Why Am I So Paranoid? Oh yeah, Black Hat is Going On

Every year during the Black Hat conference, something crazy happens that makes me paranoid about things I use during my everyday life without really thinking too much about it.  Last year, it was the MD5 Collision Attack that allowed the attackers to create a rogue Certification Authority. This year, it’s ATMs.  A researcher by the name of Barnaby Jack developed his own custom rootkit for ATM machines that could be installed by dialing into the devices and exploiting the remote management software.  This rootkit allowed him to make the machines dispense money on command, which, I’m reasonably sure, is not how they are intended to function.  Lest you think this only allows the attacker to steal from the device and not from your account, he also developed custom firmware for the machines that can record account information from its users.

These types of inventive techniques are discussed at Black Hat every year; there seems to be no end to the ways technology can be exploited for less than noble intentions.  As security professionals, it makes our job a constant uphill battle.  But, it also serves as a reminder that all of us – not just those of us that work in this field – need to be mindful of how technology fits into our lives.  There’s an off chance that the ATM hack may wind up hitting you at some point – there’s not much you can do about that.  But, you can take the time to check your account balances to look for irregularities as often as you’d like.  It’s not a perfect solution, but short of putting all of your money in a mattress, it’s at least a step in the right direction.