Crooks Have Been Hacking ATMs With Infected USB Sticks

It never ceases to amaze me: human ingenuity. I sometimes think how much better things would be if people's energy were directed in a more positive direction rather than that of crime.

Criminals will go to all lengths to cheat an ATM out of its cash. But now, a team of researchers has discovered that skimmers may be a thing of the past: crooks have been targeting cash machines directly using infected USB sticks instead.

The findings, presented at the Chaos Computing Congress in Hamburg, Germany and reported by the BBC, show that hackers have to physically cut holes into ATMs, then plug in USB drives that install code onto the cash dispenser.

The team of researchers—who have asked to remain anonymous—explain that the hack has been carried carried out on an "unnamed European bank's cash dispensers." First noticed in July, once the code was installed on an ATM the exploit could be run again again. Each time the criminals simply typed a 12-digit code into the ATM to launch a custom interface, allowing them access to the machine.

The software, which was successfully installed on four different ATMs, then allowed the criminals to see how much money was available in the machine, by denomination, along with options to dispense each kind individually. While that might sound needless, the researchers pointed out that it allowed the crooks to focus on the highest value banknotes. Never let it be said that criminals are inefficient.

The article went on to say there was even a built-in security feature to the hackers' code, which meant that the criminal at the cash point had to call another gang member for a numerical code to input before they could grab the bank notes. The researchers suggest that it was a mechanism put in place by the mastermind behind the software, to ensure none of his team went rogue.

Shows some sophistication!

Story
gizmodo.com...

I"m impressed.

i want one....reminds of the the first terminator movie...."easy money"

At least they are stealing directly from the banks now rather than the general public.

It is probably some ploy to make us think the only way our money is safe, is to have an implant!

reply to post by iamea


I'm sorry, I don't follow your logic...pls explain

To fight cyber crimes, we need cyber police. Perfect excuse for what's coming....if you know what I mean.

reply to post by Trueman


Gotcha!

I was jumping to the general public having implants.....cops first that's even better. Let them be the guinea pigs.


In fact this type of crime could be used as a platform for mandatory cop implants! Get back at 'em for all the anal probs....

And Sly Stallone and the like with their cyber cop movies...more Hollywood conditioning?

misscurious
At least they are stealing directly from the banks now rather than the general public.

That was my first thought too.

I wouldn't be surprised, though, if they're skimming card information too. Why stop at the cash in the ATM after all that work?

reply to post by ValerieDivusen


Yeah, if they could leave the usb in the machine for a specified time period to record each persons data or leave code that would do the same then retrieve it at a later time.....oops maybe we're giving them ideas.

No....Certainly, they're way ahead....

hackers have to physically cut holes into ATMs, then plug in USB drives that install code onto the cash dispenser

I'm appalled at the level of writing in this article. My first thought when reading this is that without an actual USB interface, one does not simply stick a USB into a "hole" and magically upload code.

Perhaps they could have mentioned that they cut holes to gain access to the inner technological components used for upgrades and maintenance.

But maybe that was implied?

reply to post by juniperberry


Yeah or maybe it's not reported in terms of exactly how as a protection for the banks. Difficult to say.

I'm not surprised at all. It is fast becoming the standard to use common operating systems such as Linux or Windows CE on board complex devices such as cameras and media centers. It's likely this is what is used for many bank machines, slot machines, voting kiosks, etc. This means that the hacker already knows the operating system, layout, and programing language inside and out. It also means that the platform will have standard interfaces like USB, or UART ports. Only a few common script lines need to be changed.

With the proliferation of inexpensive plug and play control platforms such as the Raspberry Pi, designers are fast moving away from expensive, designed in house control platforms making hacking inevitable. It reminds me of an incident recently where someone found out that FLIR (the company that makes the worlds best thermal imagers) was using a Linux based system on their latest consumer model and limiting the lower end version through software. Now everybody is buying it and hacking it so that it does what the one costing eight times more is capable of, even adding bonus capabilities not included in the high end version.

Machine full of money and no cams around it?

Banks must be filthy rich!

Yeah, I thought ATM's had built in cameras. They have cameras everywhere now, and not in the ATM?

reply to post by pandersway


This is such a good idea for easy money! I also saw people can do a trick at the gas pumps, they pry into the machine and disable something that measures how much gas is flowing out, then use a gift card so it is untraceable, and as long as they dont hang up the pump they can get out as much as they want. The thing with that is, and the ATMs, cameras everywhere, or someone as a witness.

BTW I don't condone any of the actions above, but criminals are getting smarter, and at least they aren't mugging.

reply to post by dainoyfb


Very enlightening!