USB drives now being used to steal money from ATMs

By on December 31, 2013, 3:00 PM
usb, atm, hacking, flash drive, usb drive, atms

A team of anonymous hackers at the Chaos Communication Congress have demonstrated a new method that hackers are using to steal money from ATMs. As shown in the presentation, thieves are now physically cutting into ATMs to plug in USB drives loaded with code designed to give them full access to the machines.

The hack was first noticed in July, we’re told, when an unnamed European bank’s ATMs were being emptied despite safeguards set in place to prevent theft. Once the hackers infiltrated the system, they patched up the hole in the machine so they could come back and launch the attack multiple times over.

The bank eventually boosted surveillance efforts which is how they discovered the physical attack.

Whenever the criminal types in a 12-digit code, a custom interface is launched that shows how much cash is in the machine, sorted by denomination. Naturally, they also have the option to dispense money at will.

Such software might sound like overkill but it actually gives criminals the option to only withdraw the highest value banknotes as to minimize the time they were exposed. No sense in risking getting caught for $1 bills, right?

There is even a built-in security feature in which a robber had to call another member for a PIN number prior to dispensing money. Researchers believe this feature was used by the code’s mastermind to prevent his team from stealing the code and going rogue.

Those that organized the hack needed to have profound knowledge of ATMs, the researchers said, adding that they went to great lengths to make the code tough to analyze.




User Comments: 16

Got something to say? Post a comment
m4a4 m4a4 said:

Those machines are old enough now. It is not all that surprising that someone hacked into old tech...

Guest said:

Not just old... I have seen many ATM machine using Windows XP!

misor misor said:

The thieves punched a hole in the atm, connected a usb device, withdraw as much money as they can, plugged the hole for future re-use.

WOW.

"Whenever the criminal types in a 12-digit code, a custom interface is launched that shows how much cash is in the machine, sorted by denomination. Naturally, they also have the option to dispense money at will."

in the Philippines, the robbers would wait until the owners withdrew money from ATMs or alternatively, rob the owners and make them divulge the PINs.

fortunately, most banks would only allow a maximum withdrawal of 20000 pesos per day (~455$ at 1$ to 44 pesos) when withdrawing from an ATM machine.

veLa veLa said:

As long as it isn't money from people's bank accounts I completely support these guys.

1 person liked this | Nunja Business said:

As long as it isn't money from people's bank accounts I completely support these guys.

That has to be one of the single stupidest statements I have read in months.

veLa veLa said:

That has to be one of the single stupidest statements I have read in months.

Hardly, the corporate banking system has been abusing people for years. It's about time they got a taste of their own medicine.

ET3D, TechSpot Paladin, said:

Hardly, the corporate banking system has been abusing people for years. It's about time they got a taste of their own medicine.

And you really think that if banks get hurt that won't affect their customers?

Guest said:

And you really think that if banks get hurt that won't affect their customers?

Cash loses aren't hurting banks, Banks are allowed to replace stolen denomination at no cost. What incommode banks is when safes are emptied or employees gunned down, looks bad.

1 person liked this | Guest said:

Nice article. European ATM hacked, but not worth getting caught for 1$ bills???

tipstir tipstir, TS Ambassador, said:

Need to go back to the locked in ATM. You would use ATM card to gain access to the room. Then with all video cams recording you. Make your transaction. These open ATM box just makes it to easy for them to get into.

dennis777 dennis777 said:

I think the last one I saw was on tv when a group of people force open the ATM machine and the guard cant do anything about it.

The thieves punched a hole in the atm, connected a usb device, withdraw as much money as they can, plugged the hole for future re-use.

WOW.

"Whenever the criminal types in a 12-digit code, a custom interface is launched that shows how much cash is in the machine, sorted by denomination. Naturally, they also have the option to dispense money at will."

in the Philippines, the robbers would wait until the owners withdrew money from ATMs or alternatively, rob the owners and make them divulge the PINs.

fortunately, most banks would only allow a maximum withdrawal of 20000 pesos per day (~455$ at 1$ to 44 pesos) when withdrawing from an ATM machine.

Guest said:

"No sense in risking getting caught for $1 bills, right?"

ATM in the euro currency zone are packed with euros only. The lowest euro denomination on paper is the 5 euro banknote. ATMs most comminly use 10 euro and 20 euro notes though.

To be honest I have never seen an ATM in Europe dispense US dollars, but then again I haven't been everywhere.

misor misor said:

I think the last one I saw was on tv when a group of people force open the ATM machine and the guard cant do anything about it.

lol, it's like stealing a safe... maybe they are thieves extraordinaire.

Forg0t2 said:

European ATM's can't withdraw 1$ bills since it is Euro's inside the ATM. But okay :P

jester376 said:

The thieves punched a hole in the atm, connected a usb device, withdraw as much money as they can, plugged the hole for future re-use.

WOW.

"Whenever the criminal types in a 12-digit code, a custom interface is launched that shows how much cash is in the machine, sorted by denomination. Naturally, they also have the option to dispense money at will."

in the Philippines, the robbers would wait until the owners withdrew money from ATMs or alternatively, rob the owners and make them divulge the PINs.

fortunately, most banks would only allow a maximum withdrawal of 20000 pesos per day (~455$ at 1$ to 44 pesos) when withdrawing from an ATM machine.

They werent refering to a pin number for bank accounts. The pin number in this case is a pin number the hacking software requires to proceed with the hack. The mastermind behind the software did it deliberately to keep the group from going rogue with the software.

misor misor said:

They werent refering to a pin number for bank accounts. The pin number in this case is a pin number the hacking software requires to proceed with the hack. The mastermind behind the software did it deliberately to keep the group from going rogue with the software.

you misread my reply.

as I said, robbers from the Philippines would rob ATM card holders, make them divulge the ATM card PINs and afterwards, the robbers would withdraw the money from the ATM machine. (as opposed to the robbers in the article who "punched" a hole in the ATM machine, used a usb device, and made the withdrawals)

nowhere did I say anything about PINs for bank accounts nor imply anything about it

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.