Numerous examples of malicious software have been found on hundreds of ATM machines running Microsoft Windows.  This ‘software’ is apparently able to record card numbers and details that are contained in the magnetic strip on the back of cards.

Up until now, this exploit has only been found on ATM machines located in Eastern Europe, but it looks to be that the software is highly advanced, and before long it may make its way to the west.

This highly advanced exploit not only records card details, but it also gives full access to the ATM machine functions.  From printing money to rebooting the machine, criminals need only insert a special ‘card’ which allows them to literally do anything they want.

It would seem that the evolution of the ATM machine has ensured that it is now vulnerable to attack because of the developers desires for it to remain ‘user-friendly’.  But has user friendly gone one step too far in this case?  The vulnerable ATM machines all run a standard version of Windows XP which obviously, has major vulnerabilities.

It would seem that simply securing parts of a computer inside a steel cage is no longer enough to deter these attackers and they have found a way to load their sinister software without banks actually knowing.

Looking at this, one can only make the realistic conclusion that ATM machines are no longer simply ‘thin clients’.  It is ironic to see that banks are putting their trust in operating systems such as Windows XP straight out of the box.

Evidence supporting the security limitations of Windows XP has existed since before 2003.  Even the NSA admits that standard editions of XP are flawed and vulnerable.  As a result, USAF actually petitioned Microsoft for a locked-down and secure version of the operating system.  Why didn’t banks think of that?