The United States National ATM Council recently released information about a series of ATM attacks using rogue network devices. The criminals opened the upper half of the ATM and installed the device, most likely into the Ethernet switch. The device then intercepted the ATM’s network traffic and changed the bank’s “withdraw denied” response to “withdraw approved,” presumably only for the criminals’ cards.
For many readers, the attacks’ success may be surprising. However, IBM X-Force Red has warned our clients of this type of attack for a while. The success is due to ignoring several, well-established security principles – good locks, network encryption, and rogue device detection.