Diebold ATMs in Russia targeted with malware

By Marcia Savage, Features Editor, Information Security magazine 18 Mar 2009 | SearchFinancialSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Diebold Inc. issued a security update for its Windows-based ATMs after criminals attacked a number of them in Russia and installed malware designed to steal sensitive data.

SearchFinancialSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

North Canton, Ohio-based Diebold alerted customers about the break-ins and the security update in January. The attacks, which were isolated to Russia, involved physical access to ATMs and were not a network-level security compromise, the company said in its notice. The suspects in the case have been apprehended, according to Diebold.

Diebold spokeswoman DeAnn Zackeroff said the physical attacks on the machines were very low-tech but that the malware installation indicated that the attackers were highly sophisticated.

She said a number of machines in Russia were attacked, but that Diebold moved quickly to alert its customers and issue the software update.

In a letter to customers, Scott Angelo, Diebold vice president and chief security officer, said the software update is a precautionary measure. "Diebold believes this update will help prevent the attack that was targeted in Russia from occurring at Diebold ATMs in other regions in the future," he said.

In its alert, Diebold noted the risk to the ATMs was "significantly increased" if the Windows administrative password has been compromised, the hardened version of Windows provided by Diebold isn't used, or if the Sygate/Symantec firewall provided with Diebold Agilis software has been disabled or isn't configured properly. The company advised its customers of security best practices, including changing the default Windows password on its Windows-based ATMs, and making periodic changes to the administrative password.

Vanja Svajcer, a principal virus researcher at UK-based antivirus supplier Sophos Plc., this week discovered the malware that targeted the Diebold ATMs.

In an interview, Graham Cluley, senior technology consultant at Sophos, said the malware appeared to be the first targeting ATMs.

"Obviously, fraudsters have tried to connect devices to ATMs before," he said. "Normally they attach them on the outside of the machine, so there's something for the public to see, but if they install malware onto the machine, there's nothing for the human eye to see."

While Sophos researchers can't test the malware on an ATM, Cluley said it appears that the malware tried to copy an ATM user's card and PIN numbers and then waited until a member of the criminal gang inserted a specially crafted card into the machine. The software would recognize the card and print out the stolen card and PIN numbers onto the paper ATM receipt.

SearchSecurity radio:

The incident isn't reason for people to panic about using cash machines, Cluley said.

"We only have reports of this occurring in Russia. The hackers needed physical access to the device to install the software," he said.

Plus, the attackers needed inside knowledge of the ATMs, he added. "When we looked at the malware, it was communicating with the ATM machine and sending instructions. They wouldn't have known what instructions to send unless they had inside information about the way the ATM worked," he said.

Still, as more cybercrime is financially driven, the temptation for criminal gangs to hire insiders to help them in these schemes could increase, he said.

"This latest offense against Diebold's ATMs is another example of the growing level of sophistication and aggression involving ATM-related crime," Angelo wrote in the letter to customers. "Security is one of Diebold's absolute priorities and our engineers are working constantly to address emerging ATM security threats."

Tags: Debit and credit card fraud prevention,  Financial transaction protocols and security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Debit and credit card fraud prevention Four hackers indicted in RBS WorldPay breach Bank Trojan used against German accounts evades antifraud systems California man sentenced in online brokerage scam Identity Theft Assistance Center marks five years of helping victims Fighting fraud: Understanding technology and threats Defendants in banking fraud scheme accused of exploiting regulation Credit union launches online banking suite with strong authentication Winning the war: Personal information protection ATM malware used in Russia lets attackers control machines Banks, e-commerce sites use device identification to stop fraud Financial transaction protocols and security FDIC: Educate business customers about the need for security Financial institutions reported more suspected fraud in 2008 Controls monitoring helps with governance, risk and compliance Identity management for financial firms in turbulent times How to communicate the value of security controls for online transactions Mobile payment adoption risks IBM USB banking device stops keyloggers, malware Community banks to increase security spending, survey finds Protecting third party processes on all levels Case study: How outsourcing services enable PCI DSS compliance

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary card verification value  (SearchFinancialSecurity.com) PAN truncation  (SearchFinancialSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary