Everyone rushing to change their LinkedIn password this week can probably relate to how security expert Henry Schwartz felt when an ATM built and designed by his employer was hacked. As he describes in his blog, it happened at a Black Hat conference in 2010, where tens of thousands of other people, including his boss, prestigious researchers, and journalists were in attendance:
“I won’t describe the details of Barnaby’s presentation; you can find it on YouTube, other than to say that he had two manufacturers’ ATMs on stage, and successfully attacked them both.
His attack on our ATM was local and required physical access to the internal electronics, while he remotely connected to our competitor’s ATM. He didn’t disclose technical details of how to perpetrate these attacks, it was more a demonstration that it was possible.
When our ATM began dispensing its cash, the crowd erupted into wild applause. It’s an interesting experience to have 5,000 people on their feet cheering with triumphant glee at your demise.”
The actual fallout wasn’t so bad. In fact, it pushed Schwartz to design a smarter, far more secure machine, and he found himself dealing with concerned customers in an open and honest way. Considering how easy it is for crooks to steal everything in our wallets, it’s reassuring to know someone cared.