Turns Out Diebold's ATMs Insecure As Well; Scammers Install Malware

from the what-a-surprise dept

Wed, Mar 18th 2009 9:33pm — Mike Masnick

Diebold is pretty well known for being in two separate, though similar, businesses: ATMs and e-voting machines. Its e-voting machines have always had a terrible reputation, with security flaws and bugs galore (the company recently has tried to hide from all the negative publicity by renaming the e-voting division as Premier Election Solutions). However, many people kept asking how the company could get so many things so wrong when it came to e-voting, but still get its ATMs working properly. Of course, as has been noted in the past, the way ATMs work is quite different, and mistakes are likely to be spotted quickly.

However, it's now coming out that Diebold's ATMs also have security problems. Slashdot alerts us to the news that Diebold has issued a patch after discovering that some scammers have been able to install "card sniffing" software on a variety of Diebold ATMs allowing the scammers to get all your card details. Is that Premier Banking Solutions I hear knocking?

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: atm, malware, security
Companies: diebold

11 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 18 Mar 2009 @ 9:38pm

It's really quite scary how many ATMs run Windows. Diebold certainly isn't alone in doing so, but being part of the herd is no excuse.
[ link to this | view in chronology ]
Mark, 19 Mar 2009 @ 12:00am

You'd think this outfit would wake up and wise up after all their troubles. They'd have been far ahead to hire someone with a Linux background to write some decent software for them.
[ link to this | view in chronology ]
Paul Berry, 19 Mar 2009 @ 2:46am

Not fit for purpose
Never mind trying to fix what they've got, how they're actually still in business is a mystery. Surely regulatory, never mind economic, pressures would have an effect?
[ link to this | view in chronology ]
EH, 19 Mar 2009 @ 4:08am

Linux?
If you have physical access to the boxes, as these people did, it doesn't matter *what* OS you have. This is not a software issue, it is a combination of hardware and wetware.
[ link to this | view in chronology ]
- Diebold, 19 Mar 2009 @ 7:44am
  
  Re: Linux?
  At least one reader on here isn't a complete dumbass jumping on the "Diebold Sucks" bandwagon. 90% of these idiots didn't even know Diebold made ATMs.
  [ link to this | view in chronology ]
- ha, this time you're actually wrong..., 19 Mar 2009 @ 3:15pm
  
  Re: Linux?
  If I lock the BIOS of my machine, as well as the recovery terminal, and start not as root, damn good luck changing anything without the root password... Naturally, the disk must be encrypted as well - but with all those, either the encryption of the password must be cracked to change things. That's way beyond the ability of typical criminals...
  [ link to this | view in chronology ]
ChuckE, 19 Mar 2009 @ 4:33am

DieBold
I worked on Diebold ATM's for over 8 years for A VERY large National Bank. The DieBolds would hardly ever balance. We had 20 year old IBM ATM that would always balance NCR ATM that not onle always balanced nut only needed maintenance about once a quarter. Brand new Diebolds needed daily maintenance. The Bank eventually replaced all the IBM's and NCR's with DieBolds. Why..... The company is crooked and bribes to fellow exec's go a long way.

Know your DieBold voting machines will never be safe or accurate. But Officials will continue to buy them... and get rich!
[ link to this | view in chronology ]
linlu, 19 Mar 2009 @ 9:37am

Awaiting list of banks that bought these
I would love to see a list of banks that use these on wikileaks, wouldn't you?
[ link to this | view in chronology ]
Doug (profile), 19 Mar 2009 @ 10:01am

The whole story
The thieves had physical access to the machines. Why is that not mentioned in your "down with Diebold" article?
[ link to this | view in chronology ]
Malware, 3 Feb 2010 @ 7:53am

Wouldn't the ability to author malware for an ATM hinge on the authors having access to the OS running on the machine? If so, how the heck are they getting their hands on that? I mean, clearly this is not just Windows code, this is sophisticated thievery going on here.
[ link to this | view in chronology ]
Diebold does suck..., 11 Mar 2010 @ 10:34am

If they didn't have issues...then why did they develop this?
http://www.news.diebold.com/article_display.cfm?article_id=5014
[ link to this | view in chronology ]