Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Saturday, 3 June, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

eBay approves sale of working ATM machine

by The Gurus
October 23, 2014
in Editor's News
Share on FacebookShare on Twitter

ATM smallOnline auction website eBay has defended its sale of an ATM machine, saying that the sale fell within its policies.
 
The sale, which ended early on Monday, saw a Triton 9100 ATM machine sold, with the seller describing the item as “removed from a working environment” and “ATM has error code”. The ATM was listed for sale at £300, and swiftly disappeared from sale with the message “Les enchères sur cet objet sont terminées” (the bids/bets on this object are finished) replacing it.
 
In an email to IT Security Guru, a spokesperson for eBay said that it was unable to comment on specific sales, but said that eBay sellers must comply with its published policies, which includes prohibiting items which promote or relate to criminal activity, and we take steps to ensure this takes place.
 
They said: “The listing you highlighted does not relate to criminal activity and so is permitted on the site.”
 
According to research by Group IB, hackers are able to reprogram ATM machines to introduce malicious scripts to ATM software. In some cases, the purpose is to record any ATM card numbers and pins used on the compromised machines and to make cash withdrawals from those accounts, while other scripts can reprogram an ATM to pay out larger value notes than they should.
 
Dave Hartley, managing consultant at MWR InfoSecurity, told IT Security Guru that this ATM, and any others for sale, should not be able to communicate or authenticate with the same back end that it did before being decommissioned so you could not just plug it into the wall and/or data connection, and expect it to be able to operate it as a working ATM.
 
He said: “That is not to say that you couldn’t install your own software or modify existing software on the device to return an ‘out of order’ message and simply leave it in a location to capture card details as they were inserted or entered by unsuspecting members
of the public, but the system shown for sale in the link provided looks very similar to those found in non banking locations, such as convenience stores, public houses, places of work, entertainment venues etc.
“It would be very difficult to ascertain from visual impressions alone, that this ATM was not legitimate if found in one of those locations. These often show out of order messages/insufficient funds etc. after entering details. I’d argue that this is a risky endeavour and would likely result in someone being arrested when they return to retrieve the machine. It might be worth the £300,000 listing price on eBay though if the data is collected remotely. However as its placement is likely to require the cooperation of the location proprietor, it is a risky criminal enterprise that could likely be traced.”
 
He suspected that someone bought it to conduct research in order to identify points of attack, and if found, craft exploitation kits to target live ATM systems. “It is also just as likely that enthusiasts may purchase the machine to use it as an interesting feature piece in their home,” he said.
 
With regards to the owner’s responsibili
ties, Hartley said that whoever originally owned this system should have contacted the supplier to request advice on how best to dispose of it.
 
“Often these things are sold in the same configuration they were using when deployed, so it’s theoretically possible that they may be able to operate, and possibly even dispense cash,” he said. “However, the advantage to someone doing this by buying the ATM is minimal, they would still be charged for the withdrawal, and the commission for the transaction would likely go to the previously registered merchant. Similarly, modifying the software or hardware of the device is likely to be a highly skilled activity, although it is theoretically possible.”
 
He said that ultimately, buying an ATM from an untrusted source is not a secure way to conduct card transactions, hence why most ATMs are purchased directly from approved resellers.
ATM big
 

FacebookTweetLinkedIn
Tags: ATM MachineeBay
ShareTweet
Previous Post

NCA looks to hire new specialists and non-specialists

Next Post

Poodle exists in more than 1,600 cloud apps

Recent News

A Roadmap for Becoming a Penetration Tester in 2023

A Roadmap for Becoming a Penetration Tester in 2023

May 31, 2023
Electronic tablet with social media icons, hands holding screen.

Research Reveals UK Firms Plan to Embrace New Era of Digital Identity

June 1, 2023
AWS and Salt

Salt Security Attains AWS Security Competency Status 

May 31, 2023
Purple spiral circle. Text reads "Centripetal", san-serif.

Centripetal Extends Innovative CleanINTERNET® Technology to the Cloud

May 31, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information