Threat Level Privacy, Crime and Security Online New ATM Malware Captures PINs and Cash

So the ATM machines are no better than the voting machines after all! Interesting since integrity of the ATM machines was often raised to counter arguments about the relative trustworthiness of Diebolt's voting machines. Sounds like the ATM's are being hacked just like the voting machines.

"Security researchers have found malware planted on ATMs in Eastern Europe that captures PINs and magnetic stripe data from the machine’s memory and instructs the machines to spit out cash, eliminating the need for primitive skimming devices and advancing the tradecraft of card thieves to a new level...The attack requires an insider, such as an ATM technician or anyone else with a key to the machine, to place the malware on the ATM. Once that’s done, attackers can insert a control card into the machine’s card reader to trigger the malware and give them control of the machine through a custom interface and the ATM’s keypad...."

http://www.wired.com/threatlevel/2009/06/new-atm-malware-captures-pins-and-cash/

how long before it hits here.

Not the same exploit, but disturbing, all the same:


Related article-


Threat Level Privacy, Crime and Security Online
PIN Crackers Nab Holy Grail of Bank Card Security

http://www.wired.com/threatlevel/2009/04/pins/

Hackers have crossed into new frontiers by devising sophisticated ways to steal large amounts of personal identification numbers, or PINs, protecting credit and debit cards, says an investigator. The attacks involve both unencrypted PINs and encrypted PINs that attackers have found a way to crack, according to an investigator behind a new report looking at the data breaches.

The attacks, says Bryan Sartin, director of investigative response for Verizon Business, are behind some of the millions of dollars in fraudulent ATM withdrawals that have occurred around the United States.

"We’re seeing entirely new attacks that a year ago were thought to be only academically possible," says Sartin. Verizon Business released a report Wednesday that examines trends in security breaches. "What we see now is people going right to the source … and stealing the encrypted PIN blocks and using complex ways to un-encrypt the PIN blocks."