This is Great, I want one of these cards and a list of ATM’s.
http://www.sophos.com/blogs/gc/g/2009/03/18/details-diebold-atm-trojan-horse-case/
http://www.theregister.co.uk/2009/03/17/trojan_targets_diebold_atms/
From the Security Now Podcast http://www.grc.com/sn/sn-200.htm
Steve: It’s like, oh, goodness, yeah. It’s quite something. So the big news, though, I just sort of had to kind of smile because I told all of our listeners this was going to happen. I said just wait, this is a bad idea, we’re going to see how bad it is. Trojans have – Trojan software has been found in ATMs located in Eastern Europe. |
Steve: From many different vendors. |
Steve: But what one thing do all of the trojan-infected ATMs have in common, Leo? |
Steve: The LSASS service is the manager of protected content in the system. It’s not quite the right acronym. I can’t think of what it is right now. But it’s like the main security service. And fake ones have been found in the Windows directory. The LSASS EXE normally lives in the Windows System32 directory. They were written in Borland’s Delphi. |
Leo: Well, that’s kind of sophisticated for a hacker. Wow. |
Steve: And it’s considered, I mean, it’s commercial-grade code. It’s good code. |
Steve: These are not remote installation Trojans. It’s believed that somebody had to have access to the machines. |
Steve: But they have special credit cards. When they swipe the special credit card in the infected machine, it accesses the trojan software, which among other things allows them to dump out all the cash from the machine. But in the meantime it’s logging all of the users’ information and PINs, which it’s able to dump out encrypted with DES encryption from the printer, from the ATM printer in the front of the machine. |
Steve: So the – and anyway, so it’s interesting to me. Again, it’s, you know, people defended the idea of implementing these things that I contend should never have been written in Windows. They say, well, but it’s easier to write them. And it’s like, yes. |