Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Remote attack on ATM communications leads to large financial loss

Phion : 07 July, 2008  (Technical Article)
Phion recommends the use of secure VPN communications between ATM dispensers and central servers after Citibank loses out to financial fraud
It has emerged that hackers in the US gained access to ATMs operated for Citibank between October 2007 and March 2008. The thieves stole at least two $2 million before being caught. Dr Klaus Gheri, Chief Technology Officer at phion, one of the leading European suppliers for corporate communication protection solutions with numerous clients in the banking sector, comments on the dangers associated with cash point dispensers.

“The ATM itself is a well-secured system in physical terms but the network cable leading out of the machine is not. So, for security reasons it is imperative that communications are encrypted between the cash dispenser and centralised server systems. An attack on the connection would probably not have been successful if this simple method had been implemented. For this purpose banks – just like companies with mobile employees - must set up a Virtual Private Network (VPN), which facilitates both encrypted and secured communications.

“However, installing an additional software solution for this encryption can infringe existing Service Level Agreements with the cash point machine manufacturers. So the sole remaining measure is to encrypt the systems’ communication and to provide protection against attacks from the network using a Firewall/VPN-Box. The challenge facing the banks is to install such VPN-Boxes directly in the ATM casing. But there are space restrictions here and machines located outside are subject to enormous temperature fluctuations depending on the season. In addition to this conventional VPN management approaches cannot cope with the high number of locations – and providing onsite service is just too costly, for example, Link alone has over 61,000 cash point machines in the UK. This means that external and foyer-based cash point machines are a known security risk. One of the largest German private consumer banks had the foresight to implement such a solution with phion and is now protected against attacks of this nature.”

Consumers should not panic as a result of this theft. A cyber attack of this nature requires expert knowledge and an enormous effort. For private consumers the likelihood of being affected by such an attack is much lower than that of a credit card fraud.

The case has only been publicised as part of the legal proceedings against the three attackers and their fraudulent methods are still unknown. All that is known is that they conducted their attacks remotely, without coming close to the cashpoint machines. The ATMs in question were operated by external companies on behalf of Citibank.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo