Over 100 banks hit by sophisticated cyberattack

AFP News – Sun, Feb 15, 2015

2users liked this commentRate a Thumb UpRate a Thumb Down0users disliked this comment

Yup  •  15 hours ago Report Abuse

I have been working in electronic banking for 19 years.

This is just another example of bad journalism.

The ATM machine is connected to the network via Ethernet, or a leased phone line if the machine is remote. Nobody can command the ATM machine to dispense money. The ATM machine does not have commands that say, "Dispense 4 bills". That cannot happen. Furthermore, all ATM machines use triple DES encryption. There is no known weakness.

However making small transfers of a dollar at a time is possible. But that has nothing to do with ATM machines.

1 Reply

• v1/comments/context/efb25039-23d0-381a-873d-94f5305d7a6f/comment/1424044223809-a69f38ec-7cb7-4466-aa29-74fec342984f/reply/00002S000000000000000000000000-4496731c-2829-4e7f-b29b-fbf7cd63a64e
  

  

  0users liked this commentThumbs UpThumbs Down0users disliked this comment

  .  •  2 hours 29 minutes ago Report Abuse
  

  Not true. Barnaby Michael Douglas Jack the well known hacker did that in the past before he passes.

• 

  0users liked this commentThumbs UpThumbs Down0users disliked this comment

  ricky l • a second agoRemove
  

  In other words, the ATM network is not connected to Internet - but a separate Ethernet network or phone line dialup network - that is why Internet hackers cannot hacked.
  
  But Internet banking is not using a separate network - it is using Internet where hackers will have plenty of time to hack - regardless the layer of defense built in Internet banking.

  

  0users liked this commentThumbs UpThumbs Down0users disliked this comment

  ricky l • a second agoRemove
  

  Also do not assume that encryption technique is foolproof - it will cause delay in breaking the encryption but it does not mean unbreakable.
  
  Otherwise, nobody is talking about researching into quantum physics to decrypt known encryption technique such as 3DES, AES. 

  

  0users liked this commentThumbs UpThumbs Down0users disliked this comment

  ricky l • a second agoRemove
  

  If ATM network is a separate Ethernet network - why not extend to Internet banking and eBanking - as Intranet Banking - so that it will not expose to Internet hackers? 

  

  0users liked this commentThumbs UpThumbs Down0users disliked this comment

  ricky l • a second agoRemove
  

  Very easy to roll out a separate Intranet network - just get a few fibre strand to connect as different lambda of different frequency to form a separate DWDM or SDH network in the Telco backbone.
  
  Configure a separate MPLS network - for connection to Ethernet network, Wi-Fi access points and 3G/4G base station for intranet access.
  
  Then a new intranet network for eBanking is up and running - without connectivity to Internet. 

  

  0users liked this commentThumbs UpThumbs Down0users disliked this comment

  ricky l • a second agoRemove

  Separate eBanking web portal for intranet banking supported by Intranet directory service, 2FA, BYOD, security posture assessment, VDI, port authentication with separate intranet SSID, APT, SSL VPN, VPN IPsec.
  
  So can the internet hackers hacked - when they are not able to access the Intranet physically and virtually?