Bank Employee Plants Malware on ATMs

Wired's Threat Level has a piece on a Bank of America employee, Rodney Reed Caverly, who has been charged with installing malware on ATMs in North Carolina. Caverly, who worked on the bank's IT staff, allegedly withdrew cash untraceably from the ATMs over a period of 7 months last year. "The charges were filed the same day that credit card company Visa warned the banking industry that Eastern European ATM malware recently showed up in America for the first time. That code, initially spotted last year on some 20 ATMs in Russia and Ukraine, was designed primarily to capture PINs and bank card magstripe data, but also allowed thieves to instruct the machine to eject whatever cash was still in it... At least 16 versions of the East European malware have been found so far and were designed to attack ATMs made by Diebold and NCR, according to the April 1 Visa alert. There is no information tying the malware found in Russia with the malware allegedly used by Caverly."

Poor Diebold ATM programming

[DanTheStone]

I once deposited cash at a Diebold BofA ATM that didn't use envelopes. The little door around the cash-taker closed on the bills and stuck there, so I had to slide/pull them back out. It couldn't read the amount I'd put it (since it ended up being $0) so it made me enter it on the keypad. It wouldn't accept that I'd deposited $0, so eventually I told it I'd deposited $1 so it would give the card back.

To put a long story short, those things are not well-programmed.

Re:hmm...

[Monkeedude1212]

who has been charged with installing malware on ATMs in North Carolina. Caverly, who worked on the bank's IT staff, allegedly withdrew cash untraceably from the ATMs over a period of 7 months last year.

Wait - so if they caught the guy, how the hell is that untraceable?

Just because you don't follow the money doesn't mean you aren't tracing.

Re:Great

[poetmatt]

Although I hear diebold does better with ATM's, I can't help but wonder how much effort they put into ATM security versus the voting machine fiasco.

Meanwhile, ATM's have always been pretty shoddy on security. It's a given. People essentially have physical access to the device.

I wonder if it would be better to have ATM's running a virtual or other remote hosted ATM client so that nothing is hosted on the ATM directly? Or is this already being done in some places?

Question....

[mark-t]

... what do you do if you get counterfeit bills from an ATM?

Will not use BoA atms!

[Bill, Shooter of Bul]

And I suggest you do not use them either. They just operate and behave wrongly, even when they don't have malware installed.

They're slow. -- ATM's in the 80's were faster.
They're obviously running window XP. -- The standard windows sounds are used.

Re:Poor Diebold ATM programming

[Anonymous Coward]

Yes, the Diebold atms software does suck, and the software looks like ancient (probably 16 bit) software written by monkeys running on top of windows XP. If it runs long enough, you have to go in and allow more swap space (for some reason windows management of the swap don't work well for their software) and reboot, or simply reboot if you forgot to do the required weekly reboot. This spells a serious memory leak to me.

I have on occasion looked at the monitor and keyboard inside the bank when it would crash with out of memory resources condition (they use a keyboard/monitor extender that works over regular cat 5 to get those into the building, which I think in itself is a security issue...yea the atm is locked, but with the correct extender box, you could tap into the cat 5 that is right in the open and control the atms keyboard and mouse).

Re:WinXP

[Anonymous Coward]

A couple of years back, I saw an engineer fixing one of the mini-ATMs you get in bars and rest stops, and it booted in to IBM OS/2 Warp - bet eastern European hackers would have trouble cracking that one.

Re:WinXP

[PalmKiller]

NO AC, it is not special, it is the regular plan vanilla. It is stock XP with branding done on it with the Diebold name (just like DELL and all the others do to their XP to make them look special)...and yea its installed with a script that leaves out some windows stuff that you don't need...but again this is not special either. I can't say how I know, but trust me I know.

Re:UNfortunately

[Anonymous Coward]

And Communism in Russia failed because it wasn't true Communism. Please give true Communism a chance.

Article mentions ATM fraud in Ukraine and Russia

[Zontar_Thing_From_Ve]

The article mentions how some malware previously seen in Ukraine and Russia has shown up in the USA for the first time. While I have not been to Russia, I have been to Ukraine several times. For years now, Kiev (the capital of Ukraine) has been infamous for ATM fraud. Rule of law is very weak in Ukraine and police and the judicial system are notoriously corrupt. Anyone "caught" for ATM fraud could just bribe his way out of trouble. I even heard of fake ATMs placed in various locations in Kiev that never give out money, all they do is record info off the ATM cards and pin numbers and that info is used by the crooks later. It's been like this since at least the early 2000s. I never used an ATM on the times when I was in Kiev. I brought enough cash with me to use anytime I was going to Kiev. For the record, I used ATMs in various other Ukrainian cities and I never had a problem. In fact the only city I've ever heard of ATM fraud happening in is Kiev, but it wouldn't surprise me if it happened in some other large cities like Odessa.