[ťƼ ¹] Ű(Skimming) ī塤¹ȣ, ȿⰣ, νĺȣ(PIN) ſ롤 ī ҹ ( Ű) ̿ 桤ϴ . ̽ǽ̰ Բ ǥ ˴.
 |
| dreamstime |
PCI ǥ ȸ , Ű Ը 20(2 3,320), ̱ ġ ATM(ڵݱ) 1 5(5,830 ) ս Ѵ.
Ư ATM 92% Űְ õ ATM/CD ȿ Ű å ʿϴ٩. ATM/CD ߽ Ű Ư¡ ڼ 캸, ȣ ̷ ȿ ˾ƺ.
Ű ŰӸ ̿ ī ǥ() ׳ƽ (Magnetic Strip) ϵ ī о ϰ, ̿ ī带 .
 |
| dreamstime |
ī ׳ƽ ISO/IEC 7813 ϰ ִµ, <1> 3 Ʈ еȴ٩.
׳ƽ Ͱ ǹǷ Ű̶ (Threat) Ȼ (Vulnerability)ϴ.
AVTR м п ׳ƽ ̶ ༺ ϸ Ű̶ ̷ (Risk) ȿ ҵȴ.
̰ ׳ƽ ༺ ATM/CD ISO/IEC7816 IC(Ʈ) ī带 ̿ ŷ ϴ. ̷ Ű ذ Ѵ.
Ű ش ϰ ִ. ܸ(POS) ȣȯ IC ī尡 ƴ IC/׳ƽ ī带 ϰ ֱ ̴. ׳ƽ Բ ī PIN Űֿ ̴.
ı Ǵ PIN ī忡 Ǵ ƴ, Ϲ Űӿ Բ ġǴ ʼ ī, Űе Ͽ Ż ȴ.
Ű Ư¡
ŰӴ ġ ġ ũ POS ܸ, ATM/CD еȴ. չٴں ܸ · ̵ Ͽ ҿ , ַ ȴ.
POS ܸ POS ο Ÿ Ǵ 輱 ŰӰ POS Ǵ ·, ī Բ ȴ. ATM/CD ŰӴ ī Ա Ǵ · ۵Ǵµ ī PIN Ż븦 ʼ ī Բ ġǴ Ϲ̴.
ATM/CD ϴ Ű ī ¿ ִ ϹǷ Ŀٶ ظ ־ ؾ Ѵ. ֱ ATM/CD ġǴ ŰӴ Ű ī ó (塤) <ǥ1> ִ.
Ű
ATM/CD Ű Ȯǰ ִ. ATM/CD Ű ݵ PIN ȹ ΰ ġ µ PIN ҹ <ǥ2> ִ.
ֱٿ ܼ ī PIN ϴ Ѿ ȸ ̿ α(Cash Trapping) ī ľƸű(Card Entrapment) ī带 Żϴ ߴ.
 |
| dreamstime |
α ATM/CD ԡݱ ϰ ۵ ν ʰ ̴.
̶ ڴ ATM/CD ŷ () ( ʴ) ״ ΰ ڸ ǰ, ֺ ٸ ִ .
α ٸ δ (Cash Claw Ǵ ATM Fork) ̿ Ͽ Żϱ Ѵ.
ī ľƸű ATM/CD ī Ա Կ Ͱ ī ð() ġ ī ī ȯ Ұϰ ATM/CD ַ ڰ ڸ ī带 Żϴ ̴. ̶ ī ʸӷ Ѻ鼭 ĺ (Shoulder Surfing Attack) PIN ȹϰ ȴ.
ATM/CD ŷ Ű
() ̿ Ű ܿ, ATM/CD ŷ (Ű) ϴ. ATM/CD Ǽڵ(ATM Infector) 2009 Ⱦü ƮƮ̺꿡 ߰ Ű(Skimmer, lsass.exe) Ǽڵ.
ش ڵ忡 ī ǵ Űе忡 ԷµǴ ϰ , ATM/CD ִ ã ִ٩. ֱٿ Ű Ʈ ߰ߵǾ Ǽڵ忡 ذ ȴ⁵.
2014 ī۽Ű ATM/CD (ͽ÷) ATM/CD ִ Ǽڵ(Tyupkin) ߰ߴµ, Űӿ ϰ Ŀ ATM/CD ü Űе ī ǵ⸦ ⺻ Űӷ ְ ATM/CD ִ ã ־⁶.
øؿ SMS ATM/CD Ǽڵ ÷佺(Ploutus) ߰ߴ⁷.
ATM/CD ŷ м , OS (XP ༺), ATM/CD ǥ Ʈ XFS ༺, ġ ִ.
ATM/CD Ű
Űֿ ȿ 籹 ATM/CD , Ⱦü ߽ پ ȡǰ ִ.
ATM/CD ܰ迡 Ű ִ پ ġ õǰ ִ. Ⱦü ߽ ̹ ߿ ġ ǰ ִ ǰ ִ.
ǥ ȭ ŷ ī Ա Ű ư (ĸ) Ű (ܼ 迭), ī Ա ο Ű (Magnetic Field) Ű RFȣ ġϴ ִ.
ŰӰ Ǿ 쿡 溸 Բ ī ǵ ŷ ߴ ó ϰ ִ⁸.
(Ư)δ ī ǵ (ѷ) Ű ǵ ⁹, ATM/CD Ϳ ǥ ڿ īǵ LED Ǵ ⁰, ݼ ⸦ ̿ Ű ڱ ִ. ٸ ش ȭ δ Ȯε ʾҴ.
ݱ 캻 Ű ȣ ̷ <ǥ3> ִ. 赵 DOA(Degree of Assurance : 赵) ȿ ϸ ȴ.
ATM/CD Ű ٸ Ű ξ ϰ ϹǷ ڵ ȣϴ ̾ ε ϰ ȭ ȴ.
, 籹 ATM/CD , Ⱦü ȿ ɰ ← Ѵ. IC ī ŷ ü ȯ ʿϴ.
[]
[1] ѱűȸ, <ſ> http://terms.tta.or.kr/dictionary/dictionaryView.do?word_seq=055905-1
[2] PCI Security Standards Council, Skimming: A Resource Guide from the PCI Security Standards Council, 2015.
[3] International Organization for Standardization, ISO/IEC 7813:2006, 2006.7.
[4] Trustwave, Automated Teller Machine (ATM) Malware Analysis Briefing, 2009.5.28.
[5] Kaspersky Lab, ATM infector, https://securelist.com/blog/research/74772/atm-infector/
[6] Kaspersky Lab, Kaspersky Lab, Ŀ ATM ս ִ ߰ߡ, http://news.kaspersky.co.kr/news2016/05n/160503_1.htm, 2016.5.3.
[7] Symantec, Texting ATMs for Cash Shows Cybercriminals Increasing Sophistication, http://www.symantec.com/connect/blogs/texting-atms-cash-shows-cybercriminals-increasing-sophistication, 2014.3.24.
[8] ATM (ƿ ȿ, LG CNS) ͺ ַ ڷ
[9] ƿȿ ֽȸ, ī帮 ī帮 , ȣ 1020100018004, ѹαƯû, 2010.2.26.
[10] ƿȿ ֽȸ, ڵȭ Ƽ Ű ý , ȣ 1020080033093, ѹαƯû, 2008.4.10.
[11] ȥ νŰ̻, ī , ȣ 1020127022381, ѹαƯû, 2012.8.27.
[ѱý۰ȸ]
ѱý۰ȸ ý۰ȸ(ISACA International) 49° 107° η 1986 12 9Ͽ ƴ. ̷âк ̴ܹ. IT о߿ ϴ IT CISA, CISM, CGEIT, CRISC, CSX ȸ ϰ ִ, 30 IT ȿ ȸ ν CISA, CISM, CGEIT, CRISC, CSX Ȯ븦 Դ. |
[ ¹ ѱý۰ȸ ̻(CISACSXCISSP)]
