ATM's met software die PIN's en magneetstrip kopieert

Cees Binkhorst ceesbink at XS4ALL.NL
Fri Apr 9 09:41:26 CEST 2010 

REPLY TO: D66 at nic.surfnet.nl

The enemy within ;)

Groet / Cees

Bank of America Employee Charged With Planting Malware on ATMs
     * By Kim Zetter Email Author
     * April 8, 2010
http://www.wired.com/threatlevel/2010/04/bank-of-america-hack/

A Bank of America worker installed malicious software on his employer’s
ATMs that allowed him to make thousands of dollars in fraudulent
withdrawals, all without leaving a transaction record, according to
federal prosecutors.

Rodney Reed Caverly, 37, was a member of the bank’s IT staff when he
installed the malware. The Charlotte, North Carolina, man made
fraudulent withdrawals over a seven-month period ending in October 2009,
according to prosecutors, who’ve charged him with one count of computer
fraud.

The government wouldn’t say how much money Caverly stole; the charging
document (.pdf), filed April 1, states only that his payoff surpassed
the statutory minimum of $5,000.

Caverly, reached by phone, told Threat Level he had no comment, and hung
up. According to court records, he has entered into a plea agreement
with prosecutors and is set to appear in court on April 13.
“I am absolutely, completely shocked. It doesn’t sound like something he
would do. This is just absolutely crazy.”

Caverly was formerly the founder and CEO of Sovidian, LLC, a North
Carolina-based software development company established in 1999. The
company merged in April 2003 with Data On CD, a document management and
archiving firm. According to a news release on Sovidian’s website
announcing the merger, the company has provided “tailored software and
software integration solutions for the finance industry for over 10
years,” and counted Bank of America and two other major financial
institutions as customers.

“Our customers range from large service bureaus (IBM, EDS and M&I Data);
to multibillion dollar banks (Bank of America, First Union and Bank of
Nova Scotia, Canada); to local community banks,” Caverly is quoted as
saying in the release. “Banks are very individualistic. Each situation
and operating environment is completely different. There are no
off-the-shelf solutions especially for integrating new and old
technologies and applications. We specialize in making applications talk
to each other and integrating peripherals into existing software
environments.”

Tom Chase, general manager for Sovidian, told Threat Level that the
company hasn’t had any banking or finance customers since 2004, and that
Caverly hasn’t worked there for years. Though he’s still a major
investor in the business, he has  ”very little involvement” with it now,
said Chase.

“I am absolutely, completely shocked [by the charges],” Chase said. “It
doesn’t sound like something he would do. This is just absolutely crazy.”

Caverly took the job with Bank of America some time around 2007, said Chase.

The charges were filed the same day that credit card company Visa warned
the banking industry that Eastern European ATM malware recently showed
up in America for the first time.

That code, initially spotted last year on some 20 ATMs in Russia and
Ukraine, was designed primarily to capture PINs and bank card magstripe
data, but also allowed thieves to instruct the machine to eject whatever
cash was still in it. At the time, security firm Trustwave warned that
the malware was likely headed for ATMs in the United States.

At least 16 versions of the East European malware have been found so far
and were designed to attack ATMs made by Diebold and NCR, according to
the April 1 Visa alert.

There is no information tying the malware found in Russia with the
malware allegedly used by Caverly. Bank of America did not immediately
respond to a call for comment about the case, but told the Associated
Press that the bank discovered the thefts internally. Caverly’s attorney
did not return a call.

Nick Percoco, vice president and head of Trustwave’s SpiderLabs Incident
Response Team, said the malware does sound like it could be the malware
found in East Europe or a version of it.

“[Caverly] could have obtained a copy of that and modified it for his
own use,” he told Threat Level. “But the ability to dispense cash
without recording activity — that was definitely a feature of the East
European malware.”

**********
Dit bericht is verzonden via de informele D66 discussielijst (D66 at nic.surfnet.nl).
Aanmelden: stuur een email naar LISTSERV at nic.surfnet.nl met in het tekstveld alleen: SUBSCRIBE D66 uwvoornaam uwachternaam
Afmelden: stuur een email naar LISTSERV at nic.surfnet.nl met in het tekstveld alleen: SIGNOFF D66
Het on-line archief is te vinden op: http://listserv.surfnet.nl/archives/d66.html
**********

More information about the D66 mailing list