..

More Banking Woes: Fake ATM Machines in Vegas

Written by:
Guest
Published on:
Aug/03/2009

Computer security experts of all types--from hackers, crackers, and phreaks to security researchers and law enforcement officials--descended on Las Vegas last week for the annual Black Hat and DefCon security conferences. It is probably no coincidence that an attacker also chose last week to plant phony ATM machines around Las Vegas in an attempt to capture account and PIN information and extract money from compromised accounts.

Perhaps the attacker saw it as a personal challenge to "hack the hackers" and test whether or not these security hobbyists and experts could detect an attempt to pull the wool over their eyes. The ironic part is that there was a presentation scheduled to be delivered at Blackhat by Juniper's Barnaby Jack related to exploiting a flaw in certain ATM machines, but the presentation was canceled at the request of an ATM vendor.

The presentation focused on exploiting vulnerabilities in devices running the Windows CE operating system. Many ATM machines rely on the Windows CE operating system so divulging the hack publicly could have had dire consequences. Juniper's director of corporate social media relations, Brendan Lewis, wrote a post on Juniper's official blog stating "To publicly disclose the research findings before the affected vendor could properly mitigate the exposure would have potentially placed their customers at risk. That is something we don't want to see happen."

That seems very altruistic on the part of Juniper and Barnaby Jack considering that Juniper notified the vendor of the vulnerability more than eight months ago. It wasn't as if it was a zero-day exploit or sudden shock to the vendor. Canceling the presentation prevents the flaw from becoming public knowledge, but the fact that they were able to find it and that affected systems have been vulnerable for more than eight months suggests that it is also possible that others with more questionable moral fiber may have stumbled upon the flaw as well and be actively exploiting it.

 

Sadly, the vulnerability is probably not an isolated or unique incident either. In a recent interview an executive of Trustwave, a security and compliance services vendor that assesses ATM, kiosk, and point-of-sale (POS) terminals for security, was quoted as saying "It is very, very rare that a device comes to our labs--in fact, I don't think that it has happened--that we don't find a vulnerability."

Source:  PC World

Tony Bradley is an information security and unified communications expert with more than a decade of enterprise IT experience. He provides tips, advice and reviews on information security and unified communications technologies on his site at tonybradley.com .

Gambling News

Macau Kills Gambling: Stops China High Stakes Junkets

Macau Kills Gambling: Stops China High Stakes Junkets

Macau's gaming regulator has ordered junket operators in the world's largest gambling hub to stop offering credit to customers, according to brokerage firm Bernstein.

Updated NFL Playoff Odds and Win Totals 2022

Updated NFL Playoff Odds and Win Totals 2022

With just a handful of weeks left in the 2021 NFL regular season, let’s take a look at the probabilities of certain teams making the playoffs and how every team will finish in the W-L column.

Chicago Sports Betting to Tack on Another 2 Percent

Chicago Sports Betting to Tack on Another 2 Percent

Illinois has a 15% tax rate on sports betting, Cook County imposes a 2% rate and now the city of Chicago wants to tack on another 2%.

Virginia Judge Issues Injunction in Skill Games Lawsuit

Virginia Judge Issues Injunction in Skill Games Lawsuit

A Virginia judge issued a temporary injunction Monday blocking the enforcement of a law that banned a type of electronic betting machine that had proliferated in gas stations, bars and other locations around the state.

Lawmaker: 4 Atlantic City Casinos May Close Without Tax Aid

Lawmaker: 4 Atlantic City Casinos May Close Without Tax Aid

Four of Atlantic City’s nine casinos are in danger of closing if the state does not pass a bill giving tax breaks to the casinos, New Jersey’s outgoing state Senate president said Monday.

Syndicate