Advertisement

Infected USB sticks used to rob ATMs

Researchers detail complicated scheme used to illegally withdraw cash

At the recent hacker-themed Chaos Computing Congress in Hamburg, Germany, researchers gave in-depth details on how cyber-thieves were able to withdraw large amounts of cash from a slew of unnamed European banks’ cash dispensers without ever getting caught.

Their main tool for this operation: infected USB sticks. 

USB drive 

The thieves would first cut holes into the machines in a specific spot, which would allow the USB drives to be plugged in. From there, malware would be transferred over to the machine and once that part of the operation was complete, the hole would be patched back up.

Infecting the ATM in this manner would allow the same machine to be targeted several times over, without any obvious signs of a hack taking place.

But that’s only how they infected the machines. To withdraw the cash, the thieves would have to step up to the machine and enter a 12-digit code which, in turn, would launch a special interface. Analysis of the software installed on four infected machines suggest that when the thief was taken to this screen, they would see the amount of money available in each denomination in the machine, and be presented with a series of menu options to release each kind (e.g. 10 $100 bills, 50 $20 bills, et cetera).

Stream lining it like this allowed the hackers to quickly and easily target the highest value dollar amount, thereby curbing the amount of time they were exposed.

In addition, there were extra precautions taken by the hackers; specifically for the purpose of protecting their highly valuable software. To counter the chance that one of the thieves might take an infected USB drive and go solo with the operation, the crimes’ masterminds built into their malware an extra prompt that would require the thief to enter a second code in response to numbers shown on the ATM’s screen. Entering this extra bit of code would then allow the money to be released.

In order to get the second code, the thief had to call another member of the gang and tell them the numbers being displayed on the screen. If the number they’re reading was correct, the other member would provide the at-the-ATM-thief with the appropriate code for releasing the cash.

If nothing is done, the malware program shuts down after three minutes and the ATM returns to its normal state of operations.

To safeguard against a duo agreeing to do their own side project with one another, the second-party entry codes were constantly updated, and the members of the gangs provided with new passcodes on a regular basis.

The researchers presenting this scheme at the conference noted that the hackers clearly had a deep understanding of how the targeted ATMs operated, and that they went to great lengths to make their malware difficult to analyze.

Story via bbc.co.uk

Advertisement



Learn more about Electronic Products Magazine

Leave a Reply