[ insider_reports_insider ]
Insiders Thought To Hack Russian ATMs
SecurityProNews
Staff Writer
2009-03-18
 Insider Reports RSS Feed
CORRECTION: Originally it was stated in this article there were two data breaches at Heartland Payment Systems. There was only one breach where malware was found on the network. We apologize for any confusion this may have caused.
 |
Insiders Thought To Hack Russian ATMs |  |
Crooks running online phishing schemes are amateurs compared to insiders hacking into proprietary systems themselves. As Visa, for legal reasons, distances itself from two of the largest payment processors around, security researchers are finding backdoor malware on ATMs themselves.
Heartland Payment Systems and RBS WorldPay have been rather tightlipped about the nature of two security breaches which compromised the credit card information of millions. Even Visa couldn't get much information out of them, and to protect itself from legal action from banks and credit unions everywhere, the company has removed Heartland and RBS from a list of companies in compliance with Payment Card Industry (PCI) rules.
Meanwhile, Diebold ATMs (apparently in Russia) are hit with backdoor malware installed by whom would have to be insiders.
Remember how Fannie Mae narrowly escaped the wrath of a network "time bomb" implanted by a fired employee? Sensing a trend here?
It's always been a concern that terminated employees or employees with the knowledge to run complex networks and the trust of their company could manipulate networks to their own ends. Motive, opportunity, and inclination are a powerful trio.
Also a powerful (dangerous) combination are a bad worldwide economy combined with downsizing and outsourcing (and, one might add, the Russian hacker mafia). It's possible Heartland and RBS were insider jobs, but what is certain is that the Fannie Mae breach and the Diebold ATM ones were insider jobs.
Vanja Svajcer, a researcher for Sophos UK, details how difficult it is to hack an ATM machine, and suggests that if it can be done, it must be done from someone inside Diebold with intimate knowledge of how these machines work. Upon hearing a rumor that Russian cash machines were infected with a Trojan to capture credit card details, Vanja checked the malware database to see if any referenced Diebold.
Sure enough, Vanja found three files designed to capture ATM usage data, including PINs.
Sergei Shevchenko at the ThreatExpert blog delved further into the malware and, through a pretty sophisticated and technical explanation, found the code made it possible via a set of commands to cause the ATMs to eject an ATM cassette with cash. In theory, it could also be used to rob banks in a large-scale distributed attack.
This proof of concept is bad news for Diebold, a company already under fire every election season for vulnerable electronic voting machines and allegations of insider vote manipulation.
The news as a whole, as the world economy collapses, is enormously disturbing when you think that huge financial institutions, payment processors, lenders, and ATM machine makers have all been severely compromised by internal hackers.
Best practices of course, are to make extra certain IT and programming personnel undergo rigorous background checks, that encryption is standard, that there security layers in place. And always be sure, if termination is about to happen, to block access to the network beforehand.
About the Author:
SecurityProNews is a daily online and email publication focusing on internet security issues.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
