ATMs Globally At Risk Of Hacking And Viruses From April 8

GoldCore's picture

ATMs Globally At Risk Of Hacking And Viruses From April 8 ~~~ 

Today’s AM fix was USD 1,327.00, EUR 962.64 and GBP 802.78 per ounce.                      

Yesterday’s AM fix was USD 1,346.00, EUR 967.16 and GBP 809.72 per ounce.     

Gold dropped $26.10 or 1.93% yesterday to $1,329.30/oz. Silver fell $0.25 or 1.2% to $20.57/oz

Gold traded near the lowest in almost three weeks today as momentum traders and nervous longs pushed prices lower. Some participants interpreted the Fed’s policy statement as more hawkish than expected. Traders weighed the U.S. Federal Reserve’s indication that it may raise interest rates next year against the crisis over Ukraine.

Gold Bullion Coin and Bar Dispensing ATM

The short term trend and momentum is now down and gold is vulnerable to further falls. Gold had become overbought after its surge to 6 month highs and was due profit taking and a correction. Indeed, gold’s 6 month highs last week had led to a 14% gain so far in 2014 which if it had retained those gains, would have been gold’s best start to a year and the best first quarter for gold since 1985.

Gold is up 11% this year and reached a six-month high of $1,392.22 an ounce on March 17 as turmoil over Ukraine left Russia and the West embroiled in their worst confrontation since the Cold War. The abatement of unresolved tensions between Russia and the West has contributed to
gold bullion’s pullback.

Gold fell yesterday after Yellen said that the Fed would cut its monthly bond buying by $10 billion and said they will slow purchases in “further measured steps.” However, Yellen also made very dovish sounds and signalled that ultra loose monetary policies would continue.

Banking operations globally, including ATMs throughout the world, are threatened as support from Microsoft for Windows XP operating system will end from Tuesday, April 8. Windows XP also powers  medical devices, industrial control systems and some of the hardware used for swiping credit cards.

More than 95% of ATMs also run the operating system, according to NCR, the largest provider of ATMs globally. It expects only a third of ATM providers will upgrade before Microsoft’s April 8th cut-off according to the
Financial Times.

Banks are being asked to take immediate steps to prevent their ATMs becoming inoperational. The end of support for Windows XP is likely to increase the probability of attacks on such antiquated systems and may affect ATM operations according to Microsoft.

From April 8, 2014, Microsoft will stop issuing updates and patches for bugs in its Windows XP operating systems, which was released in 2001. It may be difficult to defend such attacks in the absence of Microsoft support. Microsoft themselves and experts have said that the probability of attacks is 100%.

Many banks have failed to upgrade their systems, including ATMs, and may still be working on Windows XP. They are being advised both by Microsoft and indeed by some central banks to take immediate steps to implement appropriate systems and controls.

The financial system remains vulnerable with much unappreciated technological and systemic risk. Owning non digital, physical bullion coins and bars in segregated, allocated accounts in Singapore is now one of the safest ways to own precious metals. Protect and grow your wealth by reading The Essential Guide To Storing Gold In Singapore

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Rising Sun's picture

stupid fucking banksters - use Unix

shankster's picture

What about gumball machines..hmm?

Intoxicologist's picture

My bank sends me an ATM card every so many years, whether I want it or not.  I don't use it, and it never leaves my house.   Last year, they switched vendors so I got a MasterCard to replace my Visa debit card.  It sat on my table for a month until I activated it to satisfy those bitches at Verizon, who required a card in order to bill me.  Within days, and even before I notified said unholy wireless company, my card was compromised and all the money in my account was drained.  I only keep about a hundred bucks in my account at any time, so the tool that stole my numbers was probably irate when all her online purchases got declined.  My bank asked, "Are you sure these aren't your charges?" 

"Well," I said, "I haven't been to France lately, or Peru." 

My money was returned.   

Happened to me years ago, as well.  New card, first bill: a three-night stay at some hotel in Dallas. 


I live in Wisconsin, and never left the county. 

Half the fraud's at the source.

AdvancingTime's picture

If cyber warfare and cyber-attacks are not on your list of modern worries, it is time you put them on. Either could make your life much more difficult or in a worse case scenario end it. A series of high-profile events since 2010 has highlighted the increasing and multifaceted threat of cyber-attacks.

U.S. cyber-security policy continues to evolve to meet these challenges, but critical gaps remain, including the incomplete protection of digital infrastructure vital to national security, such as power grids and financial networks. On a personal level having your accounts hacked, or having someone steal your identity can turn your life upside down. More on this subject below.

ebworthen's picture

Why would they be using XP?

Why not Linux Mint or Ubuntu or the like?

Even with XP, if the ATM's aren't connected to the Internet - there is no threat at all.

I keep hearing this story, and it reminds me of the hysteria over the year 2000.

nickt1y's picture

Why would they be using XP? The corporate safe choice. Nobody ever got fired for buying a Microsoft product.

PT's picture

Why XP?  Why Linux?  Why not the bank's own proprietary operating system?  They can do whatever they like.  If they want to.

madtechnician's picture

Get a bank to write it's own financial O/S ? Sounds like bitcoin to me ...

KickIce's picture

Probably, but what a great way to steal money or take a bank holiday without announcing it.

Ralph Spoilsport's picture

Here's Karl Denninger's take on ATMs and Windows XP:

"Nearly all of the ATMs in the world are running the Windows XP operating system, introduced by Microsoft 13 years ago -- and incredibly out of date, as any tech enthusiast will tell you.

On April 8, Microsoft will officially end the tech support for the aging OS, which was replaced by Windows Vista in 2007, Windows 7 in 2009, Windows 8 in 2012 and Windows 8.1 in 2013.

That means no further updates, including security patches to protect from viruses, spyware, and other malicious software, for the 420,000 ATMs in the United States, more than 95 percent of which run XP, according to Bloomberg Businessweek.

So what?

Look, ATMs should be connected back to whoever sponsors them on a dedicated circuit and everything that leaves or enters should be encrypted.  Since said device should never speak to anything except the device on the other end of said dedicated circuit as there's only one thing there and never do anything other than run the one application written for it exactly how does it matter if there is "malware" that can attack its operating system since it never talks to anything except the paired equipment on the other end of said leased line -- and as a result there's no way for said malware or viruses to get into the box in the first place.  Indeed, said device can boot and run off a read-only boot device!

If, in fact, such a device is running in any other configuration irrespective of what it is running as an operating system both ends are insecure and subject to being tampered with.
There's utterly no reason to care, if said devices are deployed properly.  This is a closed system as an ATM is really nothing more than a terminal -- a display and keyboard that happens to know to accept things (deposits) and spit things out (bills.)

You're not going to tell me, are you, that these "networks" are actually not configured that way....right?"

Miner's picture

This article makes an incorrect assertion.

Windows XP embedded is an operating system designed for kiosk applications like ATMs and Industrial Controls.  It will remain in extended support until 2016.


Ralph Spoilsport's picture

More fear mongering bullshit. It does not matter what operating system ATMs use because they are hardwired to a paired device at the other end and only talk to that device. ATMs are not exposed to the internet. Microsoft is recommending upgrades because they are a bunch of money hungry whores. There's even a lot of ATMs still running OS/2 that will continue to work just fine thank you very much.

dexter_morgan's picture

LOL. we need to be enticed to buy gold like this now?

q99x2's picture

Citi sent a new ATM card today. It says something about activating it before 4-22.

CaptainSpaulding's picture

Just go to the bank teller. Does anyone remember those things called withdrawal slips?

shankster's picture

I have withdrawal every Monday morning.

Quantum Nucleonics's picture

This is a broader problem than just ATM's.  Probably a quarter of the world's PC's still run XP, including 10% of the US government's.

SWCroaker's picture

Hey!  ATMs will be vulnerable?  That ATM gives out gold bars?      Um, does it run on XP?     Just curious...

e_goldstein's picture

Windows XP also powers  medical devices, industrial control systems and...

Guess that adds new meaning to "the blue screen of death."

PT's picture

Hmmm, what's worse - old, unsupported XP or new, supported Win8?  Let me think ...., ummmm, GIMME XP ANY YEAR OF THE MILLENIUM!!!!!!!!!!!!  FUCK WIN8!  FUCK WIN8! FUCK WIN8! AND ANYONE WHO HAD ANYTHING TO DO WITH IT'S EXISTENCE!!!!!!!!!!

Downloading 3 of 684 updates ... will take an unspecified time between 30 minutes and 6 days plus installation ... don't worry, the ATM will sort out your transaction after it finishes downloading and reboots ...

madtechnician's picture

Easy - just upgrade their software to Linux & Bitcoin-QT - these are free , secure and Open Source.

There , solved it for ya.

Bitcoin , Bit-chez ........

weburke's picture

a report some time back.               "This becomes important as we look at the different economies making up bitcoin today. There are about 11.7 million bitcoin in circulation today. Out of these, a staggering 2 million bitcoin are gambled every year on the SatoshiDice site alone, and another, PrimeDice, 1.5 million."




SgtShaftoe's picture

Um, many are running XP (hardened - whatever that means).  They've been subject to hacking for 10 years.  It's just going to get worse, because microsoft isn't going to put out any more half-ass updates. 

Net, the situation has been fucked for a long time, but it's just going to get more fuckeder...

the tower's picture

Companies that didn't upgrade yet can take out service contracts with Microsoft, which they already signed up to. Nothing will happen. 

Seriously guys, don't let every news-unworthy article scare you into bying gold, it's sickening.

SgtShaftoe's picture

Well, Barnaby Jack was able to crack ATMs several years ago, and get them to spit out money.  The problem is, when banks get robbed that way, they usually don't tell anybody.  Secondly, most thieves are using skimmers attacking the users themselves, it's just easier.  I honestly could give 2 shits if the banks get robbed.  They're all thieves themselves. 

the tower's picture

Sure, but the article was merely posted to scaremonger and push gold. That's just lame. Any selfrespecting news outlet would refuse articles like this.

jimmytorpedo's picture

Nobody needs to scare me to buy gold.

Or ammunition.

SWCroaker's picture

Agree that the "XP sky is falling!!" is way over the top.   That being said, gold being a defense against predation by your government, I'm all for people adopting it.  But it would be nice if they did so for the right reason.

I saw George R. R. Martin (Game of Thrones author) doing an interview, where he brags about doing his writing on an IBM PC running WordStar 4.0.    Now *there's* an idea for security; instead of constantly upgrading, go seriously old school, pre-USB, pre-Ethernet, pre-Windows.   Who the heck hacks DOS these days?

GeezerGeek's picture

I wonder if all those ATMs run an embedded version of XP. If so, the vulnerabilities should have been closed a long time ago. The PC version of XP has many vulnerabilities due to the use of other software, such as Internet Explorer, Flash, and Javascript just to name a few. An embedded system should not have any of these sorts of vulnerabilities. Did the author ask NCR if their systems were indeed vulnerable? All the article says is what percentage of ATMs run XP. If the OS allows a new application to be downloaded, perhaps that would introduce a vulnerability. Still, after all these years, with all these warnings from Microsoft, I'd be surprised if NCR and other ATM vendors hadn't closed all the vulnerabilities by now. Is there anyone out there with the technical knowledge to make a more informed comment than this? Information on the communications protocols would also be interesting to hear about. 

Disclaimer: I worked for a certain tech/computer company from 1973 through 1991, being dumped shortly before they were absorbed into the phone company to form the Cash Registers And Phones company,

the tower's picture

Companies that didn't upgrade yet can take out service contracts with Microsoft, which they already signed up to. Nothing will happen. To use this to promote gold is just lame and show desperation. Or greed.

willwork4food's picture

I know. That ATM should say "CASH & BITCOIN ONLY'.

0b1knob's picture

This is the MOST TERRIFYING THREAT since the YEAR 2K PROBLEM.   Remember Y2K?   Yeah me neither....

MeMadMax's picture

Dude, is this artical super-serious???


First of all, the first thing they teach in networking security 101 is: "Any computer(or device) that is connected to the internet is considered unsecured"...

Meaning it doesn't really matter what OS you are running, if they really want in badly, they are gonna get in for as long as that machine is connected to the net...

Case in point about the OS aspect: Target Point-Of-Sale card reader breach. Those machines are not even running windows and they got in without narry anyone knowing about it till it was much, much too late...



PT's picture

1.  Re Any device connected to the internet is unsecured:

True.  Especially for the average yob.  You haven't got a clue what is under the hood so you may as well assume that everything is available to hackers.  This also applies to AV software and updates.  If you can't prove what it does, then you don't know what it does.  It has always amazed me how much everyone trusts the system.  They desperately want it to work, it works (for now) so they trust it.

Having said that you can't trust any device that is connected to the internet, I must also add that it didn't have to be this way.  There is no reason why your modem and your microprocessor should have to do anything just because it is connected to the internet.  However, that would disrupt the way idiot's "experience the internet" and so we have the internet as it is.  Can't let the idiots get too smart, otherwise they would build their own web search engines and ad-blockers and that would "disrupt" e-commerce, wouldn't it?  So we have the crappernet in the form you see today, and the sheeple are all quite confident that it couldn't possibly be any better.


2.  WHEN DID THE CUSTOMER STOP BEING RIGHT???  Why does anyone need to embrace any new operating system???  If no-one upgrades their operating system then Microsoft will either have to support XP or go broke.  Oh, that's right.  New operating systems come with new computers and not one customer on earth would bother changing the OS  (except Linux users - thankyou Linux people for being the exception to the rule!).  So Microsoft have a captive market and can do whatever the hell they want and the end users will just sit there and take it.  Pathetic.


MeMadMax's picture



They don't worry about that anymore because just by virtue of international business has made it possible to do crappy business on such a large scale that it doesn't matter because profits will still be big... In some other part of the world...