ATMs At Risk
Targeted attack on ATMs raises the bar -- as well as concerns -- about security of cash machines
Mar 18, 2009 | 04:06 PM
By Kelly Jackson Higgins
Cracking automatic teller machines isn't new: ATMs have been rigged with sniffers, spoofed with cloned cards created from successful phishing attacks, and even physically blasted open by explosives. But a new, sophisticated attack that inserted information-stealing malware on ATM machines has raised the bar on just what determined criminals can and will do to steal banking information and money.
The latest ATM hack came to light yesterday after Sophos revealed its discovery of a Trojan that had been specially crafted to steal information from users of Diebold ATM machines. Diebold in January had issued a security update for its Windows-based Opteva ATMs, some of which it said had been physically broken into and infiltrated with the Trojan software in Russia.
"We immediately notified our customers globally of the malware risk and sent a precautionary software update," a Diebold spokesperson says. "We were made aware of the isolated incident in Russia in the January time frame. The criminal gained physical access to the ATMs at site locations, and the malware was installed by someone with high-tech knowledge and expertise. "
The attackers were well-versed in the software internals of the ATM machines. "It's fascinating that the hackers went to this extent...they [knew] the API calls and understood how the cash machine works," says Graham Cluley, senior technology consultant at Sophos. "We haven't seen that before.
(More...)
Targeted attack on ATMs raises the bar -- as well as concerns -- about security of cash machines
Mar 18, 2009 | 04:06 PM
By Kelly Jackson Higgins
Cracking automatic teller machines isn't new: ATMs have been rigged with sniffers, spoofed with cloned cards created from successful phishing attacks, and even physically blasted open by explosives. But a new, sophisticated attack that inserted information-stealing malware on ATM machines has raised the bar on just what determined criminals can and will do to steal banking information and money.
The latest ATM hack came to light yesterday after Sophos revealed its discovery of a Trojan that had been specially crafted to steal information from users of Diebold ATM machines. Diebold in January had issued a security update for its Windows-based Opteva ATMs, some of which it said had been physically broken into and infiltrated with the Trojan software in Russia.
"We immediately notified our customers globally of the malware risk and sent a precautionary software update," a Diebold spokesperson says. "We were made aware of the isolated incident in Russia in the January time frame. The criminal gained physical access to the ATMs at site locations, and the malware was installed by someone with high-tech knowledge and expertise. "
The attackers were well-versed in the software internals of the ATM machines. "It's fascinating that the hackers went to this extent...they [knew] the API calls and understood how the cash machine works," says Graham Cluley, senior technology consultant at Sophos. "We haven't seen that before.
(More...)
