Friday, March 20, 2009

Hackers inside the ATMs: A red alert to world's major financial institutions


When talking about electronic disobedience, many different aspects come forward to point the criminal activities launched using electronic media (computers and internet). Apart from those of money laundering and vandalism issues one is considered to be the most intenseful fraud, "credit card fraud" or "e-fraud". As from the years of data breaches and theft reports, such as:

"11 Mar 2009 - Computerweekly.com: Data theft Trojans fastest growing cyber threat"
http://www.computerweekly.com/Articles/2009/03/11/235229/data-theft-trojans-fastest-growing-cyber-threat-says.htm

"The ITC 2008 Reports: Data Theft/Data Breaches - by industry/cause"
http://idtheftmostwanted.org/ITRC Breach Report 2008.pdf

It has been proved that the underground criminal market is growing fast and find new ways to remain undetectable in almost every first attempts. These changes of development can be noticeable from 2002-2009, an enormous increase in data theft pushed at various firms in the world. Cracking the ATMs is not new, but quite far changing the shape of existing attack in new ways.

Recently there was a news published at DarkReading.com, in which it has been stated clearly about how cyber criminals are moving and driving their thirst of money by passing any sort of security infrastructure to accomplish their goals. From time to time these criminals are changing and adobting new methods, for instance, a creation of normal phishing attack using DIY toolkits driven more towards serving the automated information-stealing malware today.

Sophos recently revealed a latest hack which affects the Diebold based ATM machines:
http://www.sophos.com/blogs/gc/g/2009/03/18/details-diebold-atm-trojan-horse-case/

Although, Diebold has published the security update in late January for their Windows-based Opteva platform. A trojan identified gave complete access to the criminal. One thing to notice that how far today's high-tech criminals have moved a step forward to understand the internal functions and API calls of the cash machines. This has not only to deal with virtual access of ATM but also a physical access (or internal access) to install the malware. The trojan was silently collecting PINs (aka. Track2 information) from the magnetic strips which further allows an attacker to clone real cards.

Looking at other perspectives where the recent incident in Europe "Several Checkout card readers in major supermarket chains", a news reported by Sophos in which the card readers were tampered with built-in sniffers. Among the known victims were Wal-Mart and Asda chains. These all aspects give a clear high-lights on how the cyber criminals of past moving faster in finding their ways to inject new ideas to steal the financial records.