Extradited

One of the people accused of masterminding a 2008 hack of RBS WorldPay — leading to $9.5 million in fraudulent cash withdrawals — has been extradited to the United States.

Sergei Tsurikov, who was convicted of fraud in Estonia, was arraigned in Atlanta Friday on charges of wire fraud, computer fraud, aggravated identity theft and two conspiracy charges, Wired.com's "Threat Level" blog reported Monday.

Wired.com described the heist Tsurikov is allegedly involved in as "the holy grail of bank card hacking," since the perpetrators were able to crack the PIN codes on payroll debit cards.

Tsurikov is accused of doing reconnaissance on RBS WorldPay's computer network while others exploited its weaknesses to drain 2,000 ATMs with compromised payroll cards processed by RBS WorldPay.

Tsurikov and the others alleged fraudsters are accused of hacking the RBS WorldPay system to raise the balances and withdrawal limits on 44 cards cloned from compromised accounts. A team recruited to cash out the cards then made $9.5 million in withdrawals within 12 hours.

The alleged hackers are also accused of attempting to "erase their tracks" before disconnecting from the RBS WorldPay system.

RBS WorldPay, which discovered the incident in November 2008, is owned by Royal Bank of Scotland Group PLC. Last week, the banking company agreed to sell an 80.01% stake in the processor to the private-equity firms Advent International Corp. and Bain Capital LLC. The sale is expected to close this year.

Forced Security

Microsoft Corp. no longer provides security updates for its Windows XP Service Pack 2 operating system, but companies that have not updated to newer software can use a simple trick to get new security patches.

Recent security patches — which close security holes that let hackers infect computers and steal sensitive data such as banking details or credit card account numbers — can be applied to Windows 7 and Windows XP Service Pack 3 but are not being offered to users of SP2, Computerworld reported Tuesday.

However, recent security patches intended for SP3 systems can be applied to SP2 systems if one setting is changed in the machines' registry file, a researcher at the Helsinki-based antivirus vendor F-Secure has disclosed.

Sean Sullivan, a security adviser at F-Secure, said that changing a specific value in the computer's registry file from "200" to "300" would cause SP2 machines to identify themselves to Microsoft as SP3 machines and become eligible to receive the patch.

The smarter move is to upgrade to a newer version of Windows, Sullivan said, since tinkering with the registry file, which the operating system relies on to run properly, is dangerous.

Sullivan said the idea of editing the registry was not his own — it came from players of the computer game "Grand Theft Auto IV," which did not run properly on SP2 systems until players figured out how to trick the game into thinking it was on an SP3 system.

Security Watch is a weekly roundup of news and developments in data security and their impact on financial services companies.
Please e-mail us any comments, ideas, and suggestions about this column.