Slashdot Mirror
First 'Jackpotting' Attacks Hit US ATMs (krebsonsecurity.com)
Brian Krebs, reporting for Krebs on Security: ATM "jackpotting" -- a sophisticated crime in which thieves install malicious software and/or hardware at ATMs that forces the machines to spit out huge volumes of cash on demand -- has long been a threat for banks in Europe and Asia, yet these attacks somehow have eluded U.S. ATM operators. But all that changed this week after the U.S. Secret Service quietly began warning financial institutions that jackpotting attacks have now been spotted targeting cash machines here in the United States.
To carry out a jackpotting attack, thieves first must gain physical access to the cash machine. From there they can use malware or specialized electronics -- often a combination of both -- to control the operations of the ATM. On Jan. 21, 2018, KrebsOnSecurity began hearing rumblings about jackpotting attacks, also known as "logical attacks," hitting U.S. ATM operators. I quickly reached out to ATM giant NCR Corp. to see if they'd heard anything. NCR said at the time it had received unconfirmed reports, but nothing solid yet.
To carry out a jackpotting attack, thieves first must gain physical access to the cash machine. From there they can use malware or specialized electronics -- often a combination of both -- to control the operations of the ATM. On Jan. 21, 2018, KrebsOnSecurity began hearing rumblings about jackpotting attacks, also known as "logical attacks," hitting U.S. ATM operators. I quickly reached out to ATM giant NCR Corp. to see if they'd heard anything. NCR said at the time it had received unconfirmed reports, but nothing solid yet.
slot machines make it hard to open with out setting off an alert so why do AMT have less of that stuff?
This is yet more proof that we need all software to be written in the Rust programming language. We need full stack Rust for high security situations like ATMs. Any firmware should be written in Rust. The OS should be written in Rust. The application software should be written in Rust. Rust is the only programming language around that has move semantics, guaranteed memory safety, threads without data races, and a minimal runtime. That's why we need to be using Rust for software where security matters, which really means that we should be using Rust for all software.
So, if I have physical access to the machine, I can install software that lets me loot the machine.
Or, if I have physical access to the machine, I can just take all the money out of the machine without bothering with the software install.
I'm failing to see this as a serious new threat to ATM's....
"I do not agree with what you say, but I will defend to the death your right to say it"
Linux users bashing Windows...
Wait. I thought it was Microsoft that bashed Windows with Ubuntu.