Bank Employee Plants Malware on ATMs

Wired's Threat Level has a piece on a Bank of America employee, Rodney Reed Caverly, who has been charged with installing malware on ATMs in North Carolina. Caverly, who worked on the bank's IT staff, allegedly withdrew cash untraceably from the ATMs over a period of 7 months last year. "The charges were filed the same day that credit card company Visa warned the banking industry that Eastern European ATM malware recently showed up in America for the first time. That code, initially spotted last year on some 20 ATMs in Russia and Ukraine, was designed primarily to capture PINs and bank card magstripe data, but also allowed thieves to instruct the machine to eject whatever cash was still in it... At least 16 versions of the East European malware have been found so far and were designed to attack ATMs made by Diebold and NCR, according to the April 1 Visa alert. There is no information tying the malware found in Russia with the malware allegedly used by Caverly."

Re:Poor Diebold ATM programming

[Anonymous Coward]

Never, ever deposit money into an ATM in that manner, especially a Diebold ATM.

I worked for them at one point as a systems engineer and was friends with the engineering group - I was told that they have a "fair" fail rate on the device that you feed the envelope into. On some of the older ATM models there was a gap where it was possible for the envelope to thread downwards instead of into the deposit bin, and you had to take the ATM apart to get those envelopes back.

That was one of the chief complaints they fielded at the call centers for ATM's - banks would call them and say they would have customers who said they made a deposit, but no envelope was present. They would have to dispatch a service engineer to recover them.

Re:WinXP

[Anonymous Coward]

Diebold ATM's run a special version of Windows - it's not stock Windows XP. They work directly with Microsoft to create a specialized version where Diebold has much more control of the low-level functions and it's missing a lot of standard Windows components. I worked there for a years.

Now I'm not saying that it is 100% safer and full-proof as I hate the fact that it is Windows-anything, but its definitely better than stock XP.

Re:WinXP

[LinuxIsGarbage]

Although I hear diebold does better with ATM's, I can't help but wonder how much effort they put into ATM security versus the voting machine fiasco.

I went to a Bank of America branch here in Eastern NC one day last year, and saw a Windows XP error screen on the ATM. I then saw a Diebold guy coming out of the bank, and asked him about it. He says that the BoA ATMs are now running XP on them. How safe do you feel knowing that?

A lot of ATMs have been running Windows for years. I remember 10 or so years ago after I finished my transaction the ATM rebooted. On the green monochrome screen was the POST check, followed by a Windows NT splash screen. I've also seen various Windows errors over the years on ATMs. Some were still NT4.0 errors, even recently. A lot of kiosks run Embedded version of Windows. As do cash registers.

I've also seen my fair share of Linux based kiosks sitting with an error, or in an endless reboot cycle, so Windows isn't alone in this regard.

Re:UNfortunately

[violasvegas]

Actually, what some of these CEO's did was pretty plainly illegal. See - Lehman Brothers and the use of Repo 105. NY Times has a good breakdown. You can find it here: http://dealbook.blogs.nytimes.com/2010/03/12/the-british-origins-of-lehmans-accounting-gimmick/ [nytimes.com] Even their own internal legal review determined that the practice was illegal in the US, hence the need to do it secretly in England.

Re:UNfortunately

[blair1q]

Yes I see your point. Let's make what those CEOs did ILLEGAL.

Oh wait, borrowing from each other to make unsecured wagers on other people's debt positions was illegal. Until it wasn't.

(For you amateur politicians: The retraction of the Bucket Shop laws was added onto a spending bill in 2000. Bill Clinton signed it, because it was a couple of lines in a thousand-page bill, but it was the banking industry's paid-for congresscriminals who stuck it there. Moral: Never allow the GOP to hold power in congress again. When they abuse parliamentary tactics, it costs us $700 billion off the top, and millions of jobs.)

Re:WinXP

[PalmKiller]

Well as an aside, it is windows XP embedded kiosk edition, but other than that, its the stock banana, so all the viruses and back doors will still work as written.

Re:UNfortunately

[Yold]

I think that True market forces can do a better job at regulation than the US Government can.

Until greed, credit, and gullibility enter into the equation. What do you think causes the Great Depression? Unregulated securities markets and overvalued stocks fueled by the credit of your average citizen. What do you think causes the last recession? Under-regulation in the securities markets, and overvalued bonds fueled by the credit (mortgages) of your average citizen. For fucks-sake, my 20 year old friend had a $150,000 mortgage on $30,000 of income for a house that is now worth $40,000. He defaulted, along with basically the whole neighborhood.

Re:Question....

[FLEABttn]

What you're supposed to do is return them to the bank or contact the secret service and turn the money over. However, you're not reimbursed for this. If the ATM gives you a fake $20 and you go inside and give it to the bank, you're out those $20 because they didn't witness what happened between you getting the money and you coming inside the bank. Knowing that, what you do with the counterfeit money is sort of up to you. Maybe you didn't realize it was counterfeit and will spend it anyways. It's best to withdraw cash from inside the bank and verify it in front of the teller, because if they see that you didn't swap any bills and you were given a fake by them, they will exchange it.