Bank Employee Plants Malware on ATMs

Wired's Threat Level has a piece on a Bank of America employee, Rodney Reed Caverly, who has been charged with installing malware on ATMs in North Carolina. Caverly, who worked on the bank's IT staff, allegedly withdrew cash untraceably from the ATMs over a period of 7 months last year. "The charges were filed the same day that credit card company Visa warned the banking industry that Eastern European ATM malware recently showed up in America for the first time. That code, initially spotted last year on some 20 ATMs in Russia and Ukraine, was designed primarily to capture PINs and bank card magstripe data, but also allowed thieves to instruct the machine to eject whatever cash was still in it... At least 16 versions of the East European malware have been found so far and were designed to attack ATMs made by Diebold and NCR, according to the April 1 Visa alert. There is no information tying the malware found in Russia with the malware allegedly used by Caverly."

Untraceable and Diebold

[PmanAce]

Hmmm, where have I heard that before, the terms Diebold and untraceable in the same sentence...beats me!

UNfortunately

This fellow will serve more time than any of the bank CEOs responsible for the huge mess in America's economy.

Re:UNfortunately

[Yold]

Yes I see your point, but what he did was ILLEGAL. What bank CEOs did was idiotic and a byproduct of Greenspan's Randian/laissez faire outlook on "self-regulation". They weren't violating the law, this guy was. He was deliberately engaged in an act of theft, which doesn't compare to the cluster-fuck of idiocy that caused the last recession. Bank CEOs were reckless, the government was allowing it to happen, and a bunch of toxic assets were being rated as AAA bonds.

With that said, the real outrage is that some of the CEOs of failed banks made millions off there own failures. When you become CEO you should sign a contract saying "I will return 100% of my bonuses if my fuckups cause this company to fail".

Re:UNfortunately

You spelled "laissez faire" properly and then screwed up "there"? FAIL

Re:UNfortunately

[stephanruby]

Moral: Never allow the GOP to hold power in congress again. When they abuse parliamentary tactics, it costs us $700 billion off the top, and millions of jobs.

I don't see how you ended up with that moral. Shouldn't the excuse you used for Bill Clinton be equally applicable to the GOP in Congress? or even the few Democrats in Congress? After all, if a Democrat in Congress had seen the couple of lines added in there, wouldn't he have told the Democrat President? Or are you implying that the lines were inserted in the bill between the time it was voted in and the time it was driven to the White House (which is possible granted, but I don't think that's what you said)?

Disclaimer: I did vote for Bill Clinton. I just think that this attitude of "That my party can do no wrong, and if they did wrong, there must be a good reason for it." is precisely what's wrong with our current political system.

Re:Life Without Parole

Who did he kill? How many children did they find in his basement?

Re:Great

[John+Hasler]

> Although I hear diebold does better with ATM's, I can't help but wonder how
> much effort they put into ATM security versus the voting machine fiasco.

Probably completely unrelated. They got into the voting machine business by purchasing a company that was showing a prototype and then rushing the prototype into production without bothering to develop an actual product. That says a lot (none of it good) about their top management, but nothing about the people in their ATM division.

They eventually dumped the voting machine business, and it is possible that they learned from the experience.

Re:WinXP

[Volante3192]

When you don't change the default password, it doesn't matter if you're running XP, 95, OS/2 or SELinux.
When you can overlay a fake cardreader over the top of the device's real reader, it doesn't matter if you're running XP, 95, OS/2 or SELinux.
When the criminal behind it is also a device admin, it doesn't matter if you're running XP, 95, OS/2 or SELinux.

How safe do you feel knowing that?

Re:hmm...

[Dare+nMc]

Because stupidity and arrogance is traceable.
Somehow the money has to get from the hopper to the guys home, then from the guys home to buy stuff. My guess would be the guy was caught spending beyond his means, then they started following him to ATM's where he was then recorded withdrawing the money. Then when they go looking for what account he withdrew money from, and it couldn't be found. Then again he may have just bragged about it to his girlfriend, then when he dumped her...

Re:WinXP

[Grand+Facade]

"I can't say how I know, but trust me I know."

Now there is a security issue right there.......

Re:Agreed

[Yold]

Do you know what a corporation is? A corporation going bankrupt is not the same as a proprietorship going bankrupt; this is the whole reason that you start a corporation... to shield your salary/earnings in case the company goes under. The trade-off is that you essentially pay income tax twice (it is wayy more complicated though).

Re:So your idea is "screw blind people!"

[X0563511]

OK, that came out ruder than I wanted it to.

My point is that a blind person using an ATM is dangerous. Unless he has echolocation, he can't know that nobody is watching. Also, how can he tell that he's at a real ATM?

Re:WinXP

[Nikker]

One issue with touch screens is the ability for a would be attacker to merely clean the screen before you use it. Although recovering further data is not as simple (magstrip, chip, removable device) you are still filling in blank spaces for a would be attacker and that is not usually a good idea.

Another nail in the coffin

[geekoid]

for electronic cash transactions.

I expect to be back to only using cash in about 20 years.