Government Technology
Government Technology: State & Local Government News Articles
Advertise in the
Upcoming Case Study Issue »

Security Hole in Citibank ATMs Underscores Larger Security Flaws



Print
Comment
ATM-close up picture

Jul 3, 2008, News Report

TraceSecurity disclosed today that the case of Citibank customers whose funds were hacked via the connection between ATMs and third parties processing their PIN codes, are just the tip of the iceberg when it comes to the overall security and compliance of the networks that process ATM transactions. Over the past five years, TraceSecurity personnel have uncovered thousands of un-patched ATM processing servers while performing routine security compliance inspections. The company is responsible for performing annual audits and inspections for firms in the financial services space to ensure they are complying with industry and government regulations that help protect consumers' sensitive data as well as the funds in their accounts.

"Most people's home personal computers are better protected from malicious hackers than many ATM servers," remarked Jim Stickley, CTO and vice president of strategy and solutions at TraceSecurity. "Financial institutions are failing to perform patch updates to ATM servers often because third party vendors aren't approving the patches to be applied to systems running their ATM software. As a result, hackers could easily exploit known security holes in operating systems such as Microsoft, which are used by many ATM solutions available today."

In addition, the company has found that many financial institutions are not placing their ATM servers into secured private segments on the network. This means that anyone with basic access to the network can eavesdrop on the data and transactions being processed by the ATMs and hack away at un-patched services. Officials recommend that ATMs should always be segmented onto their own network segments with tight access controls in place.

Stickley added, "Financial institutions need to do a much better job at setting up their network infrastructure. Unfortunately many organizations make the assumption that as long as the servers are behind a firewall they are safe. That is simply not the case."

If You Liked This Article, You May Also Like...

Related Products and Services


Latest Government Technology News


Industry Solutions for Government

Read real world deployments of technology in government from our sponsors.

View All Industry Solutions

Marketplace



This section
brought to you by:


Dispatch Operations and Interoperability Survey Results

Executive Summary July 2008


View The Results Now

Dispatch Operations and Interoperability

Hurricane Preparedness Tips When a hurricane hits, are you prepared to keep in touch?


Case Study - Morris County, New Jersey The Morris County Communications Center upgraded to a new trunked radio system with the benefits of a cellular network, extending coverage beyond county lines


Case Study - Iredell County, North Carolina Spanning over 570 sq miles, it became imperative that the Iredell County Emergency Communications, Operations and Management extend it's communications systems to enhance reliability, security, and coverage.


Case Study - City of Anaheim, California The City of Anaheim saw an opportunity to leverage existing GST and partner with nearby cities to enhance safety operations through data interoperability.


Case Study - Charlottesville, Virginia Fire Department Taking advantage of a range of interoperability solution, the Charlottesville Fire Department has achieved a network that can serve as backup to their existing public safety network.


Sprint ERT Go-Kit with GST Optima Rapid, interoperable communications for emergencies, drills and field exercises.


Optimal Interoperability Until recently it was not possible to cost effectively connect commercial networks to LMR systems. Improvements in communications technology have resulted in greatly enhanced operational capability and have reduced the log-term cost of communications system ownership.


Multi-agency interoperability for Public Safety Establishing cross-agency, real-time situational awareness is critical to effective incident management as well as daily resource management.


Video


DHS Grant Links

DHS Grants and Assistance Programs Link to overview of available grants administered by The Department of Homeland Security (DHS)


Fact Sheet: Fiscal Year 2008 Preparedness Grants Major changes in funding and focus for 2008 DHS grant programs


Remarks on 2008 Homeland Security Grant Guidance DHS Secretary Michael Chertoff and FEMA Administrator David Paulison


$1.8 billion in DHS Homeland Security Grant Program Awards


Funding Public Safety Communications Whether you are a law enforcement agency, looking for funding to support an interoperable communications solution or a school, seeking to improve communications between building administrators, grants may provide the funding you need to implement a robust, scalable communication system.


Yes! I would like more information about Sprint's dispatch operations and interoperability solutions.