Information Technology Blog:

ATM malware, controlled by a text message, spews cash

Published on: 2014-04-01 

The malware can cause a cash machine to start churning out bills

By Jeremy Kirk, IDG News Service

networkworld.com

IDG News Service - A group of enterprising cybercriminals have figured out how to get cash from a certain type of ATM -- by text message.

The latest development was spotted by security vendor Symantec, which has periodically written about a type of malicious software it calls "Ploutus" that first appeared in Mexico.

The malware is engineered to plunder a certain type of standalone ATM, which Symantec has not identified. The company obtained one of the ATMs to carry out a test of how Ploutus works, but it doesn't show a brand name.

Ploutus isn't the easiest piece of malware to install, as cybercriminals need to have access to the machine. That's probably why cybercriminals are targeting standalone ATMs, as it is easy to get access to all parts of the machine.

Early versions of Ploutus allowed it to be controlled via the numerical interface on an ATM or by an attached keyboard. But the latest version shows a remarkable new development: it is now controllable remotely via text message.

In this variation, the attackers manage to open up an ATM and attach a mobile phone, which acts as a controller, to a USB port inside the machine. The ATM also has to be infected with Ploutus.

"When the phone detects a new message under the required format, the mobile device will convert the message into a network packet and will forward it to the ATM through the USB cable," wrote Daniel Regalado, a Symantec malware analyst, in a blog post on Monday.

Ploutus has a network packet monitor that watches all traffic coming into the ATM, he wrote. When it detects a valid TCP or UDP packet from the phone, the module searches "for the number "5449610000583686 at a specific offset within the packet in order to process the whole package of data," he wrote.

It then reads the next 16 digits and uses that to generate a command line to control Ploutus.

So, why do this? Regalado wrote that it is more discrete and works nearly instantly. The past version of Ploutus required someone to either use a keyboard or enter a sequences of digits into the ATM keypad to fire up Ploutus. Both of those methods increase the amount of time someone spends in front of the machine, increasing the risk of detection.

Now, the ATM can be remotely triggered to dispense cash, allowing a "money mule," or someone hired to do the risky job of stopping by to pick up the cash, to swiftly grab their gains. It also deprives the money mule of information that could allow them to skim some cash off the top, Regalado wrote.

"The master criminal knows exactly how much the money mule will be getting," he wrote.

Symantec warned that about 95 percent of ATMs are still running Windows XP, Microsoft's 13-year-old OS. Microsoft is ending regular support for Windows XP on April 8, but is offering extended support for Windows XP embedded systems, used for point-of-sale devices and ATMs, through January 2016.

Still, Symantec warned that "the banking industry is facing a serious risk of cyberattacks aimed at their ATM fleet."

The IDG News Service is a Network World affiliate.


Google Encrypts All Gmail Connections

Published on: 2014-04-01 

by Dennis Fisher | Threatpost.com

Perhaps no company has been as vocal with its feelings about the revelations about the NSA's collection methods as Google has, and the company has been making a series of changes to its infrastructure in recent months to make it more difficult for adversaries to snoop on users' sessions. The biggest of those changes landed Thursday when the company switched its Gmail service to HTTPS only, enforcing SSL encryption on all Gmail connections.

The change is a significant one, especially given the fact that Google also has encrypted all of the links between its data centers. Those two modifications mean that Gmail messages are encrypted from the time they leave a user's machine to the time they leave Google's infrastructure. This makes life much more difficult for anyone-including the NSA-who is trying to snoop on those Gmail sessions.

"Starting today, Gmail will always use an encrypted HTTPS connection when you check or send email. Gmail has supported HTTPS since the day it launched, and in 2010 we made HTTPS the default. Today's change means that no one can listen in on your messages as they go back and forth between you and Gmail's servers-no matter if you are using public WiFi or logging in from your computer, phone or tablet," Nicolas Lidzborski, Gmail Security Engineering Lead, wrote in a blog post.

"In addition, every single email message you send or receive-100 percent of them-is encrypted while moving internally. This ensures that your messages are safe not only when they move between you and Gmail's servers, but also as they move between Google's data centers-something we made a top priority after last summer's revelations."

Google was in the process of encrypting the links between its data centers last year before the news broke that the NSA had the ability to tap those links and gather email messages and other data. That revelation enraged Google security engineers, and the company accelerated its plans to encrypt the links between data centers.

Gmail users have had the option to enable HTTPS only as the default connection option for more than four years. But the typical user may not have known that option was available. Now, users don't need to think about it; they're connections to Gmail will always be encrypted by default.



XP End of Life is Coming...Is Your Business Prepared?

Published on: 2014-03-11 

Microsoft is about to take Windows XP off Life Support
By Adrian Covert NEW YORK (CNNMoney)

On April 8, Windows XP's life is coming to an end. On that day, Microsoft will stop issuing security updates to the 12-year-old operating system, and it will end nearly all technical support as well.

You wouldn't think that killing off an operating system that debuted in the first year of the Bush administration would ruffle too many feathers. But an amazing 29% of computers across the globe are still running Windows XP, according to NetMarketShare. That makes it the world's second most widely used operating system, just behind Windows 7.

Microsoft's plan to end support for XP doesn't mean that a third of the world's PCs will just stop functioning on April 8. But there are some very real consequences of continuing to use the operating system.

After April 8, Windows XP computers will be more susceptible to malware and viruses beginning, since Microsoft will no longer address major holes in the software. Although antivirus software will continue to fend off some malicious attacks, Microsoft's security updates provide an essential line of defense.

For Windows XP users, the best course of action is to bite the bullet and buy a copy of Windows 8. The problem is that most older computers won't be able to upgrade to Windows 8. Many of those consumers will have to buy a new PC. Microsoft has an upgrade assistant allows people to determine whether their computers are compatible with the latest version of Windows.

For those who are able to upgrade but aren't ready to make the jump to the fully redesigned Windows 8, Windows 7 is an option. It's still on sale, offers a more familiar PC experience and will be supported until 2020.

The Windows XP impact will be felt more by companies than by consumers. Forrester Research estimates that 20% of North American and European corporate computers are still running Windows XP. But that will soon change: Forrester forecasts that only 6% of those companies' PCs will be running Windows XP by April.

That remaining 6% will predominately be small and medium-sized companies and government agencies, where budget restraints may pose a problem, according to Scott Dowling, a Microsoft software consultant for En Pointe Technologies. The vast majority of large Western businesses have already upgraded to Windows 7 or Windows 8, but small businesses have been slower at catching up.

In China, however, XP-related problems will likely be much more pronounced. About three-quarters of Chinese PCs are running XP, according to NetMarketShare.

Thousands of ATMs will also potentially be exposed after Microsoft ends Windows XP's life support. A recent Bloomberg Businessweek story revealed that 95% of ATMs in the US are still running Windows XP, and only about 15% of them will be upgraded before April 8.

ATMs have already proven vulnerable to malware attacks, and without Microsoft around to patch things up, it's going to be a slow, costly endeavor for ATM companies to get their machines updated or replaced. (It's worth noting that Microsoft has been warning them of this deadline for years.)

So why is Microsoft killing off Windows XP? The operating system has lasted far longer than Windows versions of the past, and patching the ancient-by-tech-standards OS is exhausting valuable Microsoft resources. Microsoft has pushed back the death date of XP for several years after initially planning to kill it off by 2010.

To soften the blow for its corporate and ATM customers, Microsoft will sell custom support that will allow companies to receive additional security patches. But Dowling have heard reports from customers that the cost of custom support is prohibitive.

For the rest of the world, it's time to get updating.

The TNS Group
What Other Options are Available for my Business?
Get current with Windows and Office and protect the operations and security of your business. This means updating your current system. Contact The TNS Group to learn how to eliminate risk and keep your business running efficiently.

Contact TNS today!


How Technology Stole the Show at the Oscars

Published on: 2014-03-06 

news.com.au March 14, 2014
Technology managed to weave itself into the storyline of the Oscars this year Oscars awards and became a star in the process.

THE 2014 Oscars was not only about awards, A-list movie stars, glamorous dresses and lots of shiny teeth. This year we saw technology steal the show.

If you did not notice, the integration of technology into this year's star-studded bash was as subtle as Leonardo Di Caprio performing a cameo in an am-dram play. But Hollywood does not do subtle. Despite a selfie being as much a talking point as the winning movies and actors, in many ways technology gave the night that little bit more dazzle.

From the first moments the movie stars hit the red carpet there was a 360-degree camera called Fashion Turn waiting for them to snap what they were wearing and instantly upload to Vine, the video clip sharing app on Twitter.

There was a mini cam (or, Mani Cam) for stars to show off their manicures and then there was blimp cam. This was a controlled, hovering craft fitted with a camera to give the worldwide audience a view of the red carpet.

If only the television network followed in the technological footsteps of cricket and brought out a heat-sensing camera too, then we really would have seen who was nervous.

A panel of presenters from entertainment channel E! were sat behind a perfectly-placed array of Samsung Galaxy tablets where Kelly Osbourne conveniently claimed her dad (Ozzy) was crazy about Samsung and only has Samsung stuff in their house. Hmm, really?

We seem to recall an episode of the Osbournes reality show where he could not even operate a kitchen drawer.

The tech-laden coverage continued as Oscar reporters haranguing stars as they filtered in constantly spoke of the multi-cast app and website so those not near a TV could watch the live event.

But the tech did not stop outside. It played a starring role in the whole awards show.

In years past we would have seen Billy Crystal stand at the pulpit, crack a few one-liners, shimmy out a segue and introduce people to the stage. With Ellen DeGeneres being this MC this year, she was interactive and slinging social media.

Throughout her hosting she constantly paraded around a bright white Samsung Galaxy Note 3, snapping selfies with stars as they sat. Then, with the now-very-obvious handset, she took a superstar selfie with Bradley Cooper, Meryl Streep, Brad Pit, Angelina Jolie, and Jennifer Lawrence. So many famous faces they could not all fit in. Ellen wanted to break the world record for the most retweets ever and when she uploaded it, it took the site down from the amount of people logging on to see it.

Needless to say she made history with the tweet and amassed more than two million retweets within hours, eclipsing the previous record holder, which as President Obama's victory speech image.

Cue the internet and within minutes there were memes-a-plenty of this selfie. Nicholas Cage faces Grumpy Cat, sports stars and awkward references to the failed Liza Minnelli photobomb attempt. We became so preoccupied with the flood of internet funnies we almost forgot about the show still going.

So social media was a star turn, but the award-winning movies themselves also waved the flag for technology.

Gravity is one of the biggest, most award-heavy movies this year. Its depiction of Sandra Bullock's survival against a space catastrophe was made doable thanks to the incredible CGI effects, which is why it took home the gong for best visual effects.

NASA was so excited about the inevitable flood of awards it posted 'real-life' Gravity-style pictures from the International Space Station on its Twitter feed throughout the day.

The award for best original screenplay went to Spike Jonze for Her - a story about a man falling in love with his operating system, which highlighted the assimilation human and machines could face in the future.

Google is just one tech company currently working on making the computing experience for humans and with the likes of the mobile phone personal assistant Siri and wearable tech slowly advancing onto our bodies, it's too far-fetched. Especially if it's voiced by Scarlett Johansson.

We've got another year to see how the tech stakes can be raised for the next Oscar awards.


When Identity Theft Hits Home

Published on: 2014-02-06 

By Molly Wood | The New York Times Bits Blog

When I first heard about the extensive Target hack in December, I sighed in mild irritation. Sure, the breach?s size and scope was shocking, but these things have become so common I just assumed I?d receive a new card in the mail and that would be the end of it.

It wouldn?t be the first time. I?ll sometimes mysteriously get a new card in the mail with a note saying it was replaced because of an unnamed security issue. Once, in Barcelona, I discovered my primary card had been frozen because of a security breach at a retailer ? that was panic-inducing. Still, the biggest aggravation was logging into all my auto-pay sites like Amazon to update the card number (and memorizing the new one, which I like to do).

I expected a repeat after Target was hacked.

But it was a lot worse. I did get a new credit card in the mail ? a replacement for the card I?d used at Target. I also received a letter from Sears, letting me know I?d been rejected for a new store card because of, among other things, ?too many requests for credit.? Then, in the same batch of mail, I opened a letter from Best Buy, which said I?d been turned down for its top-tier store card, but approved for a lower-level version.

That is when I started to panic.

I called the fraud department at Best Buy and employees there assured me they had already marked the account as fraudulent. I immediately filed for a security alert with the three big credit bureaus, and I also filed an online police report. (This can sometimes be helpful if you?re trying to convince a retailer that fraud is afoot.) Over the next week, while I was out of town, I also received a store card from Kohl?s, one from Frye?s electronics and the one from Best Buy.

More worryingly, I also got a bill from a Macy?s store card account in my name, for $1,114.39. Apparently I bought $1,223 worth of ?fine watches? at a Macy?s in Glendale, Ariz., but I received a discount of $109 for opening the account. Sounds like a pretty nice watch (or three).

Now, I?m not certain this sudden outbreak of identity theft is directly tied to the breach at Target, but the timing is suspect. I signed up for the credit and identity theft protection service that Target is offering, and after a few hops through low-level support, I was assigned a case number and a fraud resolution agent who will apparently call all these creditors on my behalf and conference me in.

The service promises to close the fraudulent accounts and get the credit requests and the accounts off my record.

I hope that is true. But even if the mess is easily cleared up, this is almost certainly not the last time such a thing will happen, especially now that my credit-worthy identity is up for sale out in the world. Make no mistake: yours probably is, too.

In December, the security researcher Brian Krebs identified a Ukrainian man who may be helping sell credit and debit card numbers for up to $100 each ? all the more reason to simply cancel any debit card that was implicated in a security breach instead of waiting and hoping for the best. Card numbers are bundled in bunches and sold for pennies to criminals who simply go down the line, trying numbers until they work.

Those are just the card numbers; plenty more than that is for sale. A GigaOm post in August quoted security researchers who said thieves could spend $4 to $5 for a complete ID package that included a credit card number, its expiration date, your social security number, and your mother?s maiden name. That is almost everything you need to walk into a Macy?s and open up a store card and have a fun afternoon in the fine watches department.

Financial institutions have become better at identifying fraud and stopping major damage before it occurs, but large-scale security breaches are becoming more common all the time. Target?s hackers roamed around the databases for a month before they were detected, stealing personal information, card numbers and even encrypted PIN data. The current tally of affected customers is up to 110 million users.

And just since Target?s very bad month, Neiman Marcus has confirmed that its records were also breached, possibly by the same malware, and it has lost at least 1.1 million records (that apparently went undetected from July to December). The arts and crafts chain Michaels was also hit.

Yahoo was compromised. Bright Horizons childcare suffered an intrusion, and White Lodging, which manages some 168 Starwood, Marriott, and Hilton hotels in 21 states, is also investigating what is almost certain to be a large-scale hoovering of personal data.

One can assume those are just a few of the breaches happening at any given time. Target is paying for full-scale credit monitoring for 110 million people, Citibank is issuing new debit cards to to all customers, and millions of people like me are wasting valuable time on the phone trying to sort out messes.

I, for one, hope this is a tipping point in retail security. In the meantime, if you?ll excuse me, I?ve got some mopping up to do.


More Items