Vulnerability Development mailing list archives
ATM exploits - Was Re: Modern hw-killing virus feasible
From: Jerry Carrell <JERRYCTX () AOL COM>
Date: Thu, 8 Mar 2001 12:39:04 EST
In a message dated 3/7/01 10:38:23 PM Central Standard Time jono () MICROSHAFT ORG wrote:
For example, some free standing ATM machines actually dial-up (yes, you can hear the modem dial and the connection hiss) connections to the network. An ATM technician even told me that the line from the wall to the ATM, which is usually protected, was a T-1. When asked if someone could just pull it and hook back in, he stated that it would send an alarm to the CO, but a bridge would work fine. Does anyone have more information about these devices and what kind of risk we may actually be exposed to?
I haven't worked with ATMs for several years but I doubt that any use a T-1. A standard leased line can handle the maximum traffic from several dozen ATMs. Also never worked with dial up although there was a proposed project for a ship-board ATM using ship-to-shore telephony. The ATM network I worked for did suffer significant losses to wire-taps. The thief would select an ATM in a strip mall because the telephone junction box was usually unprotected on the back of the building near a telephone pole with a tell-tale large metal conduit. The thief (we believe) would back a van to the junction box. Using a device from Radio Shack he could easily identify the digital signals of the data line. He used one or two PCs in the back of the van to (a) respond to the polls from the host so the network did not sense a problem (except possibly a brief interruption when he switched to the PC) and (b) talk to the ATM. The PC program that serviced the ATM was sophisticated in some ways ... for example, it changed the "welcome" screen to "out of service" so customers would not attempt to use the ATM. However, it didn't handle error conditions which prevented him from cleaning out an ATM in several cases. There were many other changes to the ATM configuration but basically, he requested a withdrawal and the PC approved the transaction. The total loss was never announced but I'm sure it was well over $100,000 because a couple of dozen ATMs were hit. The investigation was turned over to the Secret Service. So far as I know, no one was charged but one rumor around the office was they knew who did it but had no proof. That network installed MAC boards in all their ATMs and is no longer vulnerable to that form of attack. That was about ten years ago and I don't know what security features are used in current ATMs. I still see some ATMs from that era in use and some of them may be vulnerable. This is off-topic but my favorite "security" story from the banking industry is low tech: The thief got a rent-a-cop uniform and a wicker basket. He painted a sign that said "Out of service. Please use basket". After hours he went to the night depository at a bank, set the basket on the floor, taped the sign to the wall and stood there looking official. Supposedly, many people left their deposits and no one called the police. Told to me by a tech from the company that makes most night depositories (and ATMs, for that matter). If its true, the thief deserves the money for sheer chutzpah. :=)
Current thread:
- ATM exploits - Was Re: Modern hw-killing virus feasible Jerry Carrell (Mar 08)