Bank Employee Plants Malware on ATMs

Wired's Threat Level has a piece on a Bank of America employee, Rodney Reed Caverly, who has been charged with installing malware on ATMs in North Carolina. Caverly, who worked on the bank's IT staff, allegedly withdrew cash untraceably from the ATMs over a period of 7 months last year. "The charges were filed the same day that credit card company Visa warned the banking industry that Eastern European ATM malware recently showed up in America for the first time. That code, initially spotted last year on some 20 ATMs in Russia and Ukraine, was designed primarily to capture PINs and bank card magstripe data, but also allowed thieves to instruct the machine to eject whatever cash was still in it... At least 16 versions of the East European malware have been found so far and were designed to attack ATMs made by Diebold and NCR, according to the April 1 Visa alert. There is no information tying the malware found in Russia with the malware allegedly used by Caverly."

Re:Poor Diebold ATM programming

[thijsh]

You misspelled $1 million as $1. ;-)

Re:hmm...

[Stenchwarrior]

He accidentally withdrew $305326.13. Must have put a decimal in the wrong place...he's always messing up some mundane detail like that, from what I understand.

Re:Poor Diebold ATM programming

[MiniMike]

Never, ever deposit money into an ATM in that manner, especially a Diebold ATM.

If you don't deposit any money, will it still count your votes?

wait a second

[blair1q]

Is this the dude who put that "This bank charges a $3 fee for you to get your own money" exploit on there?

I hate that.

Hang him.

They should run Linux

[LinuxIsGarbage]

This is why banks should use Linux. That way it would be impossible to install the same malware on all systems. Because each slightly different model, released on slightly different dates, would have different versions of incompatible libraries

“Why GNU/Linux Viruses are fairly uncommon” from Charlie Harvey [gnu.org]

Re:They should run Linux

[rickb928]

ATMs used to be run on OS/2. I would very rarely see one stuck at the Presentation Manager startup screen.

Nowadays, seeing an ATM stuck at the XP boot screen or BSOD isn't reeally novel.

But the entire concept of running ATMs in XP is indeed troubling. A custom distro based on Debian would seem a good way to do it.

Watch that the first Linux ATMs run Mandriva. Ugh. At least they should run Gentoo just to mess with 'us'.

Re:Poor Diebold ATM programming

[oldspewey]

Yes, but just not as many times.

So your idea is "screw blind people!"

[Anonymous Coward]

Make them all touch screen - no more buttons.

"Hey blindey, what's the matter? can't see the screen?!?"

Re:WinXP

[hyc]

Windows-anything handling your money is Just Not a Good Idea.

http://www.flickr.com/photos/27159137@N08/3186737368/ [flickr.com]

If the economy keeps...

[Nick Driver]

I expect to be back to only using cash in about 20 years.

If the economy keeps heading in the direction it's going, I expect to be using the barter system within 20 years.

Like as in: Hey Mr. Blacksmith, I'll swap you 3 dozen fresh hen's eggs for a pound of nails and this here yearling billygoat for welding up my broken plow blade.