In a recent post on ATM jackpotting, I promised to follow up with some defensive tactics that could prevent, or at least deter, criminals from installing the malware that would allow them to empty an ATM. Because criminals use a variety of methods to jackpot ATMs, a multi-layered security approach is recommended since no one tactic is completely bulletproof.
The first line of defense is to make it more difficult for the criminal to gain access to the top cabinet of the ATM, which houses the operating components. This cabinet normally has an easily defeated barrel or a simple key lock mechanism. Often the same key accesses multiple machines to make it easier for service personnel. Owners should consider installing a digital lock on the cabinet since digital locks are more robust than key locks. The owners can change codes remotely and avoid the issues of lost or duplicated keys and personnel changes. Such a retrofit is not inexpensive nor a totally tamperproof enhancement, but it does create a deterrent.
A second defensive method is to encrypt the hard drive, which actually provides a double defense. First, someone would need an encryption key or security certificate to validate the hard drive before proceeding with a reboot, thus preventing the criminal from replacing the entire hard drive with one containing jackpotting malware. Second, even if the criminal were to remove the hard drive, the encryption would make it extremely difficult for the criminal to reverse-engineer the ATM software or to obtain usable data stored on the drive.
A third tactic is to encode a list of software applications or executable files that can be present and active in the ATM. The primary objective is to protect the ATM from the installation of potentially harmful applications.
A fourth defense is to block the operating system from recognizing an ATM's USB connection ports. This tactic presents some challenges because service technicians often need to connect their diagnostic equipment to a USB port. While the experienced criminal can circumvent this measure, it is still a deterrent to the opportunistic criminal.
Finally, as with all computerized devices, ATM owners should always install software updates and patches as soon as possible since they often address known security vulnerabilities. Likewise, owners should change factory-set passwords for software immediately upon installation of the software. Owners should place surveillance cameras, if they use them, to get good viewing angles of people at the front and rear of the machine. They should monitor access control to determine whether an ATM cabinet has been opened because of a legitimate service need.
I hope these two posts on ATM jackpotting have offered a better understanding of the risks of ATM jackpotting and the steps operators can take to minimize the risk of successful attacks. As always, your comments are welcome.
By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed