Bank Employee Plants Malware on ATMs
Wired's Threat Level has a piece on a Bank of America employee, Rodney Reed Caverly, who has been charged with installing malware on ATMs in North Carolina. Caverly, who worked on the bank's IT staff, allegedly withdrew cash untraceably from the ATMs over a period of 7 months last year. "The charges were filed the same day that credit card company Visa warned the banking industry that Eastern European ATM malware recently showed up in America for the first time. That code, initially spotted last year on some 20 ATMs in Russia and Ukraine, was designed primarily to capture PINs and bank card magstripe data, but also allowed thieves to instruct the machine to eject whatever cash was still in it... At least 16 versions of the East European malware have been found so far and were designed to attack ATMs made by Diebold and NCR, according to the April 1 Visa alert. There is no information tying the malware found in Russia with the malware allegedly used by Caverly."
This fellow will serve more time than any of the bank CEOs responsible for the huge mess in America's economy.
> Although I hear diebold does better with ATM's, I can't help but wonder how
> much effort they put into ATM security versus the voting machine fiasco.
Probably completely unrelated. They got into the voting machine business by purchasing a company that was showing a prototype and then rushing the prototype into production without bothering to develop an actual product. That says a lot (none of it good) about their top management, but nothing about the people in their ATM division.
They eventually dumped the voting machine business, and it is possible that they learned from the experience.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
When you don't change the default password, it doesn't matter if you're running XP, 95, OS/2 or SELinux.
When you can overlay a fake cardreader over the top of the device's real reader, it doesn't matter if you're running XP, 95, OS/2 or SELinux.
When the criminal behind it is also a device admin, it doesn't matter if you're running XP, 95, OS/2 or SELinux.
How safe do you feel knowing that?
Do you know what a corporation is? A corporation going bankrupt is not the same as a proprietorship going bankrupt; this is the whole reason that you start a corporation... to shield your salary/earnings in case the company goes under. The trade-off is that you essentially pay income tax twice (it is wayy more complicated though).