Why Crackers Prefer Windows on Cash Machines

Dr. Roy Schestowitz

2010-07-29 16:02:31 UTC
Modified: 2010-07-29 16:02:31 UTC

Summary: Windows makes a lot of money for the bad guys, who are exploiting Windows-based ATMs

ATMs that run Windows are running for criminals to take advantage of them. This is a subject that we covered many times before along with examples. See the following older posts for background:

Here is Slashdot's summary about the latest example:

"Windows CE-based ATMs can easily be made to dole out cash, according to security researcher Barnaby Jack. Exploiting bugs in two different ATM machines at Black Hat, the researcher from IOActive was able to get them to spit out money on demand and record sensitive data from the cards of people who used them. Jack believes a large number of ATMs have remote management tools that can be accessed over a telephone. After experimenting with two machines he purchased, Jack developed a way of bypassing the remote authentication system and installing a homemade rootkit, named Scrooge,"

This links to IDG, which says:

The machines Jack hacked were, however, based on Microsoft's Windows CE operating system.

And from ZDNet:

At the Black Hat security conference here, Jack demonstrated two different attacks against Windows CE-based ATMs — a physical attack using a master key purchased on the Web and a USB stick to overwrite the machine’s firmware; and a remote attack that exploited a flaw in the way ATMs authenticate firmware upgrades.

Glyn Moody cannot comprehend such a tactless choice of Windows CE for ATMs. He asks, "why not just leave the notes out in the open?"

It should be no surprise that Google's vulnerabilities in Chrome are sometimes caused by Windows' inherent insecurity and this time for a change, "Google patches Chrome, sidesteps Windows kernel bug," reports IDG. "Microsoft was not available for comment late Tuesday."

It it worth adding that many Firefox flaws are Windows-only as well. Sometimes GNU/Linux is also affected and this new article says that "Google also released workarounds for two vulnerabilities in external components, helping to protect from flaws in the Windows kernel and GNU glibc components." Nothing is infallible, but Microsoft tends to fail more often than the rest and it hides this. ⬆

The Solicitors Regulation Authority (SRA) Delusion - Part IV - Machos in Charge of the House (and System), Even If the Faces Are Female (Optics): basically a Windows/Microsoft (US) shop
Brett Wilson LLP Seems to Have Done for Roberto Foa What It Did a Year Earlier for the Serial Strangler from Microsoft: Repeat abusers (of the legal system) will misuse it as long as regulators do nothing
Where We Stand With the Winter Series: We'll need to protect names and sources
Gemini Links 10/02/2026: "The Last Messiah", Discord for Adults: Links for the day
Mobbing at the European Patent Office (EPO) - Part V - Strongest Strike Under António Campinos: SUEPO Munich is also reminding people of the threat of PIPs
Kyndryl CFO Harsh Chugh Comes From IBM (17+ Years): Who would want such a position?
IBM RAs (or PIPs) in London, England?: They try to keep the lid on it
International Buybacks Machines: Will the current US administration/regime look into IBM's accounting or only its mini me's?
IBM Could be the Next Kyndryl, a Dinosaur With Accounting Fraud: Many shareholders (or even pension funds) are taking a big hit today
Ian Murdock Died in San Francisco 10 Years Ago. Cops Led to His Death.: 10 years ago Ian Murdock died after cops had messed him up
US/Europe divergence: health & safety, criminality & Debian harassment culture: Open Digital Ecosystems submission F33370170: Reprinted with permission from Daniel Pocock
Links 10/02/2026: Splinternets and "Meta Goes to Trial in a New Mexico Child Safety Case": Links for the day
Russia and China Best Off Without GAFAM: What if they abandoned GAFAM?
Will Finns Put Out the Online Cigarettes?: More people recognise that the child porn site formerly known as "Twitter" and Cheeto/Pooh-tin controlled TikTok are no longer trustworthy
As the US Economy Sags Microsoft Layoffs Carry on (Now in Larger Waves Like 15,000 Per Season or 30,000+ Per Year): They try to avoid "negative" topics
GNU/Linux at 3.99% in Australia: now that Australians can no longer keep Vista 10
Microsoft Windows Falling: analytics.usa.gov Shows Rapid Erosion of Windows Market Share Since 'End of 10' (Vista 10)
Microsoft Windows Hits All-Time Low in The Netherlands in 2026: Europe needs to rid itself or wean itself off GAFAM
SRA: SLAPPs From Russian War Criminals and American Men Who Strangle Women Are Acceptable: The SRA, by inaction, is complicit in this
From Weber Shandwick (Microsoft PR) to Brett Wilson LLP (Hired Gun of the Serial Strangler of Microsoft): they basically tried to charge me a lot of money for a PR project of someone who strangled women
The Solicitors Regulation Authority (SRA) is Not a Regulator, It's Part of the Litigation "Industry" in the UK (They Overlap Each Other): Does nothing except talk about SLAPPs
In Finland, Microsoft Falls Behind Yandex (Russia): Bing has had many layoffs in recent years
Security More Advanced in Geminispace Than on the Web (Bloat): For real security, use Geminispace capsules, not Web sites
Slop at Microsoft is a Miserable Failure, Now Microsoft Takes the "Vista Route" (Paying People to Say Good Things About It): This is brainwash, it's meant to delay the implosion of the bubble
Rumours About February 2026 Microsoft Layoffs: Silent Layoffs or 30,000 Culled Tomorrow: Sooner or later (and soon) Microsoft will need to say something and file some WARN notifications
GNU/Linux at 12% in Guam, Based on statCounter (Compared to 2-3% a Year Ago): Guam's "uptick" in GNU/Linux usage started weeks after "end of 10"
Fighting Slop With the Public Domain (and Why Slopfarms Perish Faster Than New Ones Appear): We can combat the nonsense by producing more human-made works until the slop bubble implodes
After Employee Reviews at IBM Staff Expects Another Large Wave of PIPs and "RAs" (Layoffs): From what we can see in the "public Web"
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Monday, February 09, 2026: IRC logs for Monday, February 09, 2026
Is Europe Abandoning Digital Opium?: GAFAM-controlled social control media
Microslop is Slop, Slop is Considered "Quality": no wonder Microsoft's stuff breaks down so often
thelayoff.com Deletes On-Topic Discussions (Layoffs) While Leaving in Tact Pro-Corporate Trolling Made by LLMs (Slop): Who at thelayoff.com deems spam made by LLMs (slop) to be on-topic and unworthy of zapping, whereas actually on-topic and authentic threads get routinely deleted?
Gemini Links 09/02/2026: Great Salt Lake Ecological Observatory and Offpunk 3.0 "A Community is Born" Release: Links for the day
Links 09/02/2026: Mass Plagiarism and Pollution/FakeCoin Company Nvidia Contacted Anna’s Archives, Narges Mohammadi Gets Second Prison Sentence: Links for the day
GNU/Linux May Have Grown to 7% in Equatorial Guinea: Has there been some kind of mass migration there or is this just noise in the data?
Links 09/02/2026: Russia Intentionally Killing Civilians, Jimmy Lai Effectively Sentenced for Life for Publishing News: Links for the day
Microsoft Competitions, Addictions, and Popularity Contests Are Not Going to Help Perl, They'll Waste Everybody's Time and Give Microsoft More Control Over Its Competition: Microsoft does not like Perl
A Can of WORMS - Part IV - They Would Even Attack RMS for Criticising Autocrats (Saying This is "Politics"): Conforming to society's perceived expectations isn't how effective activism can ever be done or was ever done in the recent past
Gemini Links 09/02/2026: The Exploration Myth and Making JavaScript Fun: Links for the day
EPO Outrage and Maintaining the Pressure: A vending machine does not fall over after a first push
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, February 08, 2026: IRC logs for Sunday, February 08, 2026
"Low Performer" and "Underperformer" as Harmful Misnomers That Damage a Company's Reputation: Misnomers need to be avoided or called out
Expensive errors: Forbes Gold price, $44 billion Bitcoin given away by Bithumb, South Korea: Reprinted with permission from Daniel Pocock
Links 08/02/2026: Microsoft OSI (Openwashing Lobby) in Europe, Raised Against Social Control Media Provocateurs in EU: Links for the day
The Open Source Initiative (OSI) Lobbies for Microsoft in the EU, Promoting Proprietary Lock-in: OSI pushing and selling Microsoft and GitHub. OSI is Microsoft front group.
Getting the European Court of Justice to Annul the Illegal and Unconstitutional Unified Patent Kangaroo Court (UPC): We're still working on it
Finland's Dependence on GAFAM (US) Needs to be Lessened, EU Must Follow This Path: It's unwise to make one's entire national infrastructure (computer systems) dependent on a regime which compares its black citizens to monkeys and assassinates nonviolent dissenters
Links 08/02/2026: Microsoft GitHub as Burden on Developers and "The Chomsky Epstein Files": Links for the day
Gemini Links 08/02/2026: "Doing Not Much Tweaking" and "Reclaiming Digital Agency": Links for the day
Forbes: BitCoin, Cryptocurrency pages removed from investment database, links stop working: Reprinted with permission from Daniel Pocock
Bitcoin warning followed immediately by network outage: Reprinted with permission from Daniel Pocock
Money Funneled to Protection of Software Freedom, But Nothing Really Lost: Crossposted from personal site
They Tell Us Slop Replaces Workers, But the Reality Is, US Debt Has Surged 2,300 Billion Dollars in Six Months (the Economy is Collapsing): Oligarchy already entertains the option of running away to (or colonising) some other planet without pitchforks and "unwashed masses"
Mozilla Firefox Sinks to Just 1.5% in the United States: According to analytics.usa.gov
We're Still Fast: The site is even faster than the BBC's despite being on shoestring budget with only a small technical team
Gemini Protocol is Not a Waste of Time of Effort: We see more and more GNU/Linux- or BSD-focused bloggers turning to Gemini
Our Gemini Protocol Support Turns 5 Today: today is a rare anniversary for us
In Today's World, One Must be Tough and Principled to Get Ahead Morally: But not financially (sellouts)
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, February 07, 2026: IRC logs for Saturday, February 07, 2026
The Right Wing in the United States Does Not Support Free Speech, It Supports Its Own Speech: Free speech is often opposed by those who also oppose Free software
IRC is a Lot Better Than Social Control Media (They're Not the Same at All): A good social analogy for IRC is, there are many buildings with a party in each building
Microsoft 'Open' 'AI' is 'Dead Meat': Or 0xDEADBEEF as some geeks might call it
When Identifying "Low Performers" and "PIPs" Aren't About Improving Performance But Reinforcing a Clique in Your Company/Organisation: It's very troubling to see once-respectable brands like IBM and institutions like the EPO resorting to this
Slop and Flop (IBM), Slopfarms and Hybrids (Linuxiac): Did Bobby Borisov assume he would never get caught?
Crowdfunding vs Bitcoins: donations are better investment than digital tulip mania: Reprinted with permission from Daniel Pocock

Why Crackers Prefer Windows on Cash Machines

Recent Techrights' Posts