Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cybercriminals Refine ATM Data-Sniffing Software

Posted by CmdrTaco on from the win-atm-lose dept.

BobB-nw writes "Cybercriminals are improving a malicious software program that can be installed on ATMs running Microsoft's Windows XP operating system that records sensitive card details, according to security vendor Trustwave. The malware has been found so far on ATMs in Eastern European countries, according to a Trustwave report. The malware records the magnetic stripe information on the back of a card as well as the PIN, which would potentially allow criminals to clone the card in order to withdraw cash. The collected card data, which is encrypted using the DES algorithm, can be printed out by the ATM's receipt printer, Trustwave wrote."

4 of 257 comments (clear)

  1. Re:ATM != desktop computer by NES+HQ · · Score: 5, Insightful
    Why shouldn't an ATM run Windows? Cue the standard Windows-bashing, but a decently hardened copied of XP is more than sufficient for the minimal work that an ATM has to do.

    Also, anyone with any network design sense would vlan & firewall the ATMs off of the rest of the network.

    Yes, it's Windows. But without crazy Aunt Judy trying to install her cat screensavers Windows should be fine for the task.

  2. Re:ATM != desktop computer by 99BottlesOfBeerInMyF · · Score: 5, Insightful

    Ultimately it comes down to "why not?"

    It costs a licensing fee. It has more security liability than pretty much any other choice.

    The cost of a Windows XP licence is trivial compared with that of the hardware and custom software development.

    Linux costs nothing to license. BSD costs nothing to license. Windows costs something. That's an added, unneeded cost.

    Might as well go for one that has lots of development tools for which the software can be run on a normal desktop computer.

    Because there aren't lots of dev tools for Linux that run on a normal desktop computer?

    . It's easier to develop for windows that to develop for a custom devkit.

    How is it easier to develop an ATM on Windows than on Linux? They both have tons of tools and myriad experienced developers and companies. Linux is probably better optimized for appliance uses and has a larger share of the appliance market than Windows, making it easier to find companies to work on it.

    In short, I don't buy your arguments at all. Using Windows on an ATM is a sign someone in management somewhere is an incompetent buffoon.

  3. Re:The top 10 ways computer security list by Canazza · · Score: 5, Insightful

    Using Windows on the Internet is like having a unprotected sex with a member of the opposite sex you met in a club. Looks good enough for you, does what you need it to, but the risk of infection is high.
    Using Linux on the internet is like having unprotected sex with a cow. It's harder to catch a compatible infection, but it's ugly and unlikely to play any of the games you'd like it to.

    --
    It pays to be obvious, especially if you have a reputation for being subtle.
  4. Re:Free gas courtesy of Mircosoft! by Anonymous Coward · · Score: 5, Insightful

    The gas wasn't free, you stole it.