JACKPOTS NO ….. Jackpotting !!
The Agencies in US have been warning US financial institutions that domestic ATMs are being targeted in jackpotting attacks, according to a well known security expert Brian Kerbs Jackpotting, in which thieves use a variety of tools to hack into ATMs and cause them to spill large amounts of cash on demand, has been a serious threat for several years now.
To conduct the remote hack, an attacker would need to know an ATM’s IP address or phone number. Jack said he believes about 95 percent of retail ATMs are on dial-up; a hacker could war dial for ATMs connected to telephone modems, and identify them by the cash machine’s proprietary protocol.
The Triton attack was made possible by a security flaw that allowed unauthorized programs to execute on the system. The company distributed a patch last November so that only digitally signed code can run on them.Both the Triton and Tranax ATMs run on windows-ce
Using a remote attack tool, dubbed Dillinger, Jack was able to exploit the authentication-bypass vulnerability in Tranax’s remote monitoring feature and upload software or overwrite the entire firmware on the system. With that capability, he installed a malicious program he wrote, called Scrooge.
Scrooge lurks on the ATM quietly in the background until someone wakes it up in person. It can be initiated in two ways – either through a touch-sequence entered on the ATM’s keypad or by inserting a special control card. Both methods activate a hidden menu an attacker can use to make the machine spew out money or print receipts. Scrooge will also capture magstripe data embedded in bank cards other users insert into the ATM.
To demonstrate, Jack punched keys on the keypad to call up the menu, then instructed the machine to spit out 50 bills from one of four cassettes. The screen lit up with the word “Jackpot!” as the bills came flying out the front.
To hack the Triton, he used a key to open the machine’s front panel, then connected a USB stick containing his malware. The ATM uses a uniform lock on all of its systems – the kind used on filing cabinets – that can be opened with a $10 key available on the web. The same key opens every Triton ATM.
Two Triton representatives said at a press conference after the presentation that its customers preferred a single lock on systems so they could easily manage fleets of machines without requiring numerous keys. But they said Triton offers a lock upgrade kit to customers who request it – the upgraded lock is a Medeco pick-resistant, high-security lock.
Similar malware attacks were discovered on bank ATMs in Eastern Europe last year. Security researchers at Trustwave, based in Chicago, found the malware on 20 machines in Russia and Ukraine that were all running Microsoft’s Windows XP operating system. They said they found signs that hackers were planning on bringing their attacks to machines in the United States. The malware was designed to attack ATMs made by Diebold and NCR.
Those attacks required an insider, such as an ATM technician or anyone else with a key to the machine, to place malware on the ATM. Once that was done, attackers could insert a control card into the machine’s card reader to trigger the malware and give them control of the machine through a custom interface and the ATM’s keypad.
The malware captured account numbers and PINs from the machine’s transaction application and then delivered it to the thief on a receipt printed from the machine in an encrypted format, or to a storage device inserted in the card reader. A thief could also instruct the machine to eject whatever cash was inside the machine.
A fully loaded bank ATM can hold up to $600,000.ATMs which are still running on Windows XP are said to be particularly vulnerable, according to the Krebs report.
AND important fact that most no.of ATM in India are still using Window XP .