Diebold is committed to keeping its customers informed on the latest security risks affecting the industry and provides recommendations on how to protect consumers and financial institutions from automated teller machine (ATM)-related crime.

Several weeks ago, Diebold issued a global security alert to its customers warning of the risks associated with an isolated incident involving Opteva® ATMs in Russia and sent a critical software update as a precautionary measure to help protect against this threat.  News of this security threat has recently been reported on several IT Web sites and security blogs.*

What we know

Criminals broke into a number of ATMs in Russia and installed illegal software. This crime required an aggressive, physical break-in with high-tech expertise once the inside of the ATM was accessed.  The isolated physical attacks in Russia were perpetrated against ATMs using a Windows®-based operating system.  Several criminals have been apprehended by law enforcement as suspects in these break-ins.  To the company’s knowledge, this is the first incident dealing with a physical attack and installation of illegal software within the ATM unit.

Our actions / recommendations

At this time, Diebold is working with customers to install security enhancements to help mitigate these and other threats.  In addition, Diebold is reviewing customers’ physical and logical security implementations to ensure they are consistent with Diebold and industry best practices.  These efforts are ongoing.

A process implementing periodic changes to the Windows® administrative password is recommended. ATMs should also have the Windows® desktop disabled.

The Sygate/Symantec firewall software provided with Diebold Agilis® software should be operational and should be configured to assure the ATM may only communicate with authorized system addresses. Diebold Windows®-based ATMs that do not have a Diebold hardened Windows® operating system installed should be modified to reduce risks of unauthorized access.  Please review the security update for more information.

Our position

It is important to stress that Diebold ATMs with properly configured operating systems, firewalls, passwords and other physical and logical security measures are not at risk for most software exploits.  However, additional layers of security and security enhancements are always important and appropriate.  In fact, these enhancements are routinely introduced into Diebold automated teller systems to address potential vulnerabilities at various layers of the system software. Diebold authored a best practice white paper which is posted on the Center for Internet Security site.  It identifies the properties and characteristics of an appropriately hardened system and can be referenced at www.cisecurity.org/resources.html.

Crimes related to ATMs are attempted frequently.  Diebold has extensive experience in managing security threats and has responded proactively to notify customers of this previously reported risk. Recognized as an industry innovator for 150 years, Diebold is a trusted partner that continues to develop revolutionary integrated solutions safeguarding your most-valued assets. As crime becomes more sophisticated and aggressive, Diebold will continue to design and implement comprehensive security solutions by proactively addressing the immediate and critical security needs of its customers.

If you have questions concerning this security update or require assistance to reduce the risk of criminal attack against your ATMs, please contact us at 1-800-806-6827 or e-mail
atmsecurity@diebold.com.

       * Diebold has not verified and/or endorsed the content of any of these reports.