..

More Banking Woes: Fake ATM Machines in Vegas

Written by:
Guest
Published on:
Aug/03/2009

Computer security experts of all types--from hackers, crackers, and phreaks to security researchers and law enforcement officials--descended on Las Vegas last week for the annual Black Hat and DefCon security conferences. It is probably no coincidence that an attacker also chose last week to plant phony ATM machines around Las Vegas in an attempt to capture account and PIN information and extract money from compromised accounts.

Perhaps the attacker saw it as a personal challenge to "hack the hackers" and test whether or not these security hobbyists and experts could detect an attempt to pull the wool over their eyes. The ironic part is that there was a presentation scheduled to be delivered at Blackhat by Juniper's Barnaby Jack related to exploiting a flaw in certain ATM machines, but the presentation was canceled at the request of an ATM vendor.

The presentation focused on exploiting vulnerabilities in devices running the Windows CE operating system. Many ATM machines rely on the Windows CE operating system so divulging the hack publicly could have had dire consequences. Juniper's director of corporate social media relations, Brendan Lewis, wrote a post on Juniper's official blog stating "To publicly disclose the research findings before the affected vendor could properly mitigate the exposure would have potentially placed their customers at risk. That is something we don't want to see happen."

That seems very altruistic on the part of Juniper and Barnaby Jack considering that Juniper notified the vendor of the vulnerability more than eight months ago. It wasn't as if it was a zero-day exploit or sudden shock to the vendor. Canceling the presentation prevents the flaw from becoming public knowledge, but the fact that they were able to find it and that affected systems have been vulnerable for more than eight months suggests that it is also possible that others with more questionable moral fiber may have stumbled upon the flaw as well and be actively exploiting it.

 

Sadly, the vulnerability is probably not an isolated or unique incident either. In a recent interview an executive of Trustwave, a security and compliance services vendor that assesses ATM, kiosk, and point-of-sale (POS) terminals for security, was quoted as saying "It is very, very rare that a device comes to our labs--in fact, I don't think that it has happened--that we don't find a vulnerability."

Source:  PC World

Tony Bradley is an information security and unified communications expert with more than a decade of enterprise IT experience. He provides tips, advice and reviews on information security and unified communications technologies on his site at tonybradley.com .

Gambling News

US Judge Revives Class-Action Claim in Wynn Resorts Lawsuit

US Judge Revives Class-Action Claim in Wynn Resorts Lawsuit

A federal judge in Nevada has revived elements of a securities fraud lawsuit seeking class-action status for allegations that executives at Wynn Resorts Ltd. knew about, but disregarded, reports of sexual harassment and misconduct against company founder Steve Wynn.

Macao Orders Closure of Entertainment Venues, Mass Testing

Macao Orders Closure of Entertainment Venues, Mass Testing

Macao authorities on Wednesday ordered the closure of entertainment venues but not casinos, and coronavirus tests for its 600,000 residents, after the gambling city confirmed four new infections.

NC Sports Betting Bill Gets Winning Vote From Senate Panel

NC Sports Betting Bill Gets Winning Vote From Senate Panel

Legislation to license and tax sports betting throughout North Carolina cleared its first Senate committee Wednesday, with supporters, for now, overcoming social conservatives who argue it will create more gambling addicts.

Mansion88 Targets the Asian Betting Audience

Mansion88 Targets the Asian Betting Audience

The M88 bookie also known as Mansion88, was established in 2004; main activities in the Asian market. The bookie specializes in offering betting products such as online casinos, sports betting, bullets, lotteries.

Introduction Of W88 Betting Bookie

W88 is one of the leading reputable and quality bookmakers in Asia.

Syndicate