Slashdot Mirror

← Back to Stories (view on slashdot.org)

Card-Sniffing Malware On Diebold ATMs

Posted by kdawson on from the atm-russia-you-do-the-math dept.

angry tapir writes "Diebold has released a security fix for its Opteva automated teller machines after cyber-criminals apparently broke into the systems at one or more businesses in Russia and installed malicious software. Diebold learned of the incident in January and sent out a global security update to its ATM customers using the Windows operating system. It is not releasing full details of what happened, including which businesses were affected, but said criminals had gained physical access to the machines to install their malicious program. Arrests have reportedly been made."

3 of 143 comments (clear)

  1. Maybe there could be gov. regulation of ATM design by Futurepower(R) · · Score: 5, Interesting

    There is a Diebold ATM machine in Brazil, São Paulo state, that regularly crashes. When it crashes, you can see that it is running Microsoft Windows 98.

    That amazes me. It seems that even someone with very little understanding would not use an OS that is known to have literally thousands of vulnerabilities.

  2. Re:Track record? by wiredlogic · · Score: 4, Interesting

    Many older ATMs used to run OS/2 and were rock solid dependable. It also helps that IBM was a key player in developing the crypto hardware in those machines and they had the expertise to ensure everything was locked down and tamperproof.

    What Diebold has now? I wouldn't be surprised if they were using VB and the Jet DB for critical functions.

    --
    I am becoming gerund, destroyer of verbs.
  3. Re:Track record? by Gollum · · Score: 4, Interesting

    I did some work for a local bank, and their ATM's were running Windows XP (not embedded), IIS (can't remember the version), and IE. This was to allow them to serve "rich content" (movies, images, animations, etc), without having to write it all themselves. The ATM just had IE talking to IIS, and displaying the results in "kiosk mode". The buttons on the sides of the screen were mapped to keys on the keyboard (I think), and that's how it ran.

    I specified a full set of ports that needed to be accessible to the ATM controllers, and that was all that was supposed to be accessible from the network.

    However, if you can get access to the back of the machine, it has a second monitor, keyboard and mouse, and you can access the OS, and do whatever you want to do. I *THINK* that the keyboard and mouse were locked away in the vault (or at least behind a door), but the hardware itself is pretty standard PC, so I don't imagine that it would be particularly difficult to add a USB keyboard or mouse and gain access when rebooting the device. Maybe even boot from a USB disk or similar.

    The reality is that if you have physical access to practically anything, it is game over.

    Personally, I would have been a lot happier to see a stripped down Linux kernel + minimal OS, BIOS passwords, bootloader passwords, etc than the entire Windows stack. Less to verify == more security.