Alexey Osipov Lead Expert on a Penetration Testing Team at Kaspersky Lab. An author of variety of techniques and utilities exploiting vulnerabilities in XML protocols and telecom equipment security. Author of advisories for various vulnerabilities for major ATM vendors. A speaker at international security conferences: Black Hat, Hack in Paris (presenting the paper on ATM vulnerabilities), NoSuchCon Paris, Nuit du Hack, Positive Hack Days, HITB GSEC, Chaos Communication Congress and others.

ATM: every day trouble

ATM is a perfect target for criminals. Successful attack gives them real cash, instead of bytes and bits on accounts in Panama. When people spend thousands of dollars (not Zimbabwe dollars, US ones) in shopping malls, attacker get millions from ATMs at the same places. When bankers read financial ratings, hackers clean out their banks. In our presentation, we will cover topics on how to create botnet from ATM network, that will gather all card data, network attacks specific to ATMs connection to processing centers, direct control of the ATM software. PS: This overview of the security issues in cash machines is not intended as a hacking guide.

Presentation’s Co-Presenter is Olga Kochetova, Senior Penetration Testing Specialist at Kaspersky Lab.