If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Gizmodo)   Even the bad guys are using two-factor identification these days: Gang of thieves used USB sticks to infect ATMS with Malware that would empty the machine if a special 12 digit PIN was entered AND an 8 digit RSA-like Key that only the mastermind had   (gizmodo.com) divider line 42
    More: Interesting, USB, identification, malware, crew, designations  
•       •       •

3068 clicks; posted to Geek » on 31 Dec 2013 at 5:08 PM (34 weeks ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



42 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest
 
2013-12-31 03:29:20 PM
That's why you turn off autoplay.
 
2013-12-31 03:52:59 PM

RedPhoenix122: That's why you turn off autoplay.


I'm also a little alarmed to learn many ATMS are still bascially running Windows XP, the OS MS is going to stop releasing updates for  in a couple months
 
2013-12-31 04:07:47 PM

RedPhoenix122: That's why you turn off autoplay.


Is that you, Mr. Weatherman?

img.fark.net
 
2013-12-31 05:03:18 PM
I figure you'd want to make it really simple to get into the backdoor. That way when you get caught accessing it, you've got plausible deniability to say you're just a gy who stumbled across the backdoor, which generally results in less jail time than being the one who installed it.
 
2013-12-31 05:23:35 PM
Newsflash:  There is no security.  This is Ric Romero reporting.
 
2013-12-31 05:27:12 PM
How fricken hard would it be to disable the USB ports at the BIOS settings. Then when it needs service the tech just reboots to turn them on?

I give no f*cks to the banks for being simply LAZY.
 
2013-12-31 05:30:09 PM

serial_crusher: I figure you'd want to make it really simple to get into the backdoor. That way when you get caught accessing it, you've got plausible deniability to say you're just a gy who stumbled across the backdoor, which generally results in less jail time than being the one who installed it.



www.moviegoods.com


Sure, sure, I know... it just happened. Coulda happened to anybody.


It was an accident, right?


You tripped, slipped on the floor and accidentally stuck your dick in my wife.


"Whoops! I'm so sorry, Mrs. H. I guess this just isn't my week."

 
2013-12-31 05:33:33 PM

Magorn: RedPhoenix122: That's why you turn off autoplay.

I'm also a little alarmed to learn many ATMS are still bascially running Windows XP, the OS MS is going to stop releasing updates for  in a couple months




I'm sure to Diebold this is a feature not a bug
 
2013-12-31 05:55:19 PM
Just wait until we start finding chess pieces on the perpetrators.
 
2013-12-31 06:14:50 PM
If its a gizmodo article I'm just forced to assume they got the entire thing wrong.
 
2013-12-31 06:35:27 PM
Wouldn't a couple of raggedy access points sawzalled into the body of the thing be a little obvious?
 
2013-12-31 06:38:31 PM

RedPhoenix122: That's why you turn off autoplay.


That's a good start, but I read about some other potential exploits on another site regarding this story.
 
2013-12-31 06:39:18 PM
Two different numbers != two factor authentication. It's just single-factor authentication with a longer number.

/Something you know, something you have, something you are...
 
2013-12-31 06:45:11 PM

Baelz: How fricken hard would it be to disable the USB ports at the BIOS settings. Then when it needs service the tech just reboots to turn them on?

I give no f*cks to the banks for being simply LAZY.


If the US banks gave a fark, they would have been on chip and pin by now. At least it's more secure than a mag stripe. As it is, they care more about their stock prices and dividends, and less about spending on security.
 
2013-12-31 06:47:08 PM

RedPhoenix122: That's why you turn off autoplay.


At some point it doesn't really matter. You really think that autoplay can't be circumvented?
 
2013-12-31 06:55:27 PM

Magorn: RedPhoenix122: That's why you turn off autoplay.

I'm also a little alarmed to learn many ATMS are still bascially running Windows XP, the OS MS is going to stop releasing updates for  in a couple months


There are banks still using OS2 on ATMS.

Bank ATM security has nothing to do with MS, but with banks not properly locking down their machines.
 
2013-12-31 07:31:27 PM

RedPhoenix122: That's why you turn off autoplay.


I don't remember Autoplay nor even USB being supported on OS/2 Warp eComStation.
 
2013-12-31 07:32:32 PM
oh lawd.. them boys' actin up agin
 
2013-12-31 07:33:15 PM

I declare Jizad!: skinink: Baelz: How fricken hard would it be to disable the USB ports at the BIOS settings. Then when it needs service the tech just reboots to turn them on?

I give no f*cks to the banks for being simply LAZY.

If the US banks gave a fark, they would have been on chip and pin by now. At least it's more secure than a mag stripe. As it is, they care more about their stock prices and dividends, and less about spending on security.

IF (cost of upgrade) > (cost of customer complaints+refunds)
THEN (do nothing)

Jizad BASIC 2.0


Approves:
www.ronalfy.com
/hot
 
2013-12-31 07:35:23 PM

State_College_Arsonist: Just wait until we start finding chess pieces on the perpetrators.


I for one am amused and slightly ashamed to have recognized that reference.  Instantly.

moe.animecharactersdatabase.com

One INternet for you,
 
2013-12-31 07:38:29 PM
RoomFullOfMonkeys

Two different numbers != two factor authentication. It's just single-factor authentication with a longer number.

/Something you know, something you have, something you are...


Admittedly this is not described clearly in the article, but it sounds like this was some kind of rolling code or challenge response mechanism. Otherwise what's the point? Tell it to your guys once, they write it down, and then they can cut you out.

So something they know, the first sequence
And something the mastermind has, the key material/generator for the second sequence.
 
2013-12-31 07:51:17 PM

Magorn: RedPhoenix122: That's why you turn off autoplay.

I'm also a little alarmed to learn many ATMS are still bascially running Windows XP, the OS MS is going to stop releasing updates for  in a couple months


Actually, many of them are still running Windows CE.  Microsoft stopped supporting that in 2004.  Not that it really matters, even if they were running Windows Server 2012r2 they would have vulnerabilities within a few weeks because they aren't on a network that allows them to download patches.

By the way, they have been able to take over ATMs using USBs for several years.  Previously it was only the standalone ATMs like the ones in bars and convenience stores that were vulnerable.  The new part of this is the fact that someone figured out how to drill into the wall mounted models and access the USB port.

I saw the person who originally figured out how to pull it off do a talk and demonstration 4 years ago DefCon in Las Vegas.  Walking out of that talk I promised myself I would never miss another DefCon.

/He actually died earlier this year.
//RIP Barnaby Jack
 
2013-12-31 08:12:12 PM

viscountalpha: RedPhoenix122: That's why you turn off autoplay.

At some point it doesn't really matter. You really think that autoplay can't be circumvented?


It can, but in order for the virus to install itself automatically, it has to have something to trigger it.  A lot of viruses modify the autoplay from any medium inserted into the drive just so it can self replicate.  Without a direct interface, the only way these thieves are accessing the ATM software is through the USB interface, and the only thing triggering it is autoplay.
 
2013-12-31 08:42:11 PM
viscountalpha: At some point it doesn't really matter. You really think that autoplay can't be circumvented?

Let's not lock our doors against the common thief because pros can easily circumvent it.
 
2013-12-31 09:05:10 PM
What the f*ck is wrong with Information Technology nowadays?
 
2013-12-31 09:13:56 PM
ATMS
 
2013-12-31 09:17:41 PM

Poot beer: What the f*ck is wrong with Information Technology nowadays?


We don't have European levels of consumer protection? Or was that rhetorical?
 
2013-12-31 09:18:13 PM

HK-MP5-SD: Magorn: RedPhoenix122: That's why you turn off autoplay.

I'm also a little alarmed to learn many ATMS are still bascially running Windows XP, the OS MS is going to stop releasing updates for  in a couple months

Actually, many of them are still running Windows CE.  Microsoft stopped supporting that in 2004.  Not that it really matters, even if they were running Windows Server 2012r2 they would have vulnerabilities within a few weeks because they aren't on a network that allows them to download patches.

By the way, they have been able to take over ATMs using USBs for several years.  Previously it was only the standalone ATMs like the ones in bars and convenience stores that were vulnerable.  The new part of this is the fact that someone figured out how to drill into the wall mounted models and access the USB port.

I saw the person who originally figured out how to pull it off do a talk and demonstration 4 years ago DefCon in Las Vegas.  Walking out of that talk I promised myself I would never miss another DefCon.

/He actually died earlier this year.
//RIP Barnaby Jack


Here's Barnaby Jack's ATM hacking demo from DefCon: http://www.youtube.com/watch?v=Ss_RWctTARU

Basically, his attacks worked because of sloppy security.

/Change the locks on the physical cabinet
//Never default remote management to ON
 
2013-12-31 09:27:06 PM

Frederf: Poot beer: What the f*ck is wrong with Information Technology nowadays?

We don't have European levels of consumer protection? Or was that rhetorical?


This and we don't train developers and engineers in security unless that is their specific discipline.

"Who cares if our machine on our Point of Sale network is running Java 6 and the application I wrote to interface with it neither authenticates, authorizes nor encrypts the data it sends?"

He didn't actually say that, specifically, but that was clearly his sentiment. He justified this position by stating there are cameras looking at said devices.

/welcome to my Monday thru Friday.
 
2013-12-31 09:59:35 PM
"1, 2, 3, 4, 5, 6?  That's the same combination some idiot would use on his luggage!"
 
2013-12-31 10:02:10 PM
I caught a virus going ATM.
 
2013-12-31 11:03:39 PM

skinink: Baelz: How fricken hard would it be to disable the USB ports at the BIOS settings. Then when it needs service the tech just reboots to turn them on?

I give no f*cks to the banks for being simply LAZY.

If the US banks gave a fark, they would have been on chip and pin by now. At least it's more secure than a mag stripe. As it is, they care more about their stock prices and dividends, and less about spending on security.


If it made sense to implement chip and pin right now, the major companies would certainly invest in the companies that provide the readers, if not buy them out or start them up themselves.

The time will come, but it is simply not worth the investment right now. And there is nothing wrong with not spending money on useless things.
 
2013-12-31 11:26:37 PM
ATMs now have USB ports?
 
2014-01-01 12:04:04 AM
Are the mag stripes one or two tracks? I'm thinking the readers might be exploitable if you made a pseudo card that just flickered currents past the induction heads.  It's an input route.
 
2014-01-01 12:54:55 AM
The original Xbox game console obscured its use of USB with proprietary connectors that created a physical barrier between Xbox hardware and standard PC hardware.  This at least made it slightly inconvenient to someone able to modify the connectors to do anything with standard USB.  You'd think ATM companies wouldn't mind selling a lot of proprietary accessory hardware that banks would have to use to manage ATMs that wouldn't work easily with stuff that works with PCs.
 
2014-01-01 01:14:50 AM

Bucky Katt: ATMs now have USB ports?


Not sure. Those ATMS things apparently do.
 
2014-01-01 01:57:52 AM

Bucky Katt: ATMs now have USB ports?


They do and have for many years, but the USB ports are inside the machine.  The part that holds the money is protected like a safe, mainly because, well, that part actually is a safe.  The part that holds the electronics, not so much.  It is made of sheet metal, plastic, glass etc.  These thieves have figured out where to drill a hole in at least some model ATMs so that they can plug the USB in by sticking it in the hole.  The boss of the crew also found a way to stop the people working for him from keeping the money for themselves.

Nem Wan: The original Xbox game console obscured its use of USB with proprietary connectors that created a physical barrier between Xbox hardware and standard PC hardware.  This at least made it slightly inconvenient to someone able to modify the connectors to do anything with standard USB.  You'd think ATM companies wouldn't mind selling a lot of proprietary accessory hardware that banks would have to use to manage ATMs that wouldn't work easily with stuff that works with PCs.


I don't think they are accessing existing connectors.  I think they are getting access to the motherboard and connecting their own USB connector to an unused set of USB connector pins on the motherboard.  I haven't worked on an ATM since before USB existed, but in general, techs access them from the back.  It would make sense for the port to be pointing toward the back.  These thieves are apparently drilling in from the front.  It would be pretty hard to connect a usb drive to a backward facing usb port through a hole drilled in the front of the ATM.
 
2014-01-01 04:03:08 AM
Inside job by someone with average computer skills.
 
2014-01-01 06:45:51 AM

Frederf: Poot beer: What the f*ck is wrong with Information Technology nowadays?

We don't have European levels of consumer protection? Or was that rhetorical?


As someone who lives in Europe, these levels of consumer protection are a joke.
 
2014-01-01 11:06:20 AM
Actually it is the ATM manufacturers that are lazy and to blame. They design and build these machines with standard off the shelf motherboards. By design, most motherboards have USB connectors front and back or on each side as in the case of a laptop board. Using more proprietary connectors would not remove the problem but might make it more traceable. Also it is not the autorun that is the problem, when you plug in a USB device the computer checks the devices to install the drivers and support for the device.That is what the issue is.. you must disconnect the port completely, software and hardware to be effective.
 
2014-01-01 04:21:56 PM

skinink: If the US banks gave a fark, they would have been on chip and pin by now.


Why not Fish and Cushion?
 
2014-01-02 05:32:49 AM
oi39.tinypic.com
 
Displayed 42 of 42 comments

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »






Report