An American company Diebold, the leading provider of Automatic Teller Machines, has launched a patch to eliminate the vulnerability found in the line of ATMs Opteva. Some time ago the manufacturer discovered that inventive cyber-criminals had come up with a new way for stealing personal information of clients, whose key element is the installation of a harmful software on the ATM.
“The first case of “virus attack” on ATMs in history has been recorded in January of this year on the territory of Russia. The exact number of affected ATMs is being investigated”, says the representative of Diebold Deanne Zakeroff.
“Regardless of who is the creator of the Trojan called Troj/Skimer-A, this person is in possession of insider information on the software structure of Diebold ATMs”, claims Vanja Svajcer, an expert in the domain of IT security from the company Sophos, - “The hacker was able to take advantage of the special features of the equipment not listed in the official documentation. The Trojan application substitutes the files in folder Diebold, analyses the data displayed and the printing properties, and monitors all the transactions processed in Ukrainian, Russian and American currency ».
Application Troj/Skimer-A is not able to spread between computers (as opposed to a traditional virus). The installation of the harmful code in the memory of an ATM supposes a physical access to the device. Vanja Svajcer also noted that experts from Sophos never had to encounter this type of software before. Until recently criminals had been using more traditional methods of theft of client information from ATM-terminals which consist of application of certain devices “skimmers” and of illegal installation of hidden cameras, states computerworld.com
“The company Diebold has informed its clients of what happened, and has provided them with specially designed software and a detailed safety guide with the purpose of minimizing the risk of unauthorized access to ATMs. Diebold also strongly reminds its clients about the necessity of following such generally accepted in the industry security norms as limited physical access to the ATMs, control of passwords and renewal of software”, - informed Diebold’s press-agency.