<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
h1
        {mso-style-priority:9;
        mso-style-link:"Heading 1 Char";
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:24.0pt;
        font-family:"Times New Roman","serif";
        font-weight:bold;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p
        {mso-style-priority:99;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri","sans-serif";
        color:windowtext;}
span.Heading1Char
        {mso-style-name:"Heading 1 Char";
        mso-style-priority:9;
        mso-style-link:"Heading 1";
        font-family:"Times New Roman","serif";
        font-weight:bold;}
p.published, li.published, div.published
        {mso-style-name:published;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
span.timestamp
        {mso-style-name:timestamp;}
p.first, li.first, div.first
        {mso-style-name:first;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
.MsoChpDefault
        {mso-style-type:export-only;}
@page Section1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
        {page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext="edit">
  <o:idmap v:ext="edit" data="1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body lang=EN-US link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span
style='font-size:24.0pt;font-family:"Times New Roman","serif"'>Hacker shows off
remote ATM exploit<o:p></o:p></span></b></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:12.0pt;font-family:"Times New Roman","serif"'>Posted Sun Aug
1, 2010 10:06am AEST <o:p></o:p></span></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:12.0pt;font-family:"Times New Roman","serif"'>A computer
hacker has demonstrated a technique to remotely make an ATM spit out cash using
the internet.<o:p></o:p></span></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:12.0pt;font-family:"Times New Roman","serif"'>New Zealand
researcher Barnaby Jack publicly showed off the &quot;ATM jackpotting&quot;
technique at the DefCon hackers conference in Las Vagas, in the United States.<o:p></o:p></span></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:12.0pt;font-family:"Times New Roman","serif"'>Mr Jack proved
his findings using two kinds of ATMs typically found in corner stores, bars or
other &quot;stand-alone&quot; venues in the US, but said the flaw likely exists
in machines at well-known banks.<o:p></o:p></span></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:12.0pt;font-family:"Times New Roman","serif"'>&quot;You don't
have to go to the ATM at all,&quot; Mr Jack said.<o:p></o:p></span></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:12.0pt;font-family:"Times New Roman","serif"'>&quot;You can do
it from the comfort of your own bedroom.&quot;<o:p></o:p></span></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:12.0pt;font-family:"Times New Roman","serif"'>Mr Jack says
banks use remote management software to monitor and control their ATMs.<o:p></o:p></span></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:12.0pt;font-family:"Times New Roman","serif"'>He says he used
a weakness in that software to take control of machines over the internet.<o:p></o:p></span></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:12.0pt;font-family:"Times New Roman","serif"'>He says his
method bypasses the need to submit passwords and serial numbers to access ATMs
remotely.<o:p></o:p></span></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:12.0pt;font-family:"Times New Roman","serif"'>Once in the
machines, he says he can command them to spit out cash or transfer funds.<o:p></o:p></span></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:12.0pt;font-family:"Times New Roman","serif"'>He says he could
also capture account data from magnetic strips on credit or bank cards as well
as passwords punched in by ATM users.<o:p></o:p></span></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:12.0pt;font-family:"Times New Roman","serif"'>&quot;When you
think about ATM security you generally think about the hardware side; is it bolted
down and are the cameras in position,&quot; Mr Jack said.<o:p></o:p></span></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:12.0pt;font-family:"Times New Roman","serif"'>&quot;This is
the first time anyone has taken the approach of trying to attack the underlying
software.<o:p></o:p></span></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:12.0pt;font-family:"Times New Roman","serif"'>&quot;It is time
to find software defences rather than hardware defences.&quot;<o:p></o:p></span></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:12.0pt;font-family:"Times New Roman","serif"'>Mr Jack did not
reveal specifics of the attack to hackers at the conference, but did tell ATM
makers about the flaw so they could bolster machine defences.<o:p></o:p></span></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:12.0pt;font-family:"Times New Roman","serif"'>&quot;I might
get my butt in hot water if I released the code,&quot; he said.<o:p></o:p></span></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:12.0pt;font-family:"Times New Roman","serif"'>&quot;I was
careful not to release the keys to the kingdom.&quot;<o:p></o:p></span></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:12.0pt;font-family:"Times New Roman","serif"'>Mr Jack says he
has grown wary of ATMs since discovering the remote exploit.<o:p></o:p></span></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:12.0pt;font-family:"Times New Roman","serif"'>&quot;I just
keep my cash under the bed now,&quot; he said.<o:p></o:p></span></p>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

<p class=MsoNormal><a
href="http://www.abc.net.au/news/stories/2010/08/01/2970075.htm?section=justin">http://www.abc.net.au/news/stories/2010/08/01/2970075.htm?section=justin</a>
<o:p></o:p></p>

</div>

<div><span style="font-size: x-small;"></span><span style="font-family: Verdana, sans-serif; color: rgb(0, 0, 255); font-weight: bold; "><span style="font-size: x-small;">CONFIDENTIALITY/ PROPRIETY NOTE:</span></span><span style="font-size: x-small;">

</span><div class="MsoNormal" align="center" style="text-align:center"><b><span lang="EN-US" style="font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;;mso-fareast-font-family:
&quot;Times New Roman&quot;;color:blue;mso-ansi-language:EN-US"><span style="font-size: x-small;">

</span><hr size="2" width="100%" align="center">

</span></b></div>

<p class="MsoNormal" align="center" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:
auto;text-align:center"><span lang="EN-US" style="font-family: 'MS Sans Serif', serif; color: black; "><span style="font-size: x-small;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
These messages including&nbsp;any attachments are intended only for the
addressee and may contain confidential, proprietary or legally privileged
information. If you&nbsp;are not the named addressee or authorized to receive
this mail, you shall&nbsp;not copy, forward, disclose or take any action based
on this message or any part thereof. </span></span><span lang="EN-US" style="font-family: Tahoma, sans-serif; color: black; "><span style="font-size: x-small;"><o:p></o:p></span></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-family: 'MS Sans Serif', serif; color: black; "><span style="font-size: x-small;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
In such case, please notify the sender of&nbsp;receipt of this message and
delete this message including any attachment to it from your computer system
immediately. The recipient&nbsp;acknowledges that the views, opinions,
conclusions and other&nbsp;information expressed in this message are those of
the individual sender and shall be understood as neither given nor endorsed by
IDFC* ,&nbsp;unless the sender does&nbsp;so expressly with due authority of
IDFC and&nbsp;IDFC shall not be liable for any errors or omissions in
the&nbsp;context of this message.</span></span><span lang="EN-US" style="font-family: Tahoma, sans-serif; color: black; "><span style="font-size: x-small;"> </span></span><span lang="EN-US" style="font-family: 'MS Sans Serif', serif; color: black; "><span style="font-size: x-small;">E-mail transmission cannot be guaranteed
to be secure or error-free as information could be intercepted, corrupted,
lost, destroyed, arrive late or incomplete, or contain viruses. The sender
therefore does not accept liability for any errors or omissions in the contents
of this message, which arise as a result of e-mail transmission.</span></span><span lang="EN-US" style="font-family: Tahoma, sans-serif; color: black; "><span style="font-size: x-small;"><o:p></o:p></span></span></p>

<p class="MsoNormal"><span style="font-family: 'MS Sans Serif', serif; color: rgb(31, 73, 125); font-weight: bold; "><span style="font-size: x-small;">*Includes IDFC and all its subsidiary
companies.</span></span></p>

<div class="MsoNormal" align="center" style="text-align:center"><span lang="EN-US" style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;;mso-fareast-font-family:
&quot;Times New Roman&quot;;color:blue;mso-ansi-language:EN-US"><span style="font-size: x-small;">

</span><hr size="2" width="100%" align="center"></span></div></div>


<div style="border-top: solid 1px black; border-bottom: solid 1px black;
 padding: 10px 0; margin: 20px 0; font-size: 9pt;
 font-family: Verdana, Arial, Helvetica, sans-serif;">This email has been
 scrubbed for your protection by SecureMX. For more information visit
 <a href="http://securemx.in/">securemx.in</a></div>

</body>

</html>