Comments
Hackers Cash In On ATMs
Newest First  |  Oldest First  |  Threaded View
CartaR828
50%
50%
CartaR828,
User Rank: Apprentice
3/25/2017 | 3:30:31 AM
Blank Atm Card
I got my already programmed and blanked ATM card to
withdraw the maximum of $50,000 MONTHLY for a maximum of 12 MONTHS. I am so happy about this because i got mine last week
and I have used it to get $150,000 already. Georg Bednorz Hackers is giving
out the card just to help the poor and needy though it is illegal but it
is something nice and he is not like other scam pretending
to have the blank ATM cards. And no one gets caught when
using the card. get yours from Georg Bednorz Hackers today! Just send an email
to [email protected]
CartaR828
50%
50%
CartaR828,
User Rank: Apprentice
3/15/2017 | 1:49:38 PM
Blank Atm Card
I got my already programmed and blanked ATM card to
withdraw the maximum of $50,000 MONTHLY for a maximum of 12 MONTHS. I am so happy about this because i got mine last week
and I have used it to get $150,000 already. Georg Bednorz Hackers is giving
out the card just to help the poor and needy though it is illegal but it
is something nice and he is not like other scam pretending
to have the blank ATM cards. And no one gets caught when
using the card. get yours from Georg Bednorz Hackers today! Just send an email
to [email protected] or send him a text message +19143614629
CartaR828
50%
50%
CartaR828,
User Rank: Apprentice
2/5/2017 | 7:10:37 AM
Blank Atm Card
I got my already programmed and blanked ATM card to
withdraw the maximum of $5,000 daily for a maximum of 20
days. I am so happy about this because i got mine last week
and I have used it to get $150,000. Georg Bednorz Hackers is giving
out the card just to help the poor and needy though it is illegal but it
is something nice and he is not like other scam pretending
to have the blank ATM cards. And no one gets caught when
using the card. get yours from Georg Bednorz Hackers today! Just send an email
to [email protected]
CartaR828
50%
50%
CartaR828,
User Rank: Apprentice
1/5/2017 | 3:46:07 PM
How i got my Blank ATM card
I got my already programmed and blanked ATM card to
withdraw the maximum of $5,000 daily for a maximum of 20
days. I am so happy about this because i got mine last week
and I have used it to get $150,000. Georg Bednorz Hackers is giving
out the card just to help the poor and needy though it is illegal but it
is something nice and he is not like other scam pretending
to have the blank ATM cards. And no one gets caught when
using the card. get yours from Georg Bednorz Hackers today! Just send an email
to [email protected] or call him via telephone +19143614629
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
3/31/2014 | 5:47:36 PM
Re: Root Default of ATM
Randy, 

You bring up a good point. How come ATM's aren't secured Linux shops? I would imagine that it would be more secure and cost effective. Not to say that Linux is a cure all, just I know it has a large percentage of effective security tools and safeguards. Is it the level of support? I don't know how thorough that component would be. If someone could, please clue me in on why this hasn't come to pass?
Randy Naramore
50%
50%
Randy Naramore,
User Rank: Ninja
3/31/2014 | 11:47:11 AM
Re: Root Default of ATM
You would think that a more robust and updated OS would be used instead for ATMs of XP. XP was a great desktop system but with support being phased out and other options being available such as a locked down version of linux (take your pick) the ATMs would be less susceptable to some of the attacks than windows would be. Just a thought..
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
3/30/2014 | 2:16:13 PM
Re: Root Default of ATM
Ryan raises an interesting issues, the security level for many ATM is not acceptable.

Banks cannot think to continue to use phase out OSs like XP while cyber threats are even more sophisticated.

Physical protection is another serious problem, why are we surprised if the computers behind ATM is easily accessible? I'm not surprised by news regarding similar hacks ... the problem is elsewhere.

Why Does BIOS of the ATM machines allow booting from external and unauthorized media (e.g. CD ROMs , USB sticks)?

What's about disk encryption to prevent disk tampering?

This hack is the result of many errors!

This is not security

Thanks

Pierluigi
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
3/28/2014 | 4:38:37 PM
Root Default of ATM
I have read a few reports about Ploutus and yes it poses a very large risk, but I think the risk lies in the machines architecture and not too much in the "malware" being transferred via the device, USB, phone, etc.

Correct me if I am mistaken but it seems that these machines are in an administrative state for routine/emergency maintenance and its only the physical barrier that truly denies access to the kingdom. But as knights circumvent a moat, people have gotten past this safeguard and are tasking the machine with minimal intrusion.

One comment I saw on a forum regarding Ploutus, though cynical, carried some truth. You can't leave a machine in root status and expect it not to perform root tasks. 

As delineated in your article, banks are now undergoing expensive counter procedures to smooth out this issue. But that is more of a reactive approach and therefore a huge security flaw. It needs to be realized that security is most effective when handled pre-emptively. For whatever reason, these machines were left in a vulnerable state with only a thin physical layer to keep people out. What are other peoples thoughts regarding the ATM "hacks"?

 


Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.