4 years ago
Opelika, Alabama BancSource employee sold me hardw...
Opelika, Alabama BancSource employee sold me hardware that I latter discovered he'd stolen from his employer and/or their customers. There was a *massive* amount of sensitive bank information and data on hard drives that included cross-contamination by BancSource of sensitive customer information appearing in plain text files on *other* customers drives.
Quickie analysis found native security measures (firewall, etc.) had been disabled on operational ATMs from day one, default installation passwords were in use, and identical malware including keyloggers (useless against card readers and keypads but not against keyboards used during servicing) were present on multiple machines belonging to multiple customers. Extraneous information appearing on the drives included passwords, encryption key pairs, IP addresses, physical addresses, machine types, backup connections, customer NOC contacts and phone numbers, executable install files, executable install files for other manufacturer's machines, and lots more.
Oddly enough, notifications to the effected victims (some of which were repeated and have been completely ignored) that included proof of security breaches that include their data and/or sensitive information, the criminal is STILL EMPLOYED by BancSource and STILL SERVICING multiple victim's ATMs.
If this company's unskilled employees have any form of access to your network you need your head examined... Attached image is the oldest and least sensitive example I'll post pertaining to the many security breaches created by the BancSource employee - who was often selling used hard drives for $5 a pop to buy tobacco and Pepsi.
If an unskilled, brown toothed, foul smelling, homeless looking guy appears in a beat up truck with loud mufflers to service your account something went terribly wrong during or after your selection of vendors!