Version BAD NETWORK/FIREWALL
lecture: ATMs how to break them to stop the fraud
How to stop the ATMs fraud? How to protect ATMs from attacks such as black box jackpotting? How to prevent network hijacking such as rogue processing center or MiTM? Some of these issues can be fixed by configuration means, some fixed by compensation measures, but many only by vendor. We will tell you about what bank can do now and what we as a community of security specialists should force to vendors.
Guys with malicious intentions never sleep, but make their bad deal all days, all nights.
When you have your five-o-clock beer, they open service zone of ATM and connect "magic box" that make ATM empty. Alternatively, sometimes banks security guys may watch video surveillance footage with man-in-the-hoody, who make something in the nearby corner of ATM. Surely, ATM is empty again! On the other hand, banks may not have any video monitoring so they cannot imagine how ATM became empty without any forensics evidence.
We have collected huge number of cases on how ATMs could be hacked during our researches, incidents responses and security assessments. A lot of malware infects ATM through the network or locally. There are black boxes, which connect to communications port of devices directly. There are also network attacks, such as rogue processing center or MiTM.
Before we spoke about vulnerabilities and fraud methods used by criminals. Now we would like to combine our expertise to help financial and security society with more direct advices how to implement security measures or approaches to make ATMs more secure.