Turns Out Diebold's ATMs Insecure As Well; Scammers Install Malware

from the what-a-surprise dept

Diebold is pretty well known for being in two separate, though similar, businesses: ATMs and e-voting machines. Its e-voting machines have always had a terrible reputation, with security flaws and bugs galore (the company recently has tried to hide from all the negative publicity by renaming the e-voting division as Premier Election Solutions). However, many people kept asking how the company could get so many things so wrong when it came to e-voting, but still get its ATMs working properly. Of course, as has been noted in the past, the way ATMs work is quite different, and mistakes are likely to be spotted quickly.

However, it's now coming out that Diebold's ATMs also have security problems. Slashdot alerts us to the news that Diebold has issued a patch after discovering that some scammers have been able to install "card sniffing" software on a variety of Diebold ATMs allowing the scammers to get all your card details. Is that Premier Banking Solutions I hear knocking?
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: atm, malware, security
Companies: diebold


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 18 Mar 2009 @ 9:38pm

    It's really quite scary how many ATMs run Windows. Diebold certainly isn't alone in doing so, but being part of the herd is no excuse.

    link to this | view in chronology ]

  • identicon
    Mark, 19 Mar 2009 @ 12:00am

    You'd think this outfit would wake up and wise up after all their troubles. They'd have been far ahead to hire someone with a Linux background to write some decent software for them.

    link to this | view in chronology ]

  • identicon
    Paul Berry, 19 Mar 2009 @ 2:46am

    Not fit for purpose

    Never mind trying to fix what they've got, how they're actually still in business is a mystery. Surely regulatory, never mind economic, pressures would have an effect?

    link to this | view in chronology ]

  • identicon
    EH, 19 Mar 2009 @ 4:08am

    Linux?

    If you have physical access to the boxes, as these people did, it doesn't matter *what* OS you have. This is not a software issue, it is a combination of hardware and wetware.

    link to this | view in chronology ]

    • identicon
      Diebold, 19 Mar 2009 @ 7:44am

      Re: Linux?

      At least one reader on here isn't a complete dumbass jumping on the "Diebold Sucks" bandwagon. 90% of these idiots didn't even know Diebold made ATMs.

      link to this | view in chronology ]

    • identicon
      ha, this time you're actually wrong..., 19 Mar 2009 @ 3:15pm

      Re: Linux?

      If I lock the BIOS of my machine, as well as the recovery terminal, and start not as root, damn good luck changing anything without the root password... Naturally, the disk must be encrypted as well - but with all those, either the encryption of the password must be cracked to change things. That's way beyond the ability of typical criminals...

      link to this | view in chronology ]

  • identicon
    ChuckE, 19 Mar 2009 @ 4:33am

    DieBold

    I worked on Diebold ATM's for over 8 years for A VERY large National Bank. The DieBolds would hardly ever balance. We had 20 year old IBM ATM that would always balance NCR ATM that not onle always balanced nut only needed maintenance about once a quarter. Brand new Diebolds needed daily maintenance. The Bank eventually replaced all the IBM's and NCR's with DieBolds. Why..... The company is crooked and bribes to fellow exec's go a long way.

    Know your DieBold voting machines will never be safe or accurate. But Officials will continue to buy them... and get rich!

    link to this | view in chronology ]

  • identicon
    linlu, 19 Mar 2009 @ 9:37am

    Awaiting list of banks that bought these

    I would love to see a list of banks that use these on wikileaks, wouldn't you?

    link to this | view in chronology ]

  • icon
    Doug (profile), 19 Mar 2009 @ 10:01am

    The whole story

    The thieves had physical access to the machines. Why is that not mentioned in your "down with Diebold" article?

    link to this | view in chronology ]

  • identicon
    Malware, 3 Feb 2010 @ 7:53am

    Wouldn't the ability to author malware for an ATM hinge on the authors having access to the OS running on the machine? If so, how the heck are they getting their hands on that? I mean, clearly this is not just Windows code, this is sophisticated thievery going on here.

    link to this | view in chronology ]

  • identicon
    Diebold does suck..., 11 Mar 2010 @ 10:34am

    If they didn't have issues...then why did they develop this?

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.