...but how exactly does this stuff get into the ATMs? If they have to connect to the net to communicate with the banks then they shouldn't be visible to anyone else, and I can't imagine someone physically opening up one to plug a USB stick in.

I've never heard of Gasper before so checked Wikipedia.... I don't think you're referring to a marijuana cigarette, or a type of adjustable ventilation outlet used in aircraft or even a river in southwestern Kentucky, U.S.

Are you therefore referring to someone who engages in erotic asphyxiation...?!! If so, I demand to know more.

if there were just a PC inside of an ATM.

I don't know why but I've been shocked plenty of times to discover that things that look clever in fact only have old and aging PC's inside running on old OS's that surely must have many flaws.

I could be naive, as well, but my suspicion is that the ATMs in question are the privately owned NoNameCashSpot™ machines often found at gas stations and convenience stores, rather than bank-owned machines. (G**gle "own an ATM" and see how many companies are willing to sell one to any Tom, Dick, or Vladiszlav with cash in hand...) Someone comes in every so often to put cash in and unload the records (electronic or paper), and the store owners don't pay any attention 'cause it's not their machine.

Buy one, install the sniffer software and put it out someplace, upgrade the software whenever you go in to service it, and no one gives a rodent's rectum 'cause "it's just the guy servicing his machine."

It's why I try to avoid using those particular machines if at all possible.

I'm curious about the operating system (s) used for these ATMs and what privileges the typical technicians have on them. With such relatively static configurations, it would seem quite straightforward to lock these machines down and perform regular audits to counter these risks, even if the techs have admin rights.

Eirik Iverson

http://www.blueridgenetworks.com/products/edgeguard.htm