The Old and Not-So-Bold Dieblold?

August 16, 2020

Robbing ATMs with specialized hardware is not new. What is new is using the manufacturer’s own software to facilitate the attacks. Ars Technica reports, “Crooks Have Acquired Proprietary Diebold Software to ‘Jackpot’ ATMs.” Say, doesn’t Diebold also make voting machines? Perhaps there are some things that should not be automated.

Jackpotting is a technique in which thieves convince an ATM to spit out cash, sometimes as quickly as 1.7 bills per second. One way to achieve this is to attach a hacking device, or “black box,” to the machine, either by physically breaking into the machine’s face or connecting to its network cables. Not surprisingly, these attacks usually occur on outdoor ATMs. (Another way is by breaking in and swapping out the machine’s hard drive. Then there is the email route: malware is unwittingly installed by a network admin after a successful phishing attempt.) Black boxes mimic the machine’s internal software with a laptop or using Raspberry Pi or Arduino hardware. Now, some thieves are leveraging Diebold’s own proprietary code against it. An advisory from the manufacturer states:

“Some of the successful attacks show a new adapted Modus Operandi on how the attack is performed. Although the fraudster is still connecting an external device, at this stage of our investigations it appears that this device also contains parts of the software stack of the attacked ATM. … The investigation into how these parts were obtained by the fraudster is ongoing. One possibility could be via an offline attack against an unencrypted hard disc.”

For now, most of these attacks appear to be occurring in Europe, particularly on the ProCash 2050xs USB model. It could be worse. Reporter Dan Goodin observes:

“The new attack variation described by Diebold is both good and bad news for consumers. On the one hand, there’s no indication thieves are using their recently acquired software stack to steal card data. The bad news is that attackers appear to have their hands on proprietary software that makes attacks more effective. The recent increase in successful jackpotting ultimately results in higher fees, as financial institutions pass on the costs caused by the losses.”

The write-up concludes with Diebold’s advice to avoid falling victim to a hacked ATM—stick to ATMs at major banks, shield the keypad while entering your PIN, and review each bank statement for suspicious activity. And Diebold “security”? Well.

Cynthia Murrell, August 16, 2020

Comments

One Response to “The Old and Not-So-Bold Dieblold?”

  1. Michel on August 27th, 2020 7:20 am

    Well done and written my friend.
    I’ve juist started writing in the past few weeks
    and realized that lot of people merely reswork old ideas but add
    very little of benefit. It’s fantastic to read a beneficial write-up
    of some real value to me.
    It is on the list of creteria I need tto emulate being a new blogger.
    Reader engagement and material value are king.
    Some wonderful ideas; you have certainly managed to get on my list of
    blogs to watch!

    Continue the excellent work!
    Cheers,
    Rhonda

  • Archives

  • Recent Posts

  • Meta