By Elinor Mills
June 4, 2009
Malware has been found on ATMs in Eastern Europe and elsewhere that
allows criminals to steal account data and PINs and even empty the
machine of its cash, a computer forensics expert said.
About 20 ATMs have been compromised in that manner, mostly in Russia and
the Ukraine, but there are "early indications" of compromised ATMs in
the U.S., said Nicholas Percoco, vice president and head of SpiderLabs
at Trustwave, which provides data security and payment card compliance
Percoco said he could not elaborate further on where the compromised
ATMs were located and how they were used.
Someone had to manually install the malware on the machines, so it's
likely that an insider is responsible; either an employee at the bank,
the ATM vendor, a company that services the machines or someone close to
an insider, Percoco said in a telephone interview late on Wednesday.
Visit the InfoSec News security bookstore!