"Once the attackers get in through the back-end systems, they essentially camp out," says Percoco. "It is cash, so it is real money; it's not like they are charging to a credit card and have to sell the goods."

Among recommendations to its customers, Diebold asked that banks and ATM owners periodically change the kiosks' administrator passwords and ensure that the firewalls are active. Diebold believes that attackers had to have physical access to the systems to load the malicious software in the first place. "To the company's knowledge, this is the first incident dealing with a physical attack and installation of illegal software within the ATM unit," Diebold said in a statement issued at the time.

NCR, the leading supplier of ATMs worldwide, has taken a multilayered approach to securing its cash machines. The company uses a technology, known as Solidcore, that prevents unauthorized code from running on its Windows-based systems, and it recommends that customers lock down the Windows XP operating system by using the built-in firewall and virtual private networking. Other security features include physical measures to make it apparent if a fraudster attaches a device to steal card information to the ATM, a mechanism to prevent such devices from easily reading bank cards, and ink that stains stolen cash.

Representatives for both NCR and Diebold denied that any of their machines were to be the focus of Juniper's demonstration, however.

The operating system used in the affected system, Windows CE, poses hurdles to a quick fix. Microsoft recommends that Windows CE is used for "low-end cash-dispensing ATMs," while Windows XP Embedded and Windows XP Professional are used on more full-featured ATMs, according to a white paper on kiosk and ATM operating-system platforms issued by the software maker. Windows XP Embedded, the latest version of which is Windows Embedded Standard 2009, and Windows XP Professional are more secure because they are easier to update, the software giant says. A Microsoft representative stated that the software giant had "no specific information related to Black Hat or Juniper's canceled talk."

Nearly 56 percent of ATMs in the United States run some form of the Windows operating system and are connected to some form of network that can facilitate updates, according to the TowerGroup, a financial consultancy. The remaining devices run an older operating system, IBM's OS/2, and typically have no network connection. Because ATMs typically last a decade or more, the older OS/2-based machines will remain in use until about 2012, says Nicole Sturgill, research director for delivery channels at the TowerGroup.

Sturgill expects cybercriminals to find new ways to attack cash machines. "It's a continuing cat-and-mouse game," she says. "It does not matter how good you have it: ATMs will always be a place to access cash, so criminals will always be interested in finding a new hole in the ATMs."