A team of anonymous hackers at the Chaos Communication Congress have demonstrated a new method that hackers are using to steal money from ATMs. As shown in the presentation, thieves are now physically cutting into ATMs to plug in USB drives loaded with code designed to give them full access to the machines.
The hack was first noticed in July, we’re told, when an unnamed European bank’s ATMs were being emptied despite safeguards set in place to prevent theft. Once the hackers infiltrated the system, they patched up the hole in the machine so they could come back and launch the attack multiple times over.
The bank eventually boosted surveillance efforts which is how they discovered the physical attack.
Whenever the criminal types in a 12-digit code, a custom interface is launched that shows how much cash is in the machine, sorted by denomination. Naturally, they also have the option to dispense money at will.
Such software might sound like overkill but it actually gives criminals the option to only withdraw the highest value banknotes as to minimize the time they were exposed. No sense in risking getting caught for $1 bills, right?
There is even a built-in security feature in which a robber had to call another member for a PIN number prior to dispensing money. Researchers believe this feature was used by the code’s mastermind to prevent his team from stealing the code and going rogue.
Those that organized the hack needed to have profound knowledge of ATMs, the researchers said, adding that they went to great lengths to make the code tough to analyze.