What caused the change to Windows XP? The American's With Disabilities Act.
ATM's were required by law as the result of several lawsuits to become more "friendly" to those who are blind, hard of hearing or deaf. Couldn't do that with character based mainframe 3270 software so many banks chose to go to Windows XP, some chose to go with Windows XP Embedded, others chose to go with a customized version of Windows XP Embedded for POS (point of sale. This is the version that was compromised in the Target retail stores breach.)
The bank I worked for (which I will not name..) at the time spent alot of time, effort and money to create a highly secure network for the XP enabled ATM's. We used customized software as many did, to present the User Interface for the ATM and relied heavily on our ability to implement tiered security: Within the ATM Software itself; The XP Embedded OS; ATM device breach monitoring (ie: someone attempting to open the device); hardware monitoring (ie: money grabber device, terminal display, physical ATM Buttons and on-screen UI's; audio jack input monitoring; and finally the Windows XP Embedded OS itself.
One of the keys to successfully locking down and monitoring XP Embedded was to secure the boot process by making sure no other boot device could be plugged into the ATM Hardware. This meant acquiring custom hardware that eliminated physical USB devices for example, and did not contain extra ports on the motherboard to connect other boot devices (CD/DVD devices for example.)
Additionally, Firmware on the motherboards was protected with complex passwords (non-dictionary type) making it as difficult as possible for a hacker who managed to gain physical access to the device to change the system configuration that way.
The other thing we did was secure the boot process forcing the ATM to validate the checksum of the core Windows XP Embedded OS, drivers, monitoring and security agents on the device itself against our back end systems. Any discrepancy would cause the ATM to automatically go out of service which would trigger an alert in our ATM NOC.
The network segment that our ATM's were on was also an isolated network, separate and non-routable to core banking systems. If our ATM network was to be breached, it would be contained ONLY to the network segment that the ATM devices was on.
It was just over a two year project to upgrade the more than 2,500 ATM's the bank I worked for (at the time) had.
Funny thing about the entire project for me was, I did not have an ATM card at all until I started working on the project.
BTW: I read the security analysis/write-up on the Target Retal Store breach yesterday which was a very sophisticated and long running breach. Target's breach was EASILY preventable if they had taken some of the security measures I identified above. There is literally no excuse for their lax security and anyone who continues to shop at Target is a fool.
The hackers that breached Target had easy and prolonged access to Target's entire network. They setup shop on one of Target's web servers from which they had unfettered access to the rest of Target's network. That's inexcusable.
Further, they were able to create their own virtual zombie servers on Target's core network from which they were able to deploy the malware that "infected" Target's Point of Sale Windows XP Embedded for Point of Sale Systems.
That malware was able to skim the memory of the POS systems reading credit cards directly from the credit card swipe device, then picking up the PIN by scraping memory.
That information was sent from every Target POS system to a database constructed by the hackers on Target's core network.
Here's where it gets really, REALLY bad. The Hackers were unable to setup a persistent connection to connect to a server outside Target's network -- so they constructed a database on Target's core network and then manually connected whenever they wanted to the same webserver they'd breached, and then connected to the Database they constructed inside Targets network (again, whenever they wanted and extracted the data from their database, manually FTP'ing it to one of their own servers outside Target's network.
Target's breach was easily preventable and is entirely unexcusable. This is why I say anyone who shops at Target going forward (and uses a credit or debit card) is a fool. If you must shop at Target -- PAY CASH!
The hackers that breached Target had highly customized the malware to avoid dectection and specifically work on Target's Windows XP Embedded for POS systems.
Now how did the hackers know Target was running Windows XP Embedded for POS systems? One of two ways. First, they had prolonged access to Targets systems so they could have discovered on their own that was the OS running Target's POS Systems OR Second, it was an inside job.
It's one of the two, and wouldn't I love to be a fly on the wall listening to the FBI discussions when they were trying to figure it out (if they even HAVE figured it out!)
For the next 6 months, you’re probably correct. However, I think after that Target will have the most secure paypoints in the United States. If not, they deserve to go out of business.
That situation with Target did not affect Target Canada, because Canada’s banking system makes it very difficult for things like that to happen. Canada’s financial sector is probably close to the most secure in the world. When there is a breach of somebody’s bank account, in Canada, it’s usually due to carelessness of the individual, not because they breached the bank’s firewalls.
Thanks. I've been researching this.
Will you please supply a link or two?