RSS Alerts

Share

More services

Related Links

Related Stories

  • Please Feed the Bear: The Growing Russian Infosec Market
    The Russian information security market is thriving, fueled by a rise in cybercrime. Some foreign security firms, however, have found it difficult to break into the market. Fred Donovan explains why
  • Comment: ‘Tis the Season for Cyber Scamming
    A great online sale can be ruined if hackers steal your credit card number. Nicholas J. Percoco, senior vice president and head of Trustwave’s SpiderLabs, shares data security best practices for safe e-commerce, such as looking for “trust” indicators like SSL certificates, and how to help prevent cyber theft now and through the New Year.
  • Complex Information Security Compliance for Multinational
    Multinational companies in North America face a raft of red tape in terms of compliance and regulatory issues, as well as the uphill task of dealing with the complexities of international IT systems and resources. Steve Mansfield-Devine asks how companies can stay within the regulatory confines of relevant information security legislation without compromising profitability
  • Russians hack Diebold ATM software
    The act of ATM Card skimming and shoulder surfing - used by criminals the world over to create cloned cards from users of bank cash machines - has entered a new dimension.
  • US standards drive Canadian information security
    An absence of legislation and the presence of the laissez-faire attitude has resulted in Canada being rather lax when it comes to information security compliance. Robin Arnfield looks at how US standards are driving the Canadian information security marketplace

Top 5 Stories

News

ATM malware likely to spread

23 June 2009

The malware that has been infecting automated teller machines in eastern Europe could be about to spread to other places in the world, according to the company that uncovered the fraud. Experts at SpiderLab, the research arm of security firm Trustwave, say that there is "increased activity" around this particular strain of malware in other parts of the world.

"There is indication that there is activity around this network in other parts of the world. It's likely not to just stop here," said Nicholas Percoco, vice president of consulting at Trustwave. "Hopefully it does - the alerts that we have sent out will cause other banks to secure their systems - but there is an indication that there is activity around this region, around the same type of malware,"

Trustwave detected the software on ATM devices located in Eastern Europe last month. The malware is designed to allow third parties to control different aspects of the machine's operation, including the gathering of sensitive data from the magnetic stripe on the card. It is also possible to use the software to force an ATM to dispense all of the cash stored in its cassette.

The malware was produced by a developer serving an organised team, according to experts from the company. It codifies roles and responsibilities with different privileges, accessed using different trigger cards, with identity data designed to specify the holder's role codified on the magnetic strip.. "If they were all the same person, then it wouldn't make sense to put all of these different roles and responsibilties in the malware," said Percoco.

Peracoco explains that there are different types of card. A single-use card enables a presumably lower-ranked individual within the organised crime team to carry out basic reporting and monitoring functions. A multi-use card enables the holder to carry out more actions, on a repeated basis. The command to dispense the cash cassette is contained on the multi-use card, but is granted only after the account holder has satisfied a challenge/response request.

The software would most likely have been installed by someone with physical access to the ATM, said Percoco, adding that the ATMs were exclusively Windows-based, and were older machines.

"The systems we looked at were older systems, and they were not classified as your PCI compliant ATMs," said Percoco, arguing that in newer systems, tamper-proofing and encryption key management are performed more effectively.

Significantly, Alistair Kelman, a barrister specialising in financial fraud, argues that many older ATMs were sold off by banks in developing countries as they modernised their own equipment. "When we finally got around to upgrading our systems, instead of selling off their old machines as scrap, they sold them off to developing countries as an ideal system for them to use, because they didn't feel that people in developing countries had the skill sets to require top-end security," he says.
 

This article is featured in:
Compliance and Policy  • Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012