Hackers Use Diebold Nixdorf Source Code

Once again, hackers have hit the jackpot. Diebold Nixdorf, a multi-billion dollar self-service point of sale and automated teller machine (ATM) manufacturer announced that cybercriminals had found a new way to dispense cash from their machines illegally.  The new software tool forced machines to dispense cash in a series of attacks across Europe.  The source of software used in the latest hacking tool is from Diebold Nixdorf.

Hackers have obtained Diebold Nixdorf's source code to build a new tool.  It is unclear how hackers could gain access to the machines' internal software, but insider threat is a possible cause.   In these attacks, cybercriminals start by breaking through the fascia of the machine.  Hackers proceed to unplug the USB cable that connects the CMD-V4 dispenser of terminals to attach a small electronic device. This device, known as the black box, connects to a diagnostic port on the ATM to spew cash. With the black box and Diebold's code combined, it triggers the machine to comply with the hacker's commands to dispense the money.  The black box was used frequently in many past attacks to jackpot ATMs. 

In theory, this technique allows hackers to plug the black box into network cables on the exterior of an ATM to gain cardholder information. From this, hackers can change the authorized withdrawal amounts from the host or impersonate as the host to discharge large amounts of cash. It does not appear that this method was used during the Diebold attacks but was a known method from the black box. 

A significant problem with all of this also includes physical access to ATMs.  Humans and technology can't monitor many machines because of their remote locations.  Thus, there is very little to prevent a criminal from tampering and to destroy the facade of the device. 

With SecureCircle, Diebold Nixdorf would prevent insider threats and data breaches by protecting their source code and avoiding black-box attacks.  SecureCircle persistently protects source code or any sensitive data at rest, in transit, and even in use without impacting end-users such as developers, changing business workflow, or increasing administrative overhead.