American Hacking ATM Network

        CSDN A news note that U.S. hackers hacked into Citibank's ATM at 7-11 convenience stores, causing 2 million of billions of dollars in losses. The news did not specifically mention the intrusion path, only that the ATM using window operating system, remote control and Third-party server information. From these points of analysis, it is understood that the ATM in the 7-11 convenience stores should not be maintained by Citibank itself, the bank should be only responsible for the provision of banknotes, and backend customer account data interface. Third-party management companies to provide cash machine hardware, network and equipment maintenance services, while the extraction of some commission. Remote management can greatly reduce the cost of services, so the management company mainly through remote management to maintain the machine equipment.         These ATMs are equipped with window operating systems and open remote control services for remote management by Third-party service companies. As a result, the servers of the Third-party services company were compromised, causing the hacker to connect to the ATM equipment directly and remotely. The client's bank account information is obtained by logging into each ATM device and extracting the local log files of the equipment. From this logical reasoning point of view, the problem is mainly from the Third-party management company. The following is a summary of some of the vulnerabilities exposed in the case:        : The customer information in the log is clearly documented. This is also very common in the country. There are already international regulations: cash Transactions The client keyboard of financial self-service equipment must adopt hardware encryption method. But the domestic equipment basically does not conform to the stipulation, all is uses the soft encrypt customer password way. Therefore, for the ATM software can get the clear text of the customer password. In order to facilitate debugging to determine whether the encryption algorithm is consistent with the background, the ATM software provider usually records the client password plaintext information in the software log. If someone succeeds in landing a cash machine, you can obtain key sensitive information by obtaining a log of the customer's plaintext password. This can be done by forcing all client keyboards to be replaced with cryptographic keyboard endings, or a two-teller machine software provider that prohibits the plaintext of the client password from being recorded in the software log.         Second: The ATM uses the window environment, and the security vulnerabilities of the environment are exposed to the exception. Windows is not useless relative to other operating systems, and the key is that it is too widespread to allow security vulnerabilities to spread quickly. Therefore, the timely updating of the operating system patches, blocking a variety of known vulnerabilities is the key.         Three: The remote management of ATM machine is notEnough specification. Generally speaking, the ATM remote management should be applicable to the dedicated server, its access to the server workstation must also be strictly limited. This ensures that unauthorized workstations cannot connect to the entire ATM via the server. And the workstation must be disconnected from the extranet, separating the private network from the public network physically.         Four: The top three management issues are mainly third-party management companies. The fourth one is caused by the whole financial environment. The traditional bank card uses the magnetic card, the key information is the account number and the user password. The user account is recorded on the magnetic card, and the user keeps the password. As long as two information is met, the right of authentication is passed. Both of these messages leave traces at the same time on the ATM machine. So the problem is sooner or later. The new IC Bank is starting to promote the stage. In addition to retaining basic user account information, the card also records the basic information of the last transaction, which can be used to authenticate the authenticity of the bank card itself. This avoids the forgery of the bank card and improves the security of the bank card using technology.         of course, technology spear and shield is always progressing, the key lies in the safety consciousness of management. So far, the ATM is managed by the banks themselves, and the bank's management relatively strict risk of the problem is small. Therefore, most of the domestic bank card crime is carried out through other traditional criminal methods, and pure technical bank card crime is rare.