C3Subtitles: 33c3: ATMs how to break them to stop the fraud
back

ATMs how to break them to stop the fraud

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
00:54:12
Language
English
Abstract
How to stop the ATMs fraud? How to protect ATMs from attacks such as black box jackpotting? How to prevent network hijacking such as rogue processing center or MiTM? Some of these issues can be fixed by configuration means, some fixed by compensation measures, but many only by vendor. We will tell you about what bank can do now and what we as a community of security specialists should force to vendors.

Guys with malicious intentions never sleep, but make their bad deal all days, all nights.
When you have your five-o-clock beer, they open service zone of ATM and connect "magic box" that make ATM empty. Alternatively, sometimes banks security guys may watch video surveillance footage with man-in-the-hoody, who make something in the nearby corner of ATM. Surely, ATM is empty again! On the other hand, banks may not have any video monitoring so they cannot imagine how ATM became empty without any forensics evidence.
We have collected huge number of cases on how ATMs could be hacked during our researches, incidents responses and security assessments. A lot of malware infects ATM through the network or locally. There are black boxes, which connect to communications port of devices directly. There are also network attacks, such as rogue processing center or MiTM.
Before we spoke about vulnerabilities and fraud methods used by criminals. Now we would like to combine our expertise to help financial and security society with more direct advices how to implement security measures or approaches to make ATMs more secure.

Talk ID
8273
Event:
33c3
Day
2
Room
Saal G
Start
11 p.m.
Duration
01:00:00
Track
Security
Type of
lecture
Speaker
Olga Kochetova
Alexey Osipov