۱۳۹۱ اردیبهشت ۶, چهارشنبه

I am not hacker

First of all I must to say that this action is not Hack and is not Publishing secure account information of bank cards. Card number (PAN) printed on card surface plus hided 4 digits PIN1 inside of a 14 digits random number published here .It can not to have any danger for accounts. Just card holders are able to recognize their card number and PIN. So my weblog is just to warn card holders. I am warning them that their accounts are in danger.  Card numbers must be used with expiration date and CVV2 plus PIN2 for cardless transactions in our country. And physical card have track 2 information that is not in my weblog.

I was Software Manager at E. company. E. was PSP (Payment Service Provider ) of more than 8 different banks. Not only we had not HSM device. But also Switch Development Company did not exclude PIN information from log files. Card holders secure information were accessible to many peoples for more than 3 years.  Our security problem had great danger to card holder accounts. I tried to solve problem by forcing our managers to buy HSM device and to force second company for excluding PIN data. When I noticed they did not want to solve problem. I left the E. I sent 1000 card information to different bank CEOs anonymously. And warned them there is a great security problem in our banking system. I did not receive a reasonable response. They reported me to police too. Then I went to IT deputy of R. Bank and explained all problems. IT manager and his deputy were venal. Finally I left the country and begun to warn card holders by my weblog. This story happened in about one year.

I was a manger that decided to solve one great problem in our banking system. This is not Hack. I did not break any law. Any card holder have right to know what kind of danger is threating him. This is a philanthropy action.

I need to International helps from Human Right Defender’s organizations. Our government wants to catch me.

From your point of view what is the name of my action!?

(HSM “Hardware Security Module” is for managing keys and encrypting and decrypting of PIN)

۱ نظر:

Homa گفت...

Dear Mr Zarefarid, Hi

Thanks for your great action to announce people the danger of services they are using in Iran.
I'm a software developer and know that the issue of having secure systems are very important, The only thing I think is noticeable, Is the fact that you need to introduce yourself and your reason for revealing this information to people whom are not familiar with this matters. Certainly Iranian managers and media owners will try to introduce you as a hacker, so that they may justify themselves in a better way.

Thanks for your braveness.