Lu Zurawski comments on ATM hackers steal $10m across 28 countries in audacious bank heist

  • Lu Zurawski , Practice Lead at Retail Banking at ACI Worldwide

  • 16.08.2018 07:45 am
  • undisclosed

ATMs rely on operating systems just like domestic computers, so it is common for ATMs to use versions of Windows or Linux. And just like with home PCs, owners need to keep their systems up to date with the latest releases of security software patches. Without such defences, enterprising criminals may be able to discover vulnerabilities in the operating system. They may be able to plant viruses, malware or modified programs which allow them to alter the computer’s program. For domestic users, this leads to distress when digital accounts and passwords become compromised. For ATM owners, this leads to fraudsters robbing a bank.

Most recently, a large volume of operators upgraded their software when Microsoft finally stopped supporting the Windows XP operating system in 2016. This usually led to an upgrade to Windows 7, which itself will become obsolete in 2020 – so ATM owners are facing yet another investment decision today.

But there are also operators (particularly those using older machines) that have continued to use older software based on alternative risk assessments which assume that hackers cannot access the ATM computer unless they are bank employees with access to the back of the machine, and that all such activities are carefully observed and monitored. Their logic is that the cost of upgrading old machine hardware as well as funding the new operating system licence fees is not quite justifiable.

This kind of thinking sounds somewhat cavalier, so it is no surprise that news stories emerge frequently about ATM gangs being able to infiltrate bank staff, then setting up malware which causes ATMs to dispense cash at their command – a technique known as “touchless jackpotting”. Bank systems may indeed be able to monitor irregularities and react by shutting down ATMs and involving law enforcement agencies at known trouble spots. But gangs are pretty savvy and nippy – their “cash mules” could remove tens of thousands of pounds before any police turnup.

With Windows 7 support ceasing in 2020, operators may look again at lower cost, open source operating system alternatives like Linux. Some of world’s largest ATM operators like Banco do Brasil with an estimated 40,000 ATMs have already made the switch. But the most common response will be a migration to Windows 10. As well as maintaining the latest security defences, perhaps this upgrade cycle may also lead to a consideration of new touch screen capabilities, interactive video and modern digital services that look beyond just cash dispensing.

 

Other Blogs