Busy North Korean Hackers Have New Malware To Target ATMs (arstechnica.com) 25
Hackers widely believed to work for North Korea's hermit government have developed a new strain of malware that steals data used at automatic teller machines in India, researchers from Kaspersky Lab said on Monday. Ars Technica reports: One piece of malware, dubbed ATMDtrack by researchers with the Moscow-based security firm, has been targeting Indian ATMs since last Summer. It allows its operators to read and store data associated with cards that are inserted into infected ATMs. As researchers with the Moscow-based security firm investigated further, they found that the ATM malware was part of a larger remote-access trojan that carries out traditional espionage activities. Dubbed "Dtrack," it was used as recently as this month to target financial institutions and research centers.
Dtrack payloads were carefully encrypted with utilities known as packers, which made it hard for researchers to forensically analyze the malware. As the researchers analyzed the memory of infected devices, they found that that both ATMDtrack and Dtrack shared unique code sequences. When company researchers peeled away the layers of encryption and began analyzing the final payload, they saw pieces of code that were first used in a 2013 attack that wiped the hard drives of South Korean banks and broadcasters. The campaign, known as DarkSeoul, was eventually tied to Lazarus Group, the main hacking arm of the North Korean government.
Dtrack payloads were carefully encrypted with utilities known as packers, which made it hard for researchers to forensically analyze the malware. As the researchers analyzed the memory of infected devices, they found that that both ATMDtrack and Dtrack shared unique code sequences. When company researchers peeled away the layers of encryption and began analyzing the final payload, they saw pieces of code that were first used in a 2013 attack that wiped the hard drives of South Korean banks and broadcasters. The campaign, known as DarkSeoul, was eventually tied to Lazarus Group, the main hacking arm of the North Korean government.
Shitty atm security (Score:1)
Re:Shitty atm security (Score:5, Insightful)
Its an ATM. How else is it going to update accounts - or tell another system to do so - either after dispensing cash, paying bills, arranging a transfer or accepting cheques? There has to be some link between it and the main banking systems and this link *should* be over a private encrypted line, not the public internet, VPN or otherwise.
Re: Shitty atm security (Score:1)
Re: (Score:2)
Gosh, you're so clever. Not.
Obviously it doesn't talk to the mainframe direct, thats a given FFS and has been for decades. What do you think middleware is?
Re: (Score:3)
Way Less Smart Than You confessed:
I am having trouble imaging why an atm which sits exposed unguarded to the public 24x7 would be allowed any sort of real access further into the bank network.
This is appalling.
Only because you don't understand how ATMs work.
They need to interact with the bank's mainframe-based systems in order to verify the card's validity, query them to display the account's current balance, request and receive authorization to disburse the requested amount of cash, transmit confirmation that they have done so, and request that the amount disbursed be debited against that account.
The key word here is "interact."
The transaction record is actually processed as a m
Re: (Score:3)
I for one would imagine that the ATM communicates only with a gateway which exists specifically for that purpose, and that the ATM itself never reaches into any databases or touches any values anywhere directly, and has no ability to contact literally anything else on the network because it is locked down so hard. Why, is this not the way they do things? And if not, how do we get the people in charge onto the "B" ark, stat?
Re: (Score:3)
I would assume, that there is some intermediate server between ATM machine and central data base, however: we live in times, in which even such basic libraries such as openssl [cvedetails.com] and libxml2 [cvedetails.com] were/are literally riddled with exploitable holes. Try to write a stable and robust interface under such conditions.
Doing this right would cost money, which is typically better spent on greasing politicians. Ask Equifax ...
Re: Shitty atm security (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Do they make Mac ATM systems??
If they did, could you imagine the service fees?
Comment removed (Score:3)
Re: (Score:2)
Yeah, and while we're at it, let's hook cars up to horses and put an automatic whip pedal where the gas pedal was. Hint: banking is a lot more complicated than you can imagine.
Kaspersky doing good? (Score:1)
route of attack not mentioned (Score:1)
Where is this malware being installed - at the factory? One would hope that you can't reflash the machine with a credit card but if it is running windows you never know.
Security Measures against Hacking (Score:1)
Re: Security Measures against Hacking (Score:4, Insightful)
Re: (Score:2)
Yep, nothing like a bit of radiation circling the globe especially over N. America and Europe. Got any more bright ideas, Einstein?
Great, now I'll hve to go inside the bank. (Score:2)
Of course at the rate we're going, I'll have to have my employer FedEx me a box full of actual cash instead of a paycheck, because practically every day there's Yet Another Data Breach/Payment System Breach/Malware Attack On Financial Systems/And So On. At this rate we'll have to go back to carrying gold and silver coins because n