Juniper postpones ATM hacking presentation

Juniper postpones ATM hacking presentation

Tags:   Hacker Tools and Techniques: Underground Sites and Hacking Groups  Juniper  software development methodology

By Robert Westervelt | Jul 2, 2009

Thumbnail: 

A Juniper Networks Inc. security researcher who planned to demonstrate a way to hack the software of an ATM at the Black Hat Briefings in Las Vegas had his presentation pulled at the request of the ATM vendor.

Barnaby Jack's"Jackpotting Automated Teller Machines," presentation, which was to take place on July 30, was pulled from the schedule on Monday. Juniper Networks confirmed the cancellation. In a statement the vendor said it received a request to pull the presentation from an ATM vendor.

"Juniper believes that Jack's research is important to be presented in a public forum in order to advance the state of security. However, the affected ATM vendor has expressed to us concern about publicly disclosing the research findings before its constituents were fully protected," Juniper said. "Considering the scope and possible exposure of this issue on other vendors, Juniper decided to postpone Jack's presentation until all affected vendors have sufficiently addressed the issues found in his research."

Jack would have demonstrated a way to attack the underlying software of a line of popular new model ATMs. The presentation would have addressed local and remote attack vectors and finished with a live demonstration on an unmodified stock ATM.

"We are reaching out to other ATM vendors with the offer to assist them with promptly and diligently addressing the security risks and vulnerabilities uncovered in Jack's research," Juniper said.

The hacking technique is unique. Traditional methods to bilk ATMs involve card skimmers or the physical theft of the ATM.

ATM makers have been under increased pressure to lock down their models after several high-profile attacks on machines. Last December, RBS WorldPay, the U.S.-based payment processing division of the Royal Bank of Scotland Group plc, disclosed a security breach in which hackers used millions of stolen cardholder data in a coordinated ATM scam, making off with $9 million. The thieves used stolen and cloned payroll debit cards and reloadable gift cards.

Malware was used in several ATM breaches in Eastern Europe. Earlier this month, security vendor Trustwave Corp. said its researchers uncovered the malware while investigating ATM breaches in Russia and Ukraine over the past few months. Trustwave said 20 ATMs were infected with sophisticated malware that allowed attackers to not only steal and track data and PINs, but also cash. A specialized card could allow an attacker to bilk up to $600,000 on large ATMs.

Similar

Related Articles

Add comment

Post a Comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <img /> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <embed> <object> <strike> <caption>
  • Lines and paragraphs break automatically.
  • Use <!--pagebreak--> to create page breaks.

More information about formatting options

 

Similar

Related Articles

knowledge_central_tab

 
 
Knowledge Central
Today's top security priorities
Attacks based on vulnerabilities in websites are skyrocketing, and not many solutions are available to protect organizations against them. How do you deal with this and other key security issues today?
Taking a holistic business-centric approach to security
Today’s CIOs face multiple challenges, including the need to innovate in an extremely competitive business climate, address highly dynamic regulatory and compliance challenges, speed ROI to counter shrinking IT budgets, and secure their organizations against a wide barrage of sophisticated threats.
 
 
 
UTM product offers Logansport Savings Bank superior protection
Astaro Security Gateway’s IPS was able to block attacks that other intrusion prevention systems (IPS) missed at Logansport Savings Bank.
Hong Leong Financial opts for Juniper Networks at new Malaysia head office, data center
Hong Leong Financial Group Berhad builds complete and seamless data center and office network infrastructure with Juniper switches, security devices and Junos software.
 
 
 

Recent popular content

Most Read
Using Scapy to test Snort IDS
Cybercriminals target healthcare records
PCI tokenization on the rise
Microsoft addresses Windows and Office vulnerabilities
Top 10 tips for protecting sensitive data from malicious insiders

Site map
Search Security Asia
About Us
Print/Digital Subscription
Sales
Feedback
Security Tips
Expert Opinions
Research
White Papers
Case Studies

Blogs
Topics
Application security
Disaster recovery and business continuity
Identity management and access control
Information security careers, training and certifications
Topics
Network and Internet Security
Security best practices
Security threats
Surveillance and facilities management
Media
Videos
Podcasts
Webcasts
News
RSS