CSO

Trojan infected ATMs were discovered on Eastern Europe this year, first in Russia and later this month same problems were spotted in other cities. These automated teller machines, or ATMs had some potential vulnerabilities due to the operating system they were running on. As amazing as it sounds, they were working on Windows XP.

The malicious code was brought to the systems physically, and was exploited taking advantage of the Local Security Authority Subsystem Service (LSASS) on Windows systems. This service is responsible of the enforcing of the security policy system, that is, all the tasks related with verifying identities of the users logged to the server, password updates, creating access tokens and logging security events.

The trojan, which is considered commercial-grade code, was developed using Borland's Delphi, actually a very sophisticated high level language, that was able to give full control over the machine.

The way to exploit this is by swiping a special administrator magnetic band card that, among other tasks, allows a list of all accounts and pin numbers logged using DES encryption to be printed using the ATM's printer, also giving the option to put all the cash out. So yes, it's a pretty serious problem.

This issue has been contained and it's not reported to be out of Eastern Europe, although there are reports from January when the problem was first spotted, but it's definitely something you do not want your local bank to have an issue with.

Why do banks and other "information critical" entreprises like nuclear plants, electrical energy facilities and medical institutions keep using Windows as platform to these applications and services? I believe it's a responsability for all developers dealing with top secret or sensitive information to work on bringing industrial-strenght software, capable of protecting user data and secure transactions.