Criminals Sneak Card-Sniffing Software on Diebold ATMs
Robert McMillan writes on PC World:
Diebold has released a security fix for its Opteva automated teller machines after cyber criminals apparently broke into the systems at one or more businesses in Russia and installed malicious software.More here.
Diebold learned of the incident in January and sent out a global security update to its ATM customers using the Windows operating system. It is not releasing full details of what happened, including which businesses were affected, but said criminals had gained physical access to the machines to install their malicious program.
"Criminals gained physical access to the inside of the affected ATMs," Diebold said in its security update. "This criminal activity resulted in the operation of unauthorized software and devices on the ATMs, which was used to intercept sensitive information."
The break-in occurred in Russia and affected "a number" of machines, said DeAnn Zackeroff, a company spokeswoman. "The incident was a low-tech break-in to the ATM, but they had a high-tech knowledge of how to install the virus," she said.
Diebold did not say exactly how the criminals were able to install the software on the systems, but its security update advises customers that there are several factors that can increase the risk of such a hack. They include using administrative passwords that have been compromised; not using the locked-down version of Windows that Diebold provides; or misconfiguring the Symantec firewall software that comes with the ATMs.