Who’s Still Robbing ATMs with USB Sticks?
Updated by Endah
Here’s one quick way to rob a bank, over and over again.
Find an ATM running Windows XP. Skeptical? Don’t be, they’re still installed all around the world. Next, cut a piece from its chassis to expose its USB port. On your own USB stick, you’ll have malware stored that will load the moment you force the ATM to reboot, rewriting the old operating system’s registry.
From that point, it’s easy. Replace the cut-out chassis piece. Wait a day or two until the ATM is reloaded with cash. Then step right up, use the hidden menu you’ve installed to cut the machine’s network connection, extract its cash and wipe your tracks completely.
Easy enough? A pair of German security researchers speaking at the
Chaos Communication Congress (CCC) demonstrated precisely this system on Friday, reconstructed from malware discovered in the wild on an undisclosed number of ATMs.
Most of the technology issues I have seen in the office are caused by violating what I call the basic technology equation.
The equation is:
Procedure + Process + Purchase = Elegant Technology
Procedure includes the standard functional procedures + 360 degree communication with your audience.
- Procedure includes how you train, manage, and grow your teams. The team is the key.
Process includes how you handle the technology and the work done with it.
- Process includes how you control quality, control the facility, manage the technology and business process.
Purchase includes the right tool for the right job at the best price.
- The right tool based on functionality and useability, do not choose the popular tool if it does not work well.
If you follow the equation then you will foster security in a way that even the finance office of your firm can agree to work with.
The issue here is the machine was deployed in a very insecure state.
We can help you secure your technology. www.jonathankine.com
Complete story here Who’s Still Robbing ATMs with USB Sticks? (Wired.com)
(Page updated by Endah)