Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Crime The Almighty Buck

Bank Employee Plants Malware on ATMs 171

Wired's Threat Level has a piece on a Bank of America employee, Rodney Reed Caverly, who has been charged with installing malware on ATMs in North Carolina. Caverly, who worked on the bank's IT staff, allegedly withdrew cash untraceably from the ATMs over a period of 7 months last year. "The charges were filed the same day that credit card company Visa warned the banking industry that Eastern European ATM malware recently showed up in America for the first time. That code, initially spotted last year on some 20 ATMs in Russia and Ukraine, was designed primarily to capture PINs and bank card magstripe data, but also allowed thieves to instruct the machine to eject whatever cash was still in it... At least 16 versions of the East European malware have been found so far and were designed to attack ATMs made by Diebold and NCR, according to the April 1 Visa alert. There is no information tying the malware found in Russia with the malware allegedly used by Caverly."
This discussion has been archived. No new comments can be posted.

Bank Employee Plants Malware on ATMs

Comments Filter:
  • I RTFA, and maybe I just missed it...but did they detail how they caught the guy?

    • Re:hmm... (Score:5, Interesting)

      by Monkeedude1212 ( 1560403 ) on Friday April 09, 2010 @09:54AM (#31789520) Journal

      who has been charged with installing malware on ATMs in North Carolina. Caverly, who worked on the bank's IT staff, allegedly withdrew cash untraceably from the ATMs over a period of 7 months last year.

      Wait - so if they caught the guy, how the hell is that untraceable?

      Just because you don't follow the money doesn't mean you aren't tracing.

      • Re: (Score:3, Insightful)

        by Dare nMc ( 468959 )

        Because stupidity and arrogance is traceable.
        Somehow the money has to get from the hopper to the guys home, then from the guys home to buy stuff. My guess would be the guy was caught spending beyond his means, then they started following him to ATM's where he was then recorded withdrawing the money. Then when they go looking for what account he withdrew money from, and it couldn't be found. Then again he may have just bragged about it to his girlfriend, then when he dumped her...

      • Oh, I dunno; maybe he showed up to work one day driving a car worth ten times his annual salary?

        Just because someone can write code doesn't necessarily mean they're not dumber than a turnip.

    • Re:hmm... (Score:5, Funny)

      by Stenchwarrior ( 1335051 ) on Friday April 09, 2010 @10:14AM (#31789790)
      He accidentally withdrew $305326.13. Must have put a decimal in the wrong place...he's always messing up some mundane detail like that, from what I understand.
  • by DanTheStone ( 1212500 ) on Friday April 09, 2010 @09:52AM (#31789484)
    I once deposited cash at a Diebold BofA ATM that didn't use envelopes. The little door around the cash-taker closed on the bills and stuck there, so I had to slide/pull them back out. It couldn't read the amount I'd put it (since it ended up being $0) so it made me enter it on the keypad. It wouldn't accept that I'd deposited $0, so eventually I told it I'd deposited $1 so it would give the card back.

    To put a long story short, those things are not well-programmed.
    • by thijsh ( 910751 ) on Friday April 09, 2010 @09:55AM (#31789534) Journal
      You misspelled $1 million as $1. ;-)
    • Re: (Score:2, Informative)

      by Anonymous Coward
      Never, ever deposit money into an ATM in that manner, especially a Diebold ATM.

      I worked for them at one point as a systems engineer and was friends with the engineering group - I was told that they have a "fair" fail rate on the device that you feed the envelope into. On some of the older ATM models there was a gap where it was possible for the envelope to thread downwards instead of into the deposit bin, and you had to take the ATM apart to get those envelopes back.

      That was one of the chief complaint
      • Re: (Score:3, Funny)

        by MiniMike ( 234881 )

        Never, ever deposit money into an ATM in that manner, especially a Diebold ATM.

        If you don't deposit any money, will it still count your votes?

      • As I said, this was one of the newer machines that don't use envelopes; they only take checks (cheques) or piles of bills, and count your deposit immediately for you to verify. I'm not sure why you would call it "that manner" when you're talking about the opposite of my situation.
      • by sideshow ( 99249 )

        Never, ever deposit money into an ATM in that manner, especially a Diebold ATM.

        The ATM the poster refers to does not accept envelopes. In fact, it does a count of the cash right then and there and asks for approval. Then, it rights the bill count and total right into the receipt. If it's before 8pm (at least at BofA) you get immediate access to those funds.

        However, I agree about depositing envelopes full of cash into the old-style ATMs. Not so much because of mechanical errors, but because of bank workers pocketing the cash and then say "Gee, the customer deposited an empty envelo

  • Hmmm, where have I heard that before, the terms Diebold and untraceable in the same sentence...beats me!
  • UNfortunately (Score:5, Insightful)

    by Anonymous Coward on Friday April 09, 2010 @09:54AM (#31789516)

    This fellow will serve more time than any of the bank CEOs responsible for the huge mess in America's economy.

    • Re:UNfortunately (Score:5, Insightful)

      by Yold ( 473518 ) on Friday April 09, 2010 @10:08AM (#31789714)

      Yes I see your point, but what he did was ILLEGAL. What bank CEOs did was idiotic and a byproduct of Greenspan's Randian/laissez faire outlook on "self-regulation". They weren't violating the law, this guy was. He was deliberately engaged in an act of theft, which doesn't compare to the cluster-fuck of idiocy that caused the last recession. Bank CEOs were reckless, the government was allowing it to happen, and a bunch of toxic assets were being rated as AAA bonds.

      With that said, the real outrage is that some of the CEOs of failed banks made millions off there own failures. When you become CEO you should sign a contract saying "I will return 100% of my bonuses if my fuckups cause this company to fail".

      • Re:UNfortunately (Score:5, Informative)

        by violasvegas ( 1662837 ) on Friday April 09, 2010 @10:21AM (#31789882)
        Actually, what some of these CEO's did was pretty plainly illegal. See - Lehman Brothers and the use of Repo 105. NY Times has a good breakdown. You can find it here: http://dealbook.blogs.nytimes.com/2010/03/12/the-british-origins-of-lehmans-accounting-gimmick/ [nytimes.com] Even their own internal legal review determined that the practice was illegal in the US, hence the need to do it secretly in England.
        • by tekrat ( 242117 )

          That's a good point, and I'll bet the Lehman officers will never do even a second of jail-time. But to go back to the parent-post (or gandparent post, I'm lost at this point)... The poster points out that what this loser did was "illegal" and what the banks did to fuck the economy wasn't "illegal".

          I'd like to point out that "duh" -- OF COURSE, it's designed that way. Laws in this country ARE DESIGNED to make everything done by a "citizen" illegal, while anything done by large, faceless corps are legal. This

      • While the Government was not regulating the banks well I have to wonder... If there was NO regulation at all.

        Wouldn't customers be much more likely to know what exactly the banks were doing with their deposits?

        Would they not then move their money to institutions that were more conservative and careful with those deposits?

        Which I think might make banks that were smart and careful more successful and more profitable in the long run than banks that take huge chances. With people less protected and more aware

        • Re: (Score:3, Informative)

          by Yold ( 473518 )

          I think that True market forces can do a better job at regulation than the US Government can.

          Until greed, credit, and gullibility enter into the equation. What do you think causes the Great Depression? Unregulated securities markets and overvalued stocks fueled by the credit of your average citizen. What do you think causes the last recession? Under-regulation in the securities markets, and overvalued bonds fueled by the credit (mortgages) of your average citizen. For fucks-sake, my 20 year old friend had a $150,000 mortgage on $30,000 of income for a house that is now worth $40,000. He defaulted,

          • For fucks-sake, my 20 year old friend had a $150,000 mortgage on $30,000 of income for a house that is now worth $40,000.

            One thing that I never see in these discussions is the lack of financial literacy of the general public. Who the fuck buys anything that is worth a) more than 5 times their yearly income, and b) was worth 50% the price paid for about 2-3 years ago?

            I don't care what the interest rate is that you pay the first 6 months. If you make x per year and something costs 5x, you're not going to pay it off, ever. Unless you make about 10 million a year and have a golden parachute for 50 million. But then, the rules don

            • by geekoid ( 135745 )

              Lots of people./
              BTW 150K house would be under 700 a month at 5%.

              Walking away may have just been a prudent financial decision. I suspect if it dropped to 100K he wouldn't have walked away.

              You are looking at it wrong. It's not pay 700 a month, or payu nothing.
              It's pay 700 dollars a month in a home you might get equity for, vs 700 a month for an apartment.

              Why pay that kind of money for a house that is no longer worth it? Better to walk, wait a couple of year and the purchase again.

              Historically what would have

        • by geekoid ( 135745 )

          no. There was a time of no regulation. It led to massive financial and class failure.

          When the people at the top of the market lie, how is a consumer supposed to know?
          Yes, we are conservative with your money. right up until the time you loose everything and we leave with pockets full of cash.

          People, such as yourself, seem to forget that the regulations stem from past abuses that caused financial crisis.

          True market forces is a myth. You can only have true market forces in a world where all actions and informa

          • by Richy_T ( 111409 )

            People, such as yourself, seem to forget that the regulations stem from past abuses that caused financial crisis.

            Yes, "something had to be done", of course.

            Never mind that it doesn't actually fix the problem so, sooner or later, "something has to be done" again. And again.

      • by bmo ( 77928 )

        Any sufficiently advanced incompetence is indistinguishable from malice.

        --
        BMO

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        You spelled "laissez faire" properly and then screwed up "there"? FAIL

      • by Yvan256 ( 722131 )

        Actually the CEO shouldn't get any bonuses at all and only have a % of the profits/losses of the company. If all you get is 0.1% of the bottom line, you try your best that it doesn't become a negative value.

        Those failed banks CEOs would actually OWE money to the USA government at this point.

      • Re: (Score:3, Informative)

        by blair1q ( 305137 )

        Yes I see your point. Let's make what those CEOs did ILLEGAL.

        Oh wait, borrowing from each other to make unsecured wagers on other people's debt positions was illegal. Until it wasn't.

        (For you amateur politicians: The retraction of the Bucket Shop laws was added onto a spending bill in 2000. Bill Clinton signed it, because it was a couple of lines in a thousand-page bill, but it was the banking industry's paid-for congresscriminals who stuck it there. Moral: Never allow the GOP to hold power in congress

        • Re:UNfortunately (Score:5, Insightful)

          by stephanruby ( 542433 ) on Friday April 09, 2010 @11:34AM (#31790922)

          Moral: Never allow the GOP to hold power in congress again. When they abuse parliamentary tactics, it costs us $700 billion off the top, and millions of jobs.

          I don't see how you ended up with that moral. Shouldn't the excuse you used for Bill Clinton be equally applicable to the GOP in Congress? or even the few Democrats in Congress? After all, if a Democrat in Congress had seen the couple of lines added in there, wouldn't he have told the Democrat President? Or are you implying that the lines were inserted in the bill between the time it was voted in and the time it was driven to the White House (which is possible granted, but I don't think that's what you said)?

          Disclaimer: I did vote for Bill Clinton. I just think that this attitude of "That my party can do no wrong, and if they did wrong, there must be a good reason for it." is precisely what's wrong with our current political system.

          • by migla ( 1099771 )

            What's wrong with your political system goes far deeper than that.

            For example: Why don't you have two runs in the presidental elections if no candidate gets more than half of the votes?

            I'm sure there are several other technical issues like this that has made and continues to make it a two party state.

            Now, I'm not aware of representative democracy working particularly well anywhere, but two party states are a bit worse than, say, five party states, right? On the other hand, maybe a 34665 party state is worse

        • Yes I see your point. Let's make what those CEOs did ILLEGAL.

          Make no mistake. What happened with the banking system, the endless bubble-crash cycles, the bad mortgage lending, the massive bailouts, was on purpose and by design. The CEOs aren't stupid. When they say that no one could have seen this coming, they're lying. When they say that they made a mistake, they're lying. When they say that a bank is too big to fail, and society will collapse if you don't give them billions of taxpayer dollars, they're lying. Big banks stealing from taxpayers is not illegal be

          • by cusco ( 717999 )
            "When they say that no one could have seen this coming, they're lying."

            We were talking about this on a couple of forums where I regularly participate in 2002 By 2005 most of the participants were agreed about what was coming, just not sure whether it would happen in time to prevent the Rethugs making their position permanent in 2009. Fortunately it started to come apart early enough that the GOP essentially bailed on the presidential race and let McCain take the nomination since they knew they were go
        • by geekoid ( 135745 )

          Also the majority in congress said they would override his veto. What he did do is get change made so the middle class wouldn't get left out.

        • by rgviza ( 1303161 )

          Clinton and Greenspan could have stopped it at any time by raising interest rates and vetoing GLBA changes.

          Moral of the story: never allow a liberal president into power that cares more about getting his cock sucked than the US economy.

          This was a bipartisan fuckup. Don't kid yourself. The Clinton administration was asleep at the wheel and democrats voted for it en masse too. They'd have done whatever clinton wanted them to. In case your memory is fuzzy, here's the numbers
          House Democrats: 75% yay (155-51)
          Hou

      • What bank CEOs did was idiotic and a byproduct of Greenspan's Randian/laissez faire outlook on "self-regulation".

        I am curious what you see that is "Randian" or "laissez faire" about Greenspan or his actions. Sure, he was a free-marketeer back in the 60s, but the dude had absolute power over the monetary policy of the entire country. There is nothing laissez-faire about that. Rand was in favor of ending the Federal Reserve altogether - the Greenspan of the last decade was out for gaining political power, not acting on principle.

        With that said, the real outrage is that some of the CEOs of failed banks made millions off there own failures.

        That is definitely true. Those companies should have gone into bankruptcy, not be rescued fr

        • by Yold ( 473518 )

          He blocked efforts to regulate the derivatives market, saying it would "self-regulate". He believed that allowing market-correction was the best way to deal with fraud/over-valuation.

          Calling Greenspan "Randian" was a bit of hyperbole.

      • by camg188 ( 932324 )

        Bank CEOs were reckless, the government was allowing it to happen, and a bunch of toxic assets were being rated as AAA bonds.

        "s/was allowing/caused/"
        Weren't those toxic assets created due to bad legislation and wasn't it Fannie Mae and Freddy Mac that bundled those assets with solid ones in order to get them a AAA rating?

      • When you become CEO you should sign a contract saying "I will return 100% of my bonuses if my fuckups cause this company to fail".

        They do. It used to be called "bankruptcy". Sadly, we have a serious aversion to that under the current administration because it might be uncomfortable for many people living beyond their means.

        GM, GMAC, GE, countless banks, many insurance companies --- all of them "bailed out" of bankruptcy.

        And yes, I am bitter and pissed, as are MANY other business owners. My comp
        • Re:Agreed (Score:5, Insightful)

          by Yold ( 473518 ) on Friday April 09, 2010 @11:14AM (#31790634)

          Do you know what a corporation is? A corporation going bankrupt is not the same as a proprietorship going bankrupt; this is the whole reason that you start a corporation... to shield your salary/earnings in case the company goes under. The trade-off is that you essentially pay income tax twice (it is wayy more complicated though).

          • Yes, I know exactly what a corporation is. I own one. Do you realize that corporations are owned by actual people? And those people (owners) hire managers to run the corporation? And those managers are hired/fired at will and are answerable to the owners/shareholders?

            My point still stands: the moral hazard created by removing bankruptcy changes behavior at all participant levels and leads to perverted incentives that lead to disastrous results. If there is no risk for the owners, then they have n
      • Close. The returning of bonuses to the people you screwed should be a part of the government regulation covering people who fuck around with other peoples' money, e.g. "bankers". An escrow or trust account, could hold the money for n months, where n is long enough to determine guilt/blame. Sign whatever contracts you want, but when you lose at the tables, erm... "business", you'll never see your bonus. No restriction on the mythical free trade, just a means of ensuring that everyone plays fair.
      • Its a violation of the law to commit fraud. Most, if not all, of the major banks engaged in fraudulent accounting, at the very least. They used this fraudulent accounting to show excess paper profits, and used those profits as a justification to pay very large bonuses. Then, when the winds turned, none of these banks had enough cash on hand to weather the storm.

        There should be a Pecora Commission, and a perp walk, to say the least. These banks did exactly what Enron did. Enron saw its comeuppance, so should

      • What bank CEOs did was idiotic and a byproduct of Greenspan's Randian/laissez faire outlook on "self-regulation".

        Because it was God Himself who ordered the banks to give loans to people with low income, bad credit, and no down payment. Or maybe it was Barney Frank [nytimes.com]... Just stop. Stop blaming capitalism. If you hate capitalism, there are about 100 socialist countries you can go suck off of.

  • Question.... (Score:5, Interesting)

    by mark-t ( 151149 ) <markt@ner[ ]at.com ['dfl' in gap]> on Friday April 09, 2010 @10:10AM (#31789742) Journal
    ... what do you do if you get counterfeit bills from an ATM?
    • When ever a transaction doesn't go correctly at the bank you should contact the bank immediately. If it takes your money and doesn't credit your account, this is what receipts are for. If you receive counterfit cash, I'd park my car at the atm window and make sure you call the bank ASAP. It's a direct CYA move. The longer you wait to contact a bank the more difficult it is to fix the problem. If you have a bank ATM card, it's good to put their phone number on your cell, so if you card is lost or stolen

    • Re:Question.... (Score:4, Informative)

      by FLEABttn ( 1466747 ) on Friday April 09, 2010 @11:44AM (#31791104)
      What you're supposed to do is return them to the bank or contact the secret service and turn the money over. However, you're not reimbursed for this. If the ATM gives you a fake $20 and you go inside and give it to the bank, you're out those $20 because they didn't witness what happened between you getting the money and you coming inside the bank. Knowing that, what you do with the counterfeit money is sort of up to you. Maybe you didn't realize it was counterfeit and will spend it anyways. It's best to withdraw cash from inside the bank and verify it in front of the teller, because if they see that you didn't swap any bills and you were given a fake by them, they will exchange it.
      • by Acer500 ( 846698 )
        IDK about the US, but over here withdrawing from the teller costs money, and you're subject to the absurd working hours of the bank.

        OTOH, if you withdraw from the ATM you're liable to the sort of things you mention (I'm still out U$ 300 from the Bank Boston - now Banco Itaú in Uruguay, and will never do business with them again whenever possible, from an ATM failure that resulted on withdrawal from my account without me receiving the money, and even appealing to the bank didn't work)
    • by cusco ( 717999 )
      Happened to me. Took a bunch of cash out of the ATM before a trip to Peru. When I got there I found that one of the bills was fake. I kept it until I got back to the States and spent it here. Years ago I got a fake $100 from a bank teller. When I tried to change it in Peru (I didn't know there was anything wrong with it, I thought it was just old) I ended up spending the weekend in jail until I could convince the judge on Monday that I didn't belong to the group of gypsies that coincidentally had been
  • by blair1q ( 305137 ) on Friday April 09, 2010 @10:18AM (#31789850) Journal

    Is this the dude who put that "This bank charges a $3 fee for you to get your own money" exploit on there?

    I hate that.

    Hang him.

  • by Bill, Shooter of Bul ( 629286 ) on Friday April 09, 2010 @10:19AM (#31789860) Journal

    And I suggest you do not use them either. They just operate and behave wrongly, even when they don't have malware installed.

    They're slow. -- ATM's in the 80's were faster.
    They're obviously running window XP. -- The standard windows sounds are used.

  • by LinuxIsGarbage ( 1658307 ) on Friday April 09, 2010 @10:22AM (#31789898)

    This is why banks should use Linux. That way it would be impossible to install the same malware on all systems. Because each slightly different model, released on slightly different dates, would have different versions of incompatible libraries

    “Why GNU/Linux Viruses are fairly uncommon” from Charlie Harvey [gnu.org]

    • Re: (Score:3, Funny)

      by rickb928 ( 945187 )

      ATMs used to be run on OS/2. I would very rarely see one stuck at the Presentation Manager startup screen.

      Nowadays, seeing an ATM stuck at the XP boot screen or BSOD isn't reeally novel.

      But the entire concept of running ATMs in XP is indeed troubling. A custom distro based on Debian would seem a good way to do it.

      Watch that the first Linux ATMs run Mandriva. Ugh. At least they should run Gentoo just to mess with 'us'.

  • Caverly, who worked on the bank's IT staff, allegedly withdrew cash untraceably from the ATMs over a period of 7 months last year.

    Someone watched Officespace one too many times.

  • ... sends out an alert on the 1st April? Seriously?

  • by Zontar_Thing_From_Ve ( 949321 ) on Friday April 09, 2010 @11:37AM (#31790968)
    The article mentions how some malware previously seen in Ukraine and Russia has shown up in the USA for the first time. While I have not been to Russia, I have been to Ukraine several times. For years now, Kiev (the capital of Ukraine) has been infamous for ATM fraud. Rule of law is very weak in Ukraine and police and the judicial system are notoriously corrupt. Anyone "caught" for ATM fraud could just bribe his way out of trouble. I even heard of fake ATMs placed in various locations in Kiev that never give out money, all they do is record info off the ATM cards and pin numbers and that info is used by the crooks later. It's been like this since at least the early 2000s. I never used an ATM on the times when I was in Kiev. I brought enough cash with me to use anytime I was going to Kiev. For the record, I used ATMs in various other Ukrainian cities and I never had a problem. In fact the only city I've ever heard of ATM fraud happening in is Kiev, but it wouldn't surprise me if it happened in some other large cities like Odessa.
    • by cusco ( 717999 )
      That happens all the time in the US. Someone shows up at the mall early Friday morning with a new ATM and an official-looking shirt. Sometimes the guards even help them bring it into the building and find a power outlet. The machine sits there all weekend, and every time someone puts a card and PIN into it the machine comes back with a polite message about how it's out of order. Monday morning the official-looking shirt guy shows up and says that there have been complaints that the machine is not workin
  • by geekoid ( 135745 ) <dadinportland.yahoo@com> on Friday April 09, 2010 @12:13PM (#31791524) Homepage Journal

    for electronic cash transactions.

    I expect to be back to only using cash in about 20 years.

    • I expect to be back to only using cash in about 20 years.

      If the economy keeps heading in the direction it's going, I expect to be using the barter system within 20 years.

      Like as in: Hey Mr. Blacksmith, I'll swap you 3 dozen fresh hen's eggs for a pound of nails and this here yearling billygoat for welding up my broken plow blade.

  • withdrew cash untraceably

    Um, apparently not.

After all is said and done, a hell of a lot more is said than done.

Working...