Russian tech award winner charged with self-serve machine hack

July 12, 2013

Smart, yes — but then again, no. The Irkutsk student who took second-place honors in the 2012 All-Russian Information Technologies contest has now been charged with reprogramming a payment kiosk in order to steal the cash it held.

The 19-year-old student reprogrammed the payment kiosk with a software program he devised himself, according to the press service of the Irkutsk region's Ministry of Internal Affairs. Security guards from a nearby shop noticed suspicious activity near the kiosk and alerted the police, who took quick action and arrested the hacker on the spot.

Specialists from Department "K", the computer crimes unit of the Russian Interior Ministry, said that after hacking into the self-service unit, the student commenced sending money to SIM cards that had been registered using fictitious data. He managed to transfer around $2000 before he was apprehended.

Last December in Irkutsk, fraudsters hacked into an ATM, then used their own bill acceptor and a single bill to carry out multiple transactions totalling $300,000. To cover their actions, the thieves used a service card to remove logs from the transactions.

Pavel Efremov, head of technical support and integration at SafenSoft, a provider information security solutions for self-service devices, said that self-service device operators and users should not forget that "basically just a computer," most probably with a Microsoft Windows operating system onboard.

"Such systems have many different vulnerabilities ready for exploiting by anybody with some technical skill and imagination," Efremov said. "You need to defend the system not only against the known malware using the 'black list' and signature scanning technologies; you also need to take unknown malicious code into consideration, especially given that self-service devices cannot update their antivirus databases well.

"Additionally, you need to control the insider activity and external device connections," he said. "Ignore any of these points and you give a cybercriminal an easy way into modifying parts of the software."

Read more about security.

Topics: Security , Software

Sponsored Links:

Related Content

Latest Content

comments powered by Disqus