Windows XP ATM's Under Hacker Attacks in Europe - US Could Be Next!

upgrade to windows 7 lol

time to use not windows for important financial transactions.

time to use not windows for important financial transactions.

In former times, ATMs used to run OS/2. They never got hacked.

oh please, they never got hacked my ass. of course they did. XP just is probably easier to hack. haha

Why do these vendors provide writable card readers, and operator card access without having a physical mechanical key? Shouldn't you be required to gain physical access into the machine internals prior to accessing? Anyone can explain this?

Ahahahahaha, too funny. Who got the payoff to sell WinXP for ATM's. lol This is the dumbest, most laughable situation I've heard all year.

Is this the same group that leaves US military desktops connected to the internet without firewalls and then tells the world "We're under attack!"?

actually this is something can EASILY be dealt with using a software restriction policy, which is built into Windows XP....with the best method being to define the hashed algorithm most likely I think.
It really shows that whatever this banks IT security policy is for ATM systems is SEVERELY lacking.
Different banks will have different security.
In my thinking here, an ATM machine doesnt contact another ATM machine from another bank to get approval to take out cash (they connect back to their systems at the main bank datacenter who then will check against another bank if necessary and then reply back to the ATM on whether or not to spit out the funds), therefore, fundamentally, the trojan cannot spread via those means. This is most likely why the code does not include a replication mechanism, and possibly never will. The developers will have to figure out how to propagate into the banks actual backend network in order to do that, and from there, they can infect only that banks ATMs (but, the whole network of them). From there they also have a better potential of intruding another banks networks, again, depending on the other banks security.

The media is just trying to make this "scareware" to have a bunch of bs stories to tell about technologies they dont understand whatsoever.

I don't know about the bank machines, but the stand-alone 'white label' ATM machines these days are running Windows CE, not XP. Furthermore, older pre-Windows models don't run any operating system at all; they are loaded instead with dedicated proprietary firmware that is launched from a ROM bootstrap routine at startup, and that firmware is not x86-based code. Older machines are inherently more secure for that reason, as well as the fact that they communicate through dialup modems instead of directly through the Internet.

Although the new Windows-based technology was implemented primarily to allow ATM firms to gain additional revenue through on-screen advertisments, it may also pose some interesting 'unforeseen' possibilities and consequences.

Suppose, for instance, an ATM firm wished to encroach upon the territories of a competitor. An employee of the firm could simply pose as a customer attempting to use one of the competitor's machines, while in reality employing a card for the purpose that had been cleverly re-programmed in such a manner as to inject a malware. The advent of the proposed new 'chip-and-pin' card readers could possibly make this even easier, as the chip on the card must be accessed by the machine directly.

The malware injected would not even have to be purposed towards skimming. All that would really be required would be a partial shutdown or corruption of the targeted machine; anything that would further erode the site owner's confidence in the competitor firm's ability to provide effective service and reliable machine operation. The sales representative of the attacking firm could then approach the victimised client with a "better deal" offer, and so gain that site's transaction revenues.

I think I'll stick with the older machines, thanks. They cost less to service, anyway.

That's why they stole some ATMs.
They investigated them and found that ATMs can be compromised with specially designed card - exploit.

Well, they got what they deserved for trusting M$.

Since the use of MS is driven by the 'need' to display ads, one must ask a question: Has anyone on the planet ever paid any attention to an ad on an ATM?

The Chinese know how to deal with this. Stop pandering to the marketing dichotomy between Windows and Linux. Develop special purpose chips, with custom operating systems, that don't allow common hacking techniques.

No, it isn't that frigging difficult. It's just that it doesn't fit in Microsoft's plan for world domination.

Since the use of MS is driven by the 'need' to display ads, one must ask a question: Has anyone on the planet ever paid any attention to an ad on an ATM?

What matters most is not whether anyone pays any attention to full-motion advertisements displayed on ATM machines, but rathermore the fact that ATM firms are now able to garner additional revenue by selling that extra service.

Only kiddie-hackers care what OS is on the target machine. Real hackers work in machine language.