re: #312 Anymouse š¹
I imagine if North Korea thought they could do it, they would be deploying it in North America.
That said, deploying the malware in Africa (thousands of kilometers away) also gives them a test bed to improve the malware prior to attempting the North American ATM and retail payment systems.
For what itās worth, my wife the software engineer/librarian has always distrusted ATMs. She doesnāt have an ATM card for our checking account and is unhappy with me any time I use it. (She prefers we walk in the bank and fill out a withdrawal slip or cheque.)
Cards with the mag strips are notoriously insecure, which is why most Chinese and EU banks have switched to the āchippedā cards. Many American ATMs are behind the times, so I canāt use my newest Chinese bank card in them (it has no mag strip). ATMs can be hacked, but it is difficult to do remotely. As I understand that alert, the package gains access to the ATMs through the bankās servers, not directly to the ATMs, but I could be wrong. It is a common practice for ATMs to use some version of Windows, which is already a security event waiting to happen. Older ATMs in Africa and Asia probably run earlier or unpatched versions of Windows, which would be even more vulnerable to an attack.
The weakest link in ATMs is the card. If someone sees you enter the PIN and steals your card, there goes your money. Happened to me once in South Africa. Two guys working in tandem: one distracted me with a question while the other snagged the card from the ATM slot while I wasnāt looking.