The Colombian Prosecutor’s Office reported on Tuesday the arrest in Bogotá of the Romanian citizen Mihai Ionut Paunescu, an alleged computer hacker responsible for creating a harmful virus known as “Gozi”, Which would have affected more than one million users in Europe and the United States.
Through Gozi, Paunescu would have stolen information from more than a million users, including multinationals, banks, and state agencies such as the United States space agency, NASA.
Colombian authorities reported that Paunescu is required by a New York court to appear for various crimes, including criminal association to commit computer intrusion, to commit bank fraud and electronic fraud.
Paunescu is suspected of being part of “the network of cybercriminals” that Gozi designed, malicious software sent via email and that with its download, they managed to access privileged data such as bank passwords, identification documents, and intercepted and diverted transfers.
Mihai Ionut Paunescu: to the photo released by the Colombian authorities.
The United States Department of State, says the Colombian Prosecutor’s Office, reported that this Trojan-type computer virus infected private computers and those of large companies in other parts of the world, such as Germany, United Kingdom, Poland, France, Finland, Italy and Turkey.
A long list that thus increases the list of most wanted cybercriminals in the world.
A new form of theft through NFC
On the other hand, a combination of vulnerabilities in ATMs and in the NFC short-range communications protocol, used for functions such as contactless mobile payments, exposes these devices to be hacked just by bringing them a cell phone.
The vulnerability, which is present both in ATMs that support NFC and in mobile payment terminals or dataphones, was discovered by cybersecurity researcher Josep Rodríguez, from the firm IOActive, as reported by Wired.
Rodríguez developed an application for Android phones with which it is possible to replicate the communications that usually take place at ATMs and payment terminals by exploiting vulnerabilities present in the firmware of NFC systems.
Mobile devices, target of attackers. Photo: Shutterstock
Using this hacking technique, it is even possible for the cyber attacker to seize the user’s credit card details, invisibly change the amount of a transaction or even encrypt the devices through ransomware attacks.
Likewise, Rodríguez affirms that it has been possible to hack at least one brand of ATM manufacturers to withdraw cash through this technique. The rest of the brands affected are Tech, Ingenico, Verifone, Crane Payment Innovations, BBPOS and Nexgo.
The researcher has assured that he informed the manufacturers of the vulnerable devices between seven months and a year ago, but that many of the existing terminals are still exposed due to the shortage of security updates.
The problem in question, which Rodríguez has investigated for a year, is due to the fact that most terminals with NFC do not validate the size of the data that is sent from a card to the reader, known as a data unit. Application Protocol, or APDU.
Using the Android application, the developed technique sends a file one hundred times longer than the reader expects, which generates a buffer overload error.
In some cases, such as Ingenico, the manufacturers claim that this type of attack can only cause errors, but not execute code, and in this case the company has already solved the problem. security breach that or caused.
Verifone, for its part, claims that it patched these vulnerabilities in 2018, but the researcher claims to have found vague terminals in Spain that were recently still exposed.