Feeds

Banks brace for cashpoint attack

Global ATM Security Alliance

  • alert
  • submit to reddit

The Essential Guide to IT Transformation

An international group of law enforcement and financial industry associations hopes to prevent a new type of bank robbery before it gets off the ground: cyber attacks against automated teller machines.

This fall the Global ATM Security Alliance (GASA) published what it says are the first international cyber security guidelines specifically tailored to cash machines. Experts see new dangers as legacy ATMs running OS/2 give way to modern terminals built on Microsoft Windows.

"The recommendations presented in this manual are essentially designed to provide a common sense approach to ... the rapidly changing threat model that the introduction to the ATM channel of the Windows XP and other common use operating systems, as well as the TCP/IP network protocol suite, has created," said the manual's author, Ian Simpson, in a statement.

The move comes one year after the Nachi worm compromised Windows-based automated teller machines at two financial institutions, in the only acknowledged case of malicious code penetrating ATMs. The cash machines, made by Diebold, were built on Windows XP Embedded, which suffered from the RPC DCOM security hole Nachi exploited.

In response to the incident, Diebold began shipping new Windows-based ATMs preinstalled with host-based firewall software, and offered to add the program for existing customers.

Though ATMs typically sit on private networks or VPNs, supposedly-isolated networks often have undocumented connections to the Internet, or can fall to a piece of malicious code inadvertently carried beyond the firewall on a laptop computer. Last year's Slammer worm indirectly shut down some 13,000 Bank of America ATMs by infecting database servers on the same network, and spewing so much traffic that the cash machines couldn't processes customer transactions.

The goal of the ATM cyber security best practices document, which has not been made public, and a related white paper developed by GASA, is "to be proactive in fighting what might be the next wave of ATM crime - namely cyber attacks," said Mike Lee, founding coordinator of the group, in a statement.

GASA's members include fraud prevention agencies, financial industry associations, the US Secret Service, Visa and MasterCard, and some ATM networks and manufacturers, including Diebold and NCR.

Copyright © 2004, SecurityFocus logo

Related stories

ATMs in peril from computer worms?
The ATM keypad as security portcullis
Ukrainian teen fights the Rise of the Machines

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.