler outlet sale The future, however, looks like being based on wireless payment via smartphones. So how can phone biometric readers be protected from fraudulent fingerprint imprints the kind that hackers make from wax or soft set wood glue? The lab team demonstrates the wood glue option and gets into an iPhone6 via its Touch ID scanner in moncler outlet sale seconds. So MasterCard is trialling two ways to tackle this. With the Royal Bank of Canada it is working on consumer tests with heartbeat monitors on a bracelet, which could operate alone or be used to authenticate alongside the fingerprint to double check ID. “And in Europe we are testing facial recognition from a phone’s camera alongside fingerprints,” says Trueman. moncler outlet sale

View image of (Credit: Mastercard)

“A fingerprint is OK for opening your phone but for making sure it is safe when paying something like 1,000 euros from a bank account is different. So we are doing a massive amount of work on identifying cheap moncler outlet you.”.