December 31, 2013
UK Hackers Raid ATMs With USB Sticks, Add Money-Making Malware
Peter Suciu for redOrbit.com - Your Universe Online
Cybercriminals in Europe are reportedly targeting cash machines using USB drives. The thieves cut holes in the fascia to access a USB port and then uploaded malware to the machines. This allowed the thieves to essentially empty the cash machine at their convenience.
These attacks, which actually occurred last summer, were disclosed at this week’s annual Chaos Computing Congress in Hamburg and reported by several European news outlets, including The Telegraph and the BBC. The bank that owned the ATMs noted that thieves managed to empty the machines without physically breaking into the safes.
The banks then increased the surveillance and discovered that the criminals were in fact vandalizing the machines and using USB thumb drives to deliver the malicious code. The banks hadn’t noticed as the thieves themselves patched up the holes they were making. This allowed the same machines to be targeted several times before the hack was discovered.
The thieves reportedly activated the malware by typing in a special 12-digit code that launched an interface that gave control of the ATM.
The BBC reported that the software was analyzed and that it provided the amount of money the ATM held in each denomination. This apparently allowed the attackers to focus on the highest value notes as a way to minimize the amount of time they spent at the machine.
The unnamed researchers – who asked that their identities not be disclosed – also found that the apparent thieves did not trust one another. In addition to utilizing the 12-digit code, a second code – a so-called fail-safe – was also required. This was likely to prevent individual members of the gang from going off and stealing money on their own. This second code constantly changed and the correct response could only be determined by phoning another member of the group.
If this second fail-safe code was not entered then the machine would return to its normal operating state after about three minutes.
The BBC also reported that the researchers believe the group to have “profound knowledge of the target ATMs” and likely had gone to great lengths to make their malware code hard to analyze.
This is not the first time that a hacker or group of cyber thieves have developed software to take control of an ATM. In 2010 it was reported that a hacker had developed software that utilizes a security flaw to force an ATM’s computer to spew free cash.
Instead of using it to fund an illicit shopping spree Barnaby Jack, director of security research for IOActive Inc., showed off his technique at the 2010 Black Hat conference. Jack died earlier this year at his home in California.
While Jack’s methods were high-tech, the BBC reported that blunt force methods have also been used in the UK to get at the cash in the ATM. Last year six men were charged with conspiracy to cause explosions while raiding cash machines across the country.
The six men – aged 27 to 39 – were charged in incidents involving ATMs in the North West, Midlands, Leicestershire and Oxfordshire.