Slashdot Mirror

← Back to Stories (view on slashdot.org)

Diebold ATMs hit by Nachi Worm

Posted by CmdrTaco on from the that-makes-me-feel-safe dept.

red floyd writes "The Register is reporting confirmation that Diebold ATMs were hit by the Nachi worm back in August. Apparently some Diebold ATMs run XP Embedded, and got hit with a variant of the RPC DCOM worm. Seems that they hadn't yet applied the available patch."

6 of 414 comments (clear)

  1. Diebold ATM (in)Security by Anonymous Coward · · Score: 5, Informative

    My company provides vulnerability assessment and penetration testing services to financial services clients and we crack these things all the time.

    The old ones run OS/2 v3.0 and a vulnerable version of sendmail, the slightly newer ones run Windows NT 4.0, with almost no patches installed and a default username and password.

    Once you gain access, it is possible to directly control the hardware using the utilities already on the system, including dumping the cash drawer :) The latest ones run either Windows 2000 or Windows XP, and have almost the same software as the Windows NT systems, just with more vulnerabilities.

    At this point Diebold has not patched ANY of the RPC vulnerabilities, let alone the Messenger or Workstation bugs. Each of these ATM's is connected to an ethernet segment somewhere waiting for someone to rob it.

    During the Blaster peak, a friend of mine was talking about the XP ATM's in London constantly rebooting... They put these cmd-shell-waiting-to-happen boxes directly on the Internet. Thank god for companies like Diebold and Microsoft, their problems created a market and a community that is still picking up steam.

  2. What impact to ATMs, other than going offline? by Slider451 · · Score: 5, Informative

    There's no personal data stored in an ATM. It's just a dumb terminal.

    And Nachi basically makes the machine unusable.

    Without specific code that target's ATMs, this is merely a generic nuisance that happened to hit what some consider a sensitive device.

    Scary when you think what could happen, and frustrating when you think of the loss of trust in the security admins. But let's keep this in perspective. Nothing serious happened and it's a big step to get to where something serious will happen.

    Hopefully those responsible have been sacked, and the new security llamas won't make the same mistakes.

    --
    Nostalgia isn't what it used to be.
  3. Re:RPC vulnerability by kobaz · · Score: 5, Informative

    I am no windows expert here. But I tried disabeling as many services as possible for a win2k server i built for someone. When I disabled RPC and rebooted, the machine no longer functioned. Apartently RPC is a critical service that needs to be running in order for windows to function properly.

    I had to boot up in safe mode and do some registry hacking to get RPC back up and running, because everything from windows explorer to control panel, to msie would fail to load. After managed to turn RPC back on, the machine worked "perfectly". As perfect as a windows machine can operate, hah.

    --

    The goal of computer science is to build something that will last at least until we've finished building it.
  4. Re:False sense of security still in effect by jrumney · · Score: 4, Informative
    So why does anyone need anything like a striped down consumer OS, no matter if it is Windows Embedded or some embedded Linux for that?

    Because it is a lot easier to develop the software if it can be debugged on the developer's PC. Most embedded OS's have been based on POSIX or stripped down Win32 APIs for years now (QNX and Paradigm being two examples I've personally used over 5 years ago).

  5. Re:False sense of security still in effect by alfredw · · Score: 4, Informative

    A number of ATMs also run a stripped-down version of OS/2. Thank god. Unfortunately, Microsoft is pushing vendors to move to Windows as IBM is soon to discontinue OS/2 support.

    --
    In Soviet Russia, sig types you!
  6. IBM warned 'em by Cybrex · · Score: 5, Informative

    The timing on this is perfect, as I just read an article yesterday (in InfoWeek, I believe) about the effect of IBM's plan to discontinue OS/2 support on ATM manufacturers. The article was a couple of months old, but focused on them suggesting that financial institutions migrate their ATMs to Linux instead of Windows. It seems that the big ATM manufacturers (including Diebold, which featured heavily in the article) are leaning heavily toward Windows despite IBM's recommendation that they go with Linux. Their attitude is that they're running Windows on the back end, so they want it in the ATMs as well.

    Well, now they're getting what they wanted, and I doubt that they'll learn from this. Large banks seem to have a monolithic mindset that's averse to anything new. They're also decidedly pro-Microsoft.

    IBM offers some very effective solutions for integrating Linux-based ATMs with both UNIX and Windows-based back end systems. That companies like Diebold insist on going with insecure, unstable (I've seen an ATM stuck with a BSOD!) software for such sensitive systems is asinine.

    -Cybrex

    --
    Boundless Expansion, Self-Transformation, Dynamic Optimism, Intelligent Technology, Spontaneous Order- BEST DO IT SO!