No legal threats after all

Jul 19, 2010 17:34 GMT  ·  By

A security researcher thought to have canceled his presentation on ATM crimes at the Hack in the Box (HITB) Europe security conference earlier this month because of legal threats coming from ATM vendors, says he was simply faced with logistical issues that day. He also stresses that his team has already decided long time ago not to disclose sensitive ATM vulnerabilities publicly.

Two weeks ago, citing a credible source, we reported that a reputed European security expert named Raoul Chiesa was pressured legally by ATM vendors into canceling his speaking engagement at Hack in the Box Europe, a security conference held in Amsterdam at the end of last month. Mr. Chiesa was scheduled to give a presentation covering ATM fraud issues.

In a press release sent today to our redaction by @ Mediaservice.net S.r.l, a Turin-based security consultancy company founded by Mr. Chiesa, it is clearly stated that “No manufacturer or system integrator of ATM nor financial and banking institutions have [ever] threatened Mr. Chiesa or the company @ Mediaservice.net, which makes of professional ethics one of its major strengths.”

It is further explained that the true reason for the cancellation was logistical in nature and prevented him from being in Amsterdam on that day. The presentation was called “3rd Generation ATM frauds” and part of the research it is based on was previously published in a 2009 European Network & Information Security Agency (ENISA) report.

The press release also reveals that @ Mediaservice.net has so far identified fifteen high-level vulnerabilities in ATMs. They are categorized as common errors (12) and complex attacks (3). The company is also involved in researching other ATM security issues it calls “theoretical vulnerabilities.”

It is stressed that the team Mr. Raoul Chiesa is part of, practices responsible disclosure and has decided since a long time ago not to make details about such vulnerabilities public. However, the company does work with industry associations behind close doors to help mitigate any attacks that might lead to significant financial losses.

You can follow the editor on Twitter @lconstantin