This page has been archived and commenting is disabled.
ATMs Open to Hacking
Follow ZeroHedge in Real-Time on FinancialJuice
Computer programs are obsolete before they even get put on the market and it’s been that way for years now. There’s also the added bonus of actually making sure that the buyers keep buying and always want the latest. Obsolescence has been part of our lives ever since we went digital, hasn’t it? Perhaps even before then. But, back then, things lasted longer than they do today. Or is that just the old folk that reminisce about the past and how good it actually was? Well maybe we will all be harking back to a better time in the next few weeks when Microsoft pulls the plug on the updates to banks’ ATMs around the world.
Most bank machines (95% of ATMs I the world) use Microsoft XP (OS) in their cash machines, wherever you are in the world. On April 8th 2014, Microsoft will no longer be providing those updates, leaving your and my ATM at the bank far more vulnerable than it was in the past. The software was originally installed in 2001.
But, that was when the banks had a lot of money to waste. Since the financial crisis, those updates have been thrown to the wayside. The banks are poor, so we are told. Although, it can’t be true when only in February it was announced that the USA’s six biggest banks ((JPMorgan Chase, Bank of America, Citigroup, Wells Fargo, Goldman Sachs and Morgan Stanley) had all made more profit in 2013 than compared to prior to the financial crisis. Net income for the six rose by 21% and reached $74.1 billion. That was all thanks to the rise in the stock market, due to false hopes from the Federal Reserve and virtual booming of the economy. In 2006, when the housing bubble was raking in more money than ever before (right at the peak before it burst), those six earned $84.6 billion and that’s the last time those six earned more profits than for 2013. JPMorgan Chase, for example, is expected to make $23 billion in profit alone this year. Wells Fargo is expected to see an increase in profit for the fifth year in a row, hitting $21 billion in 2014.
But, ok, let’s surmise that the banks don’t have enough money to pay for the update in the software. Or they have had enough of being just another cash cow to Microsoft and they don’t want tugging on their udders and getting milked for a new software program.
There’s only one problem with that and that’s the fact that the software is like a firewall to your computer and will stop cyber-attacks (or at least, slow them down).
Apparently, the banks in the world have agreed to update to a different operating system at some undefined time in the future. Apparently, the banks may not be aware that in the meantime, while the old operating system is no longer being updated and when the brand spanking new (and thus very expensive) software program comes into operation, there will be an open door for cyber-attacks on ATMs.
Two thirds of banks in the world will not be upgrading to a newer operating system by the deadline of April 8th. Why would the two thirds worry? Simply because that means that customers’ bank details and accounts will be accessible.
You can bet your bottom dollar that you will be taking from that ATM down the block that it will be costing the account holder more and more. If banks upgrade or request support from Microsoft, it has been suggested that it will cost millions (passed on to the account holder).
20% of ATMs in the world are in the USA. There are some 2.2 million worldwide with most running on the Microsoft XP OS. Plus, as anyone knows, change the software and the hardware will stop running and that means banks will also be replacing them in coming months and years. More money that the banking sector will have to find in its apparent poverty-stricken state and that it will be more than likely to pass on to the account holder again.
ATM? Another Trick by Microsoft (…along with the banks).
Originally posted: ATMs Open to Hacking
»
- advertisements -
I started my note...then saw Ralph SpoilSport beat me to it.
.....(PivotFarm gets his info from a Google search and MSM headlines....no thought put into the articles or any real research)......
Shouldn't the title read:
Airplanes Open to HackingATMs are fine. This is bullshit journalism.
incorrect
i watched a show two years ago about how to hack an atm...on TV no less
That's a convincing argument right there. /s
Bullshit indeed. ATMs are terminals running on dedicated lines that know how to dispense money and accept deposits. They never talk to anything else except the paired device they are connected to. OS/2 was also widely used for ATMs.
OMG it's Y2K all over again!
This would perhaps explain why this week Kiwibank in New Zealand decided to upgrade its crappy ATM machines after refusing to due costs for over 8 years. Happened pretty quickly too with them requiring access to all our communications panels.
Also this morning announced NZD CNY convertability, 6th currency to do so and 4th to recieve "merchant status" access to chinese forex systems.
NZ Official Cash Rate increased .25bps to 2.75% NZD jumped + Housing bubble starting to blow
Also today came into effect the "positive credit reporting act" where bank/other fianancial institutions customers credit files are openly shared, with an increased amount of specific data provided like who you pay how often you pay account names types of credit purposes of credit etc etc.
NZ Post / Department of internal affairs RealMe online Identity Verification Service, test system for total internet control after next false flag problem reaction solution type event...
Banking system hack/ crash in New Zealand? One of the first countries in the world to pass through our version of bail-ins the OBR Open Banking Resolution- We'll keep the banks doors open while using depositers funds to settle the banks underperformed postions.
AML-Anti Money Laundering CDD-Customer Due Dilligence CFT-Countering the Financing of Terrorism all enacted fully July 2013
Our bank no longer exchanging Indian rupeese buy or sell
Upgrading to SAP software for core banking - data mining anyone + positive credit reporting act = they know even more about you...
It's the stepping stone technique except now we seem to be putting on a bit of a double step as we get closer to the edge of the pond.
New Zealand is a shitty little fascist milk republic. Grow up you ...
....but they have Hobbits....
This article is poorly written, bullshit and fear mongering. Those ATMs are not exposed to the internet. It doesn't matter what OS they are running. The author obviously has never been an IT guy at a bank. This is clickbait...bad clickbait.
I agree that the article is way off target technically, but those ATMs have to go over some network, and it's probably the same public one that the internet uses. Even if the ATMs communicate via something akin to a VPN (virtual public network) those can be vulnerable to attacks. I don't know how, exactly, they communicate but I doubt they have dedicated communications wires running to each bank's data center. Let's file a FOIA request with the NSA to ask just how secure ATM communications are.
If Laquisha in Texas can see a transaction I made at an ATM in another state and can reverse the transaction, it is not a closed loop system so as such I don't need to tap the ATM itself but the communication line going out of the bank for starters.
That was pretty much what I was getting at. It's not the OS which might enable attacks, but the communications lines. In the pre-internet days I worked with a 2nd tier computer manufacturer (IBM was the first tier all by itself) and had coworkers that did the ATM stuff. Back then (1980s) I worked with both asynchronous and synchronous communications. In those days all communications went through AT&T, whether one used dial-ip and modems or had a leased line from AT&T. Everything still went through AT&T, with all their switching equipment, etc. The ability to suck information out of those connection points is beyond contention. (My sister worked for several different phone companies over the years and told me about the office at one company dedicated to the No Such Agency group.) As you correctly state, the ability to have communications intercepted is a primary vulnerability. The biggest vulnerability has nothing to do with the operating system (such as an embedded version of XP) or the application, despite what the main article says.
ATMs have, as others have pointed out, worked so well I'd be reluctant to see the current ones replaced. Who knows what the folks at No Such Agency will require be put into the OS or application on new ATMs?
Agreed. The conversation has gone from the vulnerability of the OS running on ATMs to methods for hacking into a bank's network (good luck with that). Peace.
Laquisha is changing data in the transaction database. She can't access the communication between the terminal concentrator and the ATM. Which communication line are you going to tap and how are you going to do it? There are ways for them to monitor if those ATM lines are physically being tapped.
I bet those ATM windose machines do not communicate directly over network (it does not matter if it is a dedicated wire or internet), and there are other devices which take care of the security and routing. Otherwise there would be some news about hijacked ATMs along those long years, I have never seen any. I guess those engineers building these ATM networks were not so stupid to put a LAN interface managed by windose to the open world.
The ATMs run a single application that never talks to anything except the paired equipment on the other end. Encryption is used for the comm link. There's no attack vector for malware and the ATMs could or should boot from a read-only device so malware couldn't get inside the ATM in the first place. If some crappy bank decides to do this over the internet, all bets are off of course.
ATMs have been around way longer than the internet. Banks have been doing secure transactions electronically for a long time. Yes they do have hard wired lines and it has nothing to do with the public internet, VPNs, or anything else accesible to the public. They are not incompetent idiots like the management at Target.
You are taking the article a little too personally there.
How so?
I fully expected a how to guide. Leaving disappointed.
Thank dog I don't keep anything in my account.
Even if I HAD anything to keep in my account.
Me, too. My wife seems to drain it immediately every payday.