USB drives now being used to steal money from ATMs

Shawn Knight

Shawn Knight

Posts: 15,294   +192
Staff member

usb drives atms atm hacking flash drive usb drive

A team of anonymous hackers at the Chaos Communication Congress have demonstrated a new method that hackers are using to steal money from ATMs. As shown in the presentation, thieves are now physically cutting into ATMs to plug in USB drives loaded with code designed to give them full access to the machines.

The hack was first noticed in July, we’re told, when an unnamed European bank’s ATMs were being emptied despite safeguards set in place to prevent theft. Once the hackers infiltrated the system, they patched up the hole in the machine so they could come back and launch the attack multiple times over.

The bank eventually boosted surveillance efforts which is how they discovered the physical attack.

Whenever the criminal types in a 12-digit code, a custom interface is launched that shows how much cash is in the machine, sorted by denomination. Naturally, they also have the option to dispense money at will.

Such software might sound like overkill but it actually gives criminals the option to only withdraw the highest value banknotes as to minimize the time they were exposed. No sense in risking getting caught for $1 bills, right?

There is even a built-in security feature in which a robber had to call another member for a PIN number prior to dispensing money. Researchers believe this feature was used by the code’s mastermind to prevent his team from stealing the code and going rogue.

Those that organized the hack needed to have profound knowledge of ATMs, the researchers said, adding that they went to great lengths to make the code tough to analyze.

Permalink to story.

https://www.techspot.com/news/55172-usb-drives-now-being-used-to-steal-money-from-atms.html

 
Those machines are old enough now. It is not all that surprising that someone hacked into old tech...
 
The thieves punched a hole in the atm, connected a usb device, withdraw as much money as they can, plugged the hole for future re-use.
WOW.

"Whenever the criminal types in a 12-digit code, a custom interface is launched that shows how much cash is in the machine, sorted by denomination. Naturally, they also have the option to dispense money at will."

in the Philippines, the robbers would wait until the owners withdrew money from ATMs or alternatively, rob the owners and make them divulge the PINs.
fortunately, most banks would only allow a maximum withdrawal of 20000 pesos per day (~455$ at 1$ to 44 pesos) when withdrawing from an ATM machine.
 
As long as it isn't money from people's bank accounts I completely support these guys.
 
veLa said:
Hardly, the corporate banking system has been abusing people for years. It's about time they got a taste of their own medicine.
Click to expand...

And you really think that if banks get hurt that won't affect their customers?
 
And you really think that if banks get hurt that won't affect their customers?
Click to expand...
Cash loses aren't hurting banks, Banks are allowed to replace stolen denomination at no cost. What incommode banks is when safes are emptied or employees gunned down, looks bad.
 
Need to go back to the locked in ATM. You would use ATM card to gain access to the room. Then with all video cams recording you. Make your transaction. These open ATM box just makes it to easy for them to get into.
 
I think the last one I saw was on tv when a group of people force open the ATM machine and the guard cant do anything about it.

misor said:
The thieves punched a hole in the atm, connected a usb device, withdraw as much money as they can, plugged the hole for future re-use.
WOW.

"Whenever the criminal types in a 12-digit code, a custom interface is launched that shows how much cash is in the machine, sorted by denomination. Naturally, they also have the option to dispense money at will."

in the Philippines, the robbers would wait until the owners withdrew money from ATMs or alternatively, rob the owners and make them divulge the PINs.
fortunately, most banks would only allow a maximum withdrawal of 20000 pesos per day (~455$ at 1$ to 44 pesos) when withdrawing from an ATM machine.
Click to expand...
 
"No sense in risking getting caught for $1 bills, right?"

ATM in the euro currency zone are packed with euros only. The lowest euro denomination on paper is the 5 euro banknote. ATMs most comminly use 10 euro and 20 euro notes though.

To be honest I have never seen an ATM in Europe dispense US dollars, but then again I haven't been everywhere.
 
misor said:
The thieves punched a hole in the atm, connected a usb device, withdraw as much money as they can, plugged the hole for future re-use.
WOW.

"Whenever the criminal types in a 12-digit code, a custom interface is launched that shows how much cash is in the machine, sorted by denomination. Naturally, they also have the option to dispense money at will."

in the Philippines, the robbers would wait until the owners withdrew money from ATMs or alternatively, rob the owners and make them divulge the PINs.
fortunately, most banks would only allow a maximum withdrawal of 20000 pesos per day (~455$ at 1$ to 44 pesos) when withdrawing from an ATM machine.
Click to expand...

They werent refering to a pin number for bank accounts. The pin number in this case is a pin number the hacking software requires to proceed with the hack. The mastermind behind the software did it deliberately to keep the group from going rogue with the software.
 
jester376 said:
They werent refering to a pin number for bank accounts. The pin number in this case is a pin number the hacking software requires to proceed with the hack. The mastermind behind the software did it deliberately to keep the group from going rogue with the software.
Click to expand...

you misread my reply.

as I said, robbers from the Philippines would rob ATM card holders, make them divulge the ATM card PINs and afterwards, the robbers would withdraw the money from the ATM machine. (as opposed to the robbers in the article who "punched" a hole in the ATM machine, used a usb device, and made the withdrawals)

nowhere did I say anything about PINs for bank accounts nor imply anything about it
 
You must log in or register to reply here.

Similar threads

midian182
Largest bank in Ethiopia hit by IT glitch that allowed customers to withdraw over $40...
Replies
15
Views
242
kiwigraeme
K
D
Man arrested for allegedly trying to steal a Waymo autonomous car
Replies
6
Views
190
Underdog
Underdog
Cal Jeffrey
Bank of Ireland "glitch" caused mad rush to ATMs for "free money"
Replies
15
Views
663
bexwhitt
bexwhitt

Latest posts

Back