22 July 2017
visit www.finastra.com

Crooks use USB sticks to infect ATMs and steal cash

06 January 2014  |  7392 views  |  2 ATM

Cyber-crooks have been cutting open ATMs to get to USB ports and installing malware which lets them empty the machines of cash, security researchers have demonstrated.

In a presentation, which can be watched online, at the Chaos Communication Congress, two researchers showed how hackers sliced open the ATMs of an unnamed bank and plugged in USB sticks containing malware.

Once the malware was installed and the ATMs patched up, the crooks used a 12-digit code to access a special interface on the machines which displayed a breakdown of how much money, and in what denominations, was in them.

With no honour among thieves, the malware required crooks to enter a second, one-time code to withdraw cash, which had to be obtained by phoning the gang leaders.

When the targeted bank realised that its ATMs were being hit, it stepped up surveillance and caught a man trying to cash out a machine. He was arrested with a malware-holding USB stick on him which was given to the security researchers for analysis.

The analysis suggests that the malicious code was designed only to remove cash - not to steal card data - and was written by a large and skilled team with a deep knowledge of ATMs, say the researchers. It had been written specifically to target one bank but could be of use against other machines running Windows XP.

Comments: (2)

Mark Sitkowski
Mark Sitkowski - Design Simulation Systems Ltd - Melbourne | 07 January, 2014, 04:35

Let me see if I understand this:

Two guys turn up at a bank, with a blowtorch, a five foot high acetylene bottle, and an oxygen bottle, and cut the corner off the cast iron ATM case. They then insert a USB stick, and carefully weld up the hole they made earlier. Right?

I have to ask myself whether even my bank would have noticed that something was wrong...

2 thumb ups! 2 thumb ups! (Log in to thumb up)
Vernon Crabtree
Vernon Crabtree - Equens - Utrecht | 08 January, 2014, 10:15

I always thought it was a risk that the steel around the housing of the electronics is thinner than the safe.  The air-vents look particularly easy to cut into.

If this sort of thing continues, it is another nail in the coffin for cash.

 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Cyber-crime cops bust malware ring behind £1 million bank thefts

Cyber-crime cops bust malware ring behind £1 million bank thefts

11 December 2013  |  5487 views  |  0 comments | 8 tweets | 5 linkedin
Five more arrests made in $45 million ATM cyberheist

Five more arrests made in $45 million ATM cyberheist

19 November 2013  |  4213 views  |  0 comments | 4 tweets | 5 linkedin
UK malware fraudsters convicted

UK malware fraudsters convicted

12 November 2013  |  5105 views  |  0 comments | 2 tweets | 11 linkedin
South African POS terminals infected with Dexter malware

South African POS terminals infected with Dexter malware

15 October 2013  |  7600 views  |  0 comments | 4 tweets | 6 linkedin
White hat ATM hacker Barnaby Jack dies

White hat ATM hacker Barnaby Jack dies

29 July 2013  |  4998 views  |  0 comments | 2 tweets
Slovenian cops arrest five over EUR2m malware scam

Slovenian cops arrest five over EUR2m malware scam

27 March 2013  |  4980 views  |  0 comments | 4 tweets
Researcher shows off ATM 'jackpot' hacks

Researcher shows off ATM 'jackpot' hacks

29 July 2010  |  12494 views  |  0 comments
Cash machine 'jackpot' demo pulled at request of ATM vendor

Cash machine 'jackpot' demo pulled at request of ATM vendor

01 July 2009  |  12580 views  |  1 comments

Related blogs

Create a blog about this story (membership required)
visit www.finastra.comvisit www.ncr.comvisit www.abe-eba.eu

Top topics

Most viewed Most shared
German fintech factory FinLeap raises EUR39 millionGerman fintech factory FinLeap raises EUR3...
13607 views comments | 19 tweets | 15 linkedin
Mastercard to buy AI outfit BrighterionMastercard to buy AI outfit Brighterion
9819 views comments | 14 tweets | 20 linkedin
Barclays rides payments-as-a-service wave with investment in Form3Barclays rides payments-as-a-service wave...
8796 views comments | 16 tweets | 12 linkedin
hands typing furiouslyThe Digital Trade Chain: the blockchain tr...
8349 views 0 | 8 tweets | 16 linkedin
Mastercard and Scotiabank join Enterprise Ethereum AllianceMastercard and Scotiabank join Enterprise...
7322 views comments | 25 tweets | 16 linkedin