More details on the Diebold ATM Trojan horse case

Filed Under: Law & order, Malware

Yesterday, Vanja Svajcer of SophosLabs described how he had discovered malware which appeared to be designed to steal information from users of Diebold ATM cash machines. I also published some discussion here on the Clu-blog about how the Trojan horses could potentially be exploited by a criminal gang.

Last night, Vanja and I spoke to Bob McMillan, a journalist who had seen me post on Twitter about our discovery, who then went one stage further and uncovered that Diebold had contacted customers in January warning them about the urgent security threat to their systems.

Urgent security advisory from Diebold regarding ATM malware

Diebold issued an update to its ATM software, and recommended that it be installed on all of its Windows-based ATMs globally. According to the company, the update should prevent the Skimer-A Trojan horse from successfully stealing information from cash machine users.

In addition, they confirmed that hackers from Russia had attempted to plant the malicious software on ATMs in an audacious attempt to steal money. What isn't publicly known yet is how the hackers - who have been apprehended according to Diebold - managed to gain physical access to a number of ATMs in Russia.

Was it a breach in security along the supply-chain that delivers ATM hardware to banks, or an inside job? All Diebold has said so far is that there was not a network-level security compromise.

In a cover letter which accompanied the critical security update, Diebold reminded customers to follow best practices to minimise the chances of security breaches:

"This latest offense against Diebold ATMs is another example of the growing level of sophistication and aggression involving ATM-related crime. Security is one of Diebold's absolute priorities and our engineers are working constantly to address emerging ATM security threats. Diebold continually emphasizes the customers' role in reducing the risk of attacks by following industry-standard security procedures related to managing physical access to ATMs, password management and software updates."

My opinion is that we shouldn't be that surprised that some hackers might now be targeting the ATMs directly, rather than just the bank customers using the internet to manage their online finances. After all, as legendary American robber Willie Sutton answered when asked why he robbed banks, "that's where the money is."

, , ,

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.