Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

ATM code sniffing results from poor security audits

Fortify : 09 June, 2009  (Technical Article)
Fortify reports that extensive code auditing could have prevented the recent spate of data-sniffing that has taken place in Eastern Europe for extracting cardholder data
Reports that hackers have developed a range of data-sniffing and stealing trojans that have skimmed cardholder data from Eastern European ATMs since the end of 2007 highlight what can happen if security code auditing is not carried out at all stages in program development, says Fortify Software, the application vulnerability specialist.

'Our colleagues at Sophos and SpiderLabs have discovered that the trojans home in on the data stream from the magnetic stripe of ATM users' cards and store/relay that data for subsequent fraudulent usage,' said Richard Kirk, Fortify's European director.

'What's interesting about this case is that, if the ATM program code - which probably runs on Windows operating system as most ATMs are driven by the Microsoft operating system - had been fully code audited from day one, the security loophole that allows this trojan to operate probably wouldn't be there,' he added.

What is also of concern, says Kirk, is the fact that hackers were able to use their trojan applications for around 18 months - and refine their own program code many times - before being detected.

This, he says, indicates that the hackers probably have a development process equal to, if not better, than the developers of the ATM software.

This, he explained, is ironic, and illustrates the dedication - driven by the illegal revenues available - that criminal gangs now have when pursuing their illegal careers.

'Now that the hackers' trojans have been rumbled, they will probably move on to new revenue-generating pastures. It is to be hoped that these pastures do not include the bank's ATM-controlling computers, otherwise we're all in deep trouble,' he said.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo