Teacher
Professional
- Messages
- 2,670
- Reaction score
- 791
- Points
- 113
Are you too tough with protection? Who hasn't used an ATM. Came up, put it in, got it. Everything is so simple that even a child can understand it. However, the question is, whether it is possible to deceive the iron machine. You watch The Terminator and it seems that everything is elementary. Is it really?
It turns out that things are not so simple. Clever uncles tried to protect the box with money from encroachments. As a result, hacking protection is more expensive for yourself. And then the geeks were not at a loss, realizing that they could directly spy on the pin code, then making a dummy card. With the introduction of visual protection, this has become far from secure. I decided to find out how the ATM protection works, as they say, first-hand.
VISUAL PROTECTION
Visual protection of ATMs, according to ISS Sales Manager, Aleksey Nikolaevich Mendelev, is now the most relevant and in demand. Previously, much less attention was paid to this issue. First, almost all banking networks were corporate (access was severely restricted) or well guarded. Therefore, the need for additional remote monitoring automatically disappeared. Secondly, the X.25 data transfer protocol used is very "narrow", the maximum data transfer rate is no more than 8 Kbps. For the transmission of text information, this was quite enough (a text message during transactions usually does not exceed 300-400 characters), but transmitting video was simply unrealistic. Not only will the video "not crawl" by itself, it will also clog the financial information transmitted in parallel.
With the development of public networks and the emergence of many unguarded ATMs on the streets, the problem of visual protection has become more urgent. There were frequent not so much hacking attempts as vandalism and a desire to disable the device without any sense. At first, we limited ourselves to sensors only: for shock and temperature. The first, respectively, was triggered by significant vibrations, and the second - by an increase in temperature. The ATM itself does not vibrate by definition, so the triggering of the sensor on impact indicated an outright interference from the outside. There was a signal from the sensor, the task force left, and they were sorted out already on the spot. The temperature sensor was insured in case of fire. Moreover, an ATM is, in fact, a large safe, which is poorly ventilated in order to limit itself from external atmospheric influences (consider it like a tin can).
Additionally, specific sensors are installed. For example, there is the concept of "opening a safe under duress", when a security guard opens an ATM safe at gunpoint. Moreover, in this case, remote visual observation will not save if the robber threatens with a pistol from around the corner. This is where an invisible but effective sensor comes to the rescue, notifying about the opening of the safe. If confirmation of the opening is not received from the guard, action is taken.
But taking any strong kick on an ATM is stressful, and putting a security guard at each ATM is not an option. Then they seriously thought about remote visual observation. Plus, there were not uncommon cases when the little boy grabbed a card from his dad, stomped to the ATM and withdrawn cash. The system did not track any crime, since the pin code was entered, the money was withdrawn, everything is normal. Then the prankster put the card back neatly, as if that were the case. Dad, after some time, discovers a loss on the account and declares that he did not withdraw money. In the case of making and using a dummy of someone else's card, the situation is completely similar. The money is withdrawn correctly, but not by the owner. The presence of a video archive made it possible to resolve such controversial situations. It was enough to link the transaction archive with the video archive in time to understand
IMPLEMENTATION
In the meantime, a lot of advanced video data compression technologies have appeared, but any codec that exists today will not provide a compression of more than 0.5 Kb per frame. There were two ways out. The first is the laying of a separate (parallel) channel (up to fiber optic), through which only video is chased, displaying everything that happens in real time. But this is not always possible, and it is also expensive. Therefore, the second way out is the transmission of individual frames (frames) via the X.25 protocol, with their imposition on information about the transaction.
Pictures are tied to individual events: came up, inserted (card), date, full name of the owner, face of the person who uses the card, etc. In this case, two cameras are installed: one looks at the face, and the second at the hands at the time of issuing money (the camera does not capture the PIN code input). Then the pictures are transmitted to the control point, allowing you to monitor the operation of the ATM in real time. It turns out a kind of event protocol with pictures that allows you to combine financial information with visual information. A kind of single source of information from which it is immediately clear how it happened, who is to blame and what to do. Now, when the sensors are triggered, you can evaluate whether you need to go or if this is a false alarm.
It is possible to configure the system by sending pictures, say, a minute before the event and a minute after the event. Or perform "hot recording" - pictures during a transaction are made after a certain period of time, for example, every 15 seconds.
In addition to pictures, the real video is still written, but to the local hard drive of the ATM, which is also located inside the safe. If necessary, you can pick it up and restore the full picture of what is happening, using the previously obtained frames as key frames for finding the necessary time intervals. The data is all digital, so the search is almost instantaneous. The hard drive itself is quite capacious and is capable of recording video information for up to 45 (!) Days (continuously).
PROSPECTS
Alexey Nikolaevich willingly shared his plans in the field of visual protection of ATMs. The main idea is to integrate a face recognition system. The development of such systems has been going on for a long time, but the first-borns were ineffective. The point is to connect all ATMs to one database and synchronize. If a suspicious person appears at any ATM, the repeated appearances of the suspect at this ATM and the adventures of others will be automatically recorded, and, if necessary, access to all ATMs will be blocked. In other words, the system will help hedge against repeated hacking attempts and increase the effectiveness of visual protection in general.
PROTECTION OF TECHNOLOGY
"There is nothing special, the same communication channels, the same protection methods," commented on my question about the security of ATM networks, the head of the software development department of LANIT Alexey Valentinovich Karitich. payment systems have their own defenses, which are incorporated directly into the technology - cryptographic protection of the pin-block and verification of the message signature for authenticity (the message is open, but a certain code is calculated to determine the message's validity). "
Theoretically, of course, it is possible to take an ATM, drag it to a secluded place, connect it to a pseudo-host and issue a command to issue money. But you need a pseudo host and a big pocket to take away the ATM unnoticed. And in order to adjust the pseudo-host interface so that it correctly masquerades as a real host (ATM management system), you need to know all the keys that encrypt messages between the real host and this ATM.
It is theoretically possible to wedge into the channel itself without touching the ATM. Only in practice, the cable is not lying on the floor, and there are no places to connect, or you will be quickly spotted. And the equipment for connection will cost more than you pump money out of an ATM. It's easier to forge a card (duplicate) - the main threat to ATMs now.
But to make a dummy card, you need data and a pin code. Pin-code is elementary peep. Therefore, recently in the screensavers on ATMs they write something like "The enemy is listening, spying - look around, cover the pin with your hands!" The data can be obtained by connecting to listen. To do this, you will have to attach an overlay to the ATM reader in order to read track-2 cards, which, again, is practically impracticable - they will spot you before you finish.
CRYPTO PROTECTION
Alexey Valentinovich told how the transmitted information (including the PIN code) between the ATM and the central banking network is protected. Only the pin code is encrypted. Cryptography is implemented according to a symmetric scheme with a private key (DES-algorithm). Previously, this was enough, but now the capacities have increased, and it has become easier to crack such encryption. Then they began to use the Triple DES-algorithm - in fact, this is encryption with the same DES-algorithm, but sequentially 3 times. Opening resistance, respectively, increased by 3 orders of magnitude. This is more than enough for now. Perhaps, over time, this algorithm will not be enough - they will come up with something else.
But there was no point in encrypting the rest of the terminal equipment messages accompanying transactions, since they only carry service information. That is, all information, with the exception of the pin code, "runs" through the channels in a readable form. But a certain checksum is checked, which is calculated using the secret keys using the same DES algorithm. This allows you to check all messages for plausibility in order to avoid possible transmission errors and intrusion of intruders into the system from the outside.
The keys used for encryption do not live in clear text, they are known only to the ATM and the host between which the exchange is taking place. Not only does each ATM have its own keys, they also constantly change (the frequency can be any). Only the host's master key, which encrypts all the other keys of the ATMs connected to this host, lives for a long time.
FUTURE
Aleksey Valentinovich described the prospects as follows: "There will be nothing particularly new and revolutionary. Cryptoalgorithms are becoming more complicated, and more and more resources are required, both for protection and for hacking." The main drawback that currently exists is the openness of messages. Still, there is a possibility of connecting from the outside and using this information for their own purposes. It will not be possible to open accounts with its help, but it is possible to get some information about users and amounts. Therefore, all traffic (including messages, not just the pin code) is now beginning to be encrypted, in the near future all channels will be protected in this way.
The effectiveness of video surveillance in ATMs is confirmed by a real case. One of the ATM users tried to get money, but the mechanics refused and did not give out the money for a long time, "spitting out" the card back. The cardholder hesitated, spat and went about business. And the money went to the one who stood behind him (the mechanics woke up). At the same time, the camera showed who took the money. In principle, it would be difficult to find a random owner of the "bonus" by the face, although it is possible. But he immediately made a mistake by inserting his card. Calculating the owner of the card was elementary.
There was a time in Europe when ATMs were literally pulled out by excavators and other mechanical devices, hoping for easy money. Almost all cases ended in arrest on the spot, the rest were caught on the way home with a torn out safe. There was a similar case in Russia. They drove up the car and pulled the ATM out of the wall into a stupid one. The robbers were detained thanks to the sent jpg images, which showed the license plates of the car and the face of one of the robbers.
The meaning of street ATMs - the equipment that processes and sends the video stream from external cameras - is located separately from the ATM. Either in a bank branch, next to which there is an ATM, or in a special room, which is guarded separately and it is very difficult to get there. That is, the camera "captured" you - you can write a will. When the criminals were stopped on the outskirts of the city, they were pleasantly surprised.
Peeping a pin code is relevant not only because it is the easiest way to find it out. The point is that the entered PIN-code in "pure" (unencrypted) form can only be recognized when entering. Even in the ATM itself, it "walks" already encrypted, not to mention the communication channels of the ATM and the central control system. Don't forget to look around before entering your pin code.
It turns out that things are not so simple. Clever uncles tried to protect the box with money from encroachments. As a result, hacking protection is more expensive for yourself.
With the development of public networks and the emergence of many unguarded ATMs on the streets, the problem of visual protection has become more urgent.
The triggering of the sensor on impact indicated an outright interference from the outside. There was a signal from the sensor, the task force left, and they were sorted out already on the spot.
It was not uncommon for the little boy to grab a card from his dad, stomp to the ATM and withdraw cash.
One of the solutions is the transmission of individual frames (frames) using the X.25 protocol, with their imposition on information about the transaction.
The main idea is to integrate a face recognition system. The development of such systems has been going on for a long time, but the first-borns were ineffective.
Theoretically, of course, it is possible to take an ATM, drag it to a secluded place, connect it to a pseudo-host and issue a command to issue money.
The data can be obtained by connecting to listen. To do this, you will have to attach an overlay to the ATM reader in order to read track-2 cards.
The keys used for encryption do not live in the clear, are known only to the ATM and the host, between which the exchange is taking place.
It turns out that things are not so simple. Clever uncles tried to protect the box with money from encroachments. As a result, hacking protection is more expensive for yourself. And then the geeks were not at a loss, realizing that they could directly spy on the pin code, then making a dummy card. With the introduction of visual protection, this has become far from secure. I decided to find out how the ATM protection works, as they say, first-hand.
VISUAL PROTECTION
Visual protection of ATMs, according to ISS Sales Manager, Aleksey Nikolaevich Mendelev, is now the most relevant and in demand. Previously, much less attention was paid to this issue. First, almost all banking networks were corporate (access was severely restricted) or well guarded. Therefore, the need for additional remote monitoring automatically disappeared. Secondly, the X.25 data transfer protocol used is very "narrow", the maximum data transfer rate is no more than 8 Kbps. For the transmission of text information, this was quite enough (a text message during transactions usually does not exceed 300-400 characters), but transmitting video was simply unrealistic. Not only will the video "not crawl" by itself, it will also clog the financial information transmitted in parallel.
With the development of public networks and the emergence of many unguarded ATMs on the streets, the problem of visual protection has become more urgent. There were frequent not so much hacking attempts as vandalism and a desire to disable the device without any sense. At first, we limited ourselves to sensors only: for shock and temperature. The first, respectively, was triggered by significant vibrations, and the second - by an increase in temperature. The ATM itself does not vibrate by definition, so the triggering of the sensor on impact indicated an outright interference from the outside. There was a signal from the sensor, the task force left, and they were sorted out already on the spot. The temperature sensor was insured in case of fire. Moreover, an ATM is, in fact, a large safe, which is poorly ventilated in order to limit itself from external atmospheric influences (consider it like a tin can).
Additionally, specific sensors are installed. For example, there is the concept of "opening a safe under duress", when a security guard opens an ATM safe at gunpoint. Moreover, in this case, remote visual observation will not save if the robber threatens with a pistol from around the corner. This is where an invisible but effective sensor comes to the rescue, notifying about the opening of the safe. If confirmation of the opening is not received from the guard, action is taken.
But taking any strong kick on an ATM is stressful, and putting a security guard at each ATM is not an option. Then they seriously thought about remote visual observation. Plus, there were not uncommon cases when the little boy grabbed a card from his dad, stomped to the ATM and withdrawn cash. The system did not track any crime, since the pin code was entered, the money was withdrawn, everything is normal. Then the prankster put the card back neatly, as if that were the case. Dad, after some time, discovers a loss on the account and declares that he did not withdraw money. In the case of making and using a dummy of someone else's card, the situation is completely similar. The money is withdrawn correctly, but not by the owner. The presence of a video archive made it possible to resolve such controversial situations. It was enough to link the transaction archive with the video archive in time to understand
IMPLEMENTATION
In the meantime, a lot of advanced video data compression technologies have appeared, but any codec that exists today will not provide a compression of more than 0.5 Kb per frame. There were two ways out. The first is the laying of a separate (parallel) channel (up to fiber optic), through which only video is chased, displaying everything that happens in real time. But this is not always possible, and it is also expensive. Therefore, the second way out is the transmission of individual frames (frames) via the X.25 protocol, with their imposition on information about the transaction.
Pictures are tied to individual events: came up, inserted (card), date, full name of the owner, face of the person who uses the card, etc. In this case, two cameras are installed: one looks at the face, and the second at the hands at the time of issuing money (the camera does not capture the PIN code input). Then the pictures are transmitted to the control point, allowing you to monitor the operation of the ATM in real time. It turns out a kind of event protocol with pictures that allows you to combine financial information with visual information. A kind of single source of information from which it is immediately clear how it happened, who is to blame and what to do. Now, when the sensors are triggered, you can evaluate whether you need to go or if this is a false alarm.
It is possible to configure the system by sending pictures, say, a minute before the event and a minute after the event. Or perform "hot recording" - pictures during a transaction are made after a certain period of time, for example, every 15 seconds.
In addition to pictures, the real video is still written, but to the local hard drive of the ATM, which is also located inside the safe. If necessary, you can pick it up and restore the full picture of what is happening, using the previously obtained frames as key frames for finding the necessary time intervals. The data is all digital, so the search is almost instantaneous. The hard drive itself is quite capacious and is capable of recording video information for up to 45 (!) Days (continuously).
PROSPECTS
Alexey Nikolaevich willingly shared his plans in the field of visual protection of ATMs. The main idea is to integrate a face recognition system. The development of such systems has been going on for a long time, but the first-borns were ineffective. The point is to connect all ATMs to one database and synchronize. If a suspicious person appears at any ATM, the repeated appearances of the suspect at this ATM and the adventures of others will be automatically recorded, and, if necessary, access to all ATMs will be blocked. In other words, the system will help hedge against repeated hacking attempts and increase the effectiveness of visual protection in general.
PROTECTION OF TECHNOLOGY
"There is nothing special, the same communication channels, the same protection methods," commented on my question about the security of ATM networks, the head of the software development department of LANIT Alexey Valentinovich Karitich. payment systems have their own defenses, which are incorporated directly into the technology - cryptographic protection of the pin-block and verification of the message signature for authenticity (the message is open, but a certain code is calculated to determine the message's validity). "
Theoretically, of course, it is possible to take an ATM, drag it to a secluded place, connect it to a pseudo-host and issue a command to issue money. But you need a pseudo host and a big pocket to take away the ATM unnoticed. And in order to adjust the pseudo-host interface so that it correctly masquerades as a real host (ATM management system), you need to know all the keys that encrypt messages between the real host and this ATM.
It is theoretically possible to wedge into the channel itself without touching the ATM. Only in practice, the cable is not lying on the floor, and there are no places to connect, or you will be quickly spotted. And the equipment for connection will cost more than you pump money out of an ATM. It's easier to forge a card (duplicate) - the main threat to ATMs now.
But to make a dummy card, you need data and a pin code. Pin-code is elementary peep. Therefore, recently in the screensavers on ATMs they write something like "The enemy is listening, spying - look around, cover the pin with your hands!" The data can be obtained by connecting to listen. To do this, you will have to attach an overlay to the ATM reader in order to read track-2 cards, which, again, is practically impracticable - they will spot you before you finish.
CRYPTO PROTECTION
Alexey Valentinovich told how the transmitted information (including the PIN code) between the ATM and the central banking network is protected. Only the pin code is encrypted. Cryptography is implemented according to a symmetric scheme with a private key (DES-algorithm). Previously, this was enough, but now the capacities have increased, and it has become easier to crack such encryption. Then they began to use the Triple DES-algorithm - in fact, this is encryption with the same DES-algorithm, but sequentially 3 times. Opening resistance, respectively, increased by 3 orders of magnitude. This is more than enough for now. Perhaps, over time, this algorithm will not be enough - they will come up with something else.
But there was no point in encrypting the rest of the terminal equipment messages accompanying transactions, since they only carry service information. That is, all information, with the exception of the pin code, "runs" through the channels in a readable form. But a certain checksum is checked, which is calculated using the secret keys using the same DES algorithm. This allows you to check all messages for plausibility in order to avoid possible transmission errors and intrusion of intruders into the system from the outside.
The keys used for encryption do not live in clear text, they are known only to the ATM and the host between which the exchange is taking place. Not only does each ATM have its own keys, they also constantly change (the frequency can be any). Only the host's master key, which encrypts all the other keys of the ATMs connected to this host, lives for a long time.
FUTURE
Aleksey Valentinovich described the prospects as follows: "There will be nothing particularly new and revolutionary. Cryptoalgorithms are becoming more complicated, and more and more resources are required, both for protection and for hacking." The main drawback that currently exists is the openness of messages. Still, there is a possibility of connecting from the outside and using this information for their own purposes. It will not be possible to open accounts with its help, but it is possible to get some information about users and amounts. Therefore, all traffic (including messages, not just the pin code) is now beginning to be encrypted, in the near future all channels will be protected in this way.
The effectiveness of video surveillance in ATMs is confirmed by a real case. One of the ATM users tried to get money, but the mechanics refused and did not give out the money for a long time, "spitting out" the card back. The cardholder hesitated, spat and went about business. And the money went to the one who stood behind him (the mechanics woke up). At the same time, the camera showed who took the money. In principle, it would be difficult to find a random owner of the "bonus" by the face, although it is possible. But he immediately made a mistake by inserting his card. Calculating the owner of the card was elementary.
There was a time in Europe when ATMs were literally pulled out by excavators and other mechanical devices, hoping for easy money. Almost all cases ended in arrest on the spot, the rest were caught on the way home with a torn out safe. There was a similar case in Russia. They drove up the car and pulled the ATM out of the wall into a stupid one. The robbers were detained thanks to the sent jpg images, which showed the license plates of the car and the face of one of the robbers.
The meaning of street ATMs - the equipment that processes and sends the video stream from external cameras - is located separately from the ATM. Either in a bank branch, next to which there is an ATM, or in a special room, which is guarded separately and it is very difficult to get there. That is, the camera "captured" you - you can write a will. When the criminals were stopped on the outskirts of the city, they were pleasantly surprised.
Peeping a pin code is relevant not only because it is the easiest way to find it out. The point is that the entered PIN-code in "pure" (unencrypted) form can only be recognized when entering. Even in the ATM itself, it "walks" already encrypted, not to mention the communication channels of the ATM and the central control system. Don't forget to look around before entering your pin code.
It turns out that things are not so simple. Clever uncles tried to protect the box with money from encroachments. As a result, hacking protection is more expensive for yourself.
With the development of public networks and the emergence of many unguarded ATMs on the streets, the problem of visual protection has become more urgent.
The triggering of the sensor on impact indicated an outright interference from the outside. There was a signal from the sensor, the task force left, and they were sorted out already on the spot.
It was not uncommon for the little boy to grab a card from his dad, stomp to the ATM and withdraw cash.
One of the solutions is the transmission of individual frames (frames) using the X.25 protocol, with their imposition on information about the transaction.
The main idea is to integrate a face recognition system. The development of such systems has been going on for a long time, but the first-borns were ineffective.
Theoretically, of course, it is possible to take an ATM, drag it to a secluded place, connect it to a pseudo-host and issue a command to issue money.
The data can be obtained by connecting to listen. To do this, you will have to attach an overlay to the ATM reader in order to read track-2 cards.
The keys used for encryption do not live in the clear, are known only to the ATM and the host, between which the exchange is taking place.
