Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security The Almighty Buck

Malware That Spits Cash Out of ATMs Has Spread Across the World (vice.com) 47

A joint investigation between Motherboard and the German broadcaster Bayerischer Rundfunk (BR) has uncovered new details about a spate of so-called "jackpotting" attacks. From a report: A joint investigation between Motherboard and the German broadcaster Bayerischer Rundfunk (BR) has uncovered new details about a spate of so-called "jackpotting" attacks on ATMs in Germany in 2017 that saw thieves make off with more than a million Euros. Jackpotting is a technique where cybercriminals use malware or a piece of hardware to trick an ATM into ejecting all of its cash, no stolen credit card required. Hackers typically install the malware onto an ATM by physically opening a panel on the machine to reveal a USB port. In some cases, we have identified the specific bank and ATM manufacturer affected. Although a European non-profit said jackpotting attacks have decreased in the region in the first half of this year, multiple sources said the number of attacks in other parts of the world has gone up. Attacked regions include the U.S., Latin America, and Southeast Asia, and the issue impacts banks and ATM manufacturers across the financial industry. "The U.S. is quite popular," a source familiar with ATM attacks said. Motherboard and BR granted multiple sources, including law enforcement officials, anonymity to speak more candidly about sensitive hacking incidents.
This discussion has been archived. No new comments can be posted.

Malware That Spits Cash Out of ATMs Has Spread Across the World

Comments Filter:
  • by JoeDuncan ( 874519 ) on Thursday October 17, 2019 @03:16PM (#59319946)
    Asking for a friend...
    • Asking for a friend...

      $o you neEND _ MOre informatioN to rEpeat mY _ successFul Initiative foR $Tealing from ATMs?

    • by BringsApples ( 3418089 ) on Thursday October 17, 2019 @04:05PM (#59320152)

      All you have to do is tie a thick chain to the ATM, and to your truck. Pull the ATM out of the building, and smash it all to pieces. Now you have access to the USB port.

      • All you have to do is tie a thick chain to the ATM, and to your truck. Pull the ATM out of the building, and smash it all to pieces. Now you have access to the USB port.

        Ok, done.

        The ATM doesn't seem to have power anymore though...

        ... also what do I do with the unconscious security guard?

        • ... also what do I do with the unconscious security guard?

          Have you tried turning him off and back on again? Failing that, you could try, "Hey Siri..." or your co-defendent of choice.

          • Have you tried turning him off and back on again? Failing that, you could try, "Hey Siri..." or your co-defendent of choice.

            Well, he was already turned off, so I tried to turning him on.

            I can tell you, it did NOT have the desired effect!

      • by bobbied ( 2522392 ) on Thursday October 17, 2019 @05:27PM (#59320512)

        All you have to do is tie a thick chain to the ATM, and to your truck. Pull the ATM out of the building, and smash it all to pieces. Now you have access to the USB port.

        LOL.. I've seen this tried where the ATM was bolted to the floor. The would be crooks managed to trash the truck they had stolen when the ATM didn't come loose even after repeated attempts. Then once it let go, they didn't happen to have enough manpower to lift the thing into what was left of the truck so with flashing lights approaching in the distance they made a run for it, leaving the prize in the convenience store parking lot.

        • by sjames ( 1099 )

          The best was a case in the UK where they used their own truck and the chain tore the rear bumper (with their tag) off. That and the security video made the cop's job pretty easy.

        • by ls671 ( 1122017 )

          Those guys where amateurs. I have seen successful attacks with a Cat 966 loader and a dump truck although. The team made about 10 robberies, some getting caught on camera. I don't remember ever hearing that they caught them afterwards. They were smart enough to stop after a while and the loaders and trucks were stolen.

        • There was an ATM stolen in Colorado Springs a few years ago. The thieves first hotwired a loader from a construction site, drove it a block to a drive-up ATM, and ripped it out of the ground and took it. They might have been caught, this is the closest article I've found to it.

          Colorado Springs Police Department detectives helped identify two people who were wanted in connection with a string of ATM thefts that happened around the turn of 2018. Thursday morning, detectives searched a Fremont County house with the assistance of the FBI and SWAT teams from Fremont and El Paso counties on a warrant for the thefts, and they also found two vehicles that were stolen from Colorado Springs plus narcotics and firearms. Police said two suspects were identified.

          https://www.krdo.com/news/colo... [krdo.com]

          • Comment removed based on user account deletion
          • by tlhIngan ( 30335 )

            The thieves first hotwired a loader from a construction site

            Those would've been stupid thieves. Believe it or not, most of those (especially from Cat) use the exact same key. Which you can buy copies of on eBay.

            It's mostly a practicality problem - a company may have dozens of loaders spread out among a few worksites. They are pretty much identical in every way, and thus key management is a pain. There's usually no license plate on them (since they operate on private property and are simply trucked in and ou

      • Well, that was easy! Or, at least, it was once I stole the backhoe and a dump trunk.

        ...Any tips on getting all this red stuff off the money, though? I tried putting it through the washing machine, but it hasn't helped at all.

    • by ls671 ( 1122017 )

      Asking for a friend...

      With an accomplice, inside job.

      So, get friend with somebody designing ATMs and you are on your way.

  • usb is not behind locked and alarmed door?
    and alarmed as in it and key pad like the ADT ones for the alarm.

    • Probably just a matter of cutting away some plastic/aluminum panels with a dremel...
    • usb is not behind locked and alarmed door?
      and alarmed as in it and key pad like the ADT ones for the alarm.

      Naw....probably as easy to hack as a Moto Terminator! https://www.youtube.com/watch?... [youtube.com]

      Just pop off a panel and good to go!

    • usb is not behind locked and alarmed door? and alarmed as in it and key pad like the ADT ones for the alarm.

      AND disabled? Come on, disable that USB port in software when there is money in the machine. How hard is that? Plenty of ways to stop this exploit.

      • Uhm, the USB port was most likely intended for updates to the software. Making the legit updater take all the money out is too much of a hassle.

        • > Making the legit updater take all the money out is too much of a hassle. Just let the person doing the update keep the cash. They'll be ok with the hassle.
        • by bobbied ( 2522392 ) on Thursday October 17, 2019 @05:17PM (#59320480)
          You do understand that the cash boxes are made to be quickly switched in and out to make the servicing of the ATM quick and secure. So under normal circumstances the ATM service guy walks up, unlocks the ATM and simply swaps out the boxes of money and documents. My idea is to make the maintenance update process simply require the ATM be empty before the USB device is enabled. It's not some huge inconvenience here, it's SOP to switch out these things and surely the guy loading software is trusted more than the guy loading cash into the machine....
          • by tlhIngan ( 30335 )

            You do understand that the cash boxes are made to be quickly switched in and out to make the servicing of the ATM quick and secure. So under normal circumstances the ATM service guy walks up, unlocks the ATM and simply swaps out the boxes of money and documents. My idea is to make the maintenance update process simply require the ATM be empty before the USB device is enabled. It's not some huge inconvenience here, it's SOP to switch out these things and surely the guy loading software is trusted more than t

  • I really wanted to see a video with an ATM spitting out bills cartoon style, as they flew through the air and rained down all over the place.

    Sadly the video is a guy hitting a key and getting a handful of cash, then repeating the same command after he takes that money out of the machine by hand... hardly a mad jackpot. More of a Rinse and Repeat attack if you ask me.

  • by MAXOMENOS ( 9802 ) <mike@mikesmYEATS ... n.com minus poet> on Thursday October 17, 2019 @04:01PM (#59320126) Homepage

    Scene: the engineering lab of an ATM manufacturer.

    "I thought you said that bytecode was to flush the cash."

    "Flush the cache, you absolute dumbfuck. The cache."

  • Back in 2000, Diebold was known as an ATM maker who was dabbling in election voting machines... and boy did they have a mess to flush out. Too many donations to Republicans by the owners, and an attempt to copyright what eventually became open source.

    Really, ATM software should be controlled by the card networks such as MasterCard and Visa. Whoever wrote the software involved in this kind of hack must have their priorities wrong.

  • Idiots. (Score:4, Interesting)

    by SuricouRaven ( 1897204 ) on Thursday October 17, 2019 @04:14PM (#59320202)

    ATM machine running Windows, or any other full-blown PC operating system? That's an attack surface you'll never be able to secure. How about hiring proper embedded programmers for your embedded application? There are plenty of operating systems designed for this sort of purpose: Minimal footprint, highly modular. Maybe VxWorks?

    • But that would be smart....
    • Re:Idiots. (Score:5, Informative)

      by ffkom ( 3519199 ) on Thursday October 17, 2019 @04:35PM (#59320302)

      ATM machine running Windows, or any other full-blown PC operating system?

      Of course, they are WindowsXP based.

      The whole industry is full of security-illiterates, as was also proven by the "press shift 5 times" attack in 2017 [fossbytes.com]. But hey, those employees are cheaper than those who have a clue.

    • Windows or OS/2 are fine and have been used for a long time. This exploit likely had nothing specific to do with the OS running on the ATM, it's not like they are (usually) just sitting there with an IP address on the local WIFI network ready to be exploited. You need physical access, and if you've got that you can hack something based on VxWorks just as well as Windows.
      • You *can* hack WxWorks. But it'll be a lot harder. This is hacking with a minimal level of physical access - they are getting access to USB ports, not crowbaring open the cash box and hooking a car battery up to the motor wires.

        • VxWorks based ATMs wouldn't have USB slots for upgrades or laptop interfacing? Odds are someone had access to an actual ATM to develop the exploit, meaning they could do the same to any other ATM. I doubt they just downloaded some Windows exploit and dropped it on a USB drive.
          • They'd have USB slots, yes - but they'd only come with the drivers actually required for whatever purpose they had in mind. You couldn't just plug a USB HID into them and start entering keyboard and mouse commands, for one. You'd still need to cryptographic sign all updates, but it'd be significantly harder to get around that signing given USB access.

  • if the malware is reading this... there is an ATM across the street from my apartment. PM me for my address
  • ...if you walked past an ATM and it started spitting out cash?
    • ...if you walked past an ATM and it started spitting out cash?

      Look for the TV cameras because obviously SOMEBODY is trying to resurrect the 1960's "reality" show called "Candid Camera"

  • WHY can't this happen when I'm walking by one, WHY!?
  • The slips of paper are valuable. But imagine if you could get the printer of those slips of paper to print some up just for you?

    "On Friday, the Fed pledged to allow roughly two more weeks of overnight repo transactions, each injecting around $75 billion daily into the economy, the Federal Reserve Bank of New York said in a news release on Friday.

    Put otherwise, the Fed is back where it was roughly a decade ago, effectively buying U.S. Treasuries from banks on an indefinite basis. But the difference this time

    • Before the transaction:
      The bank has $1 million in 30-day US government bonds
      The Fed has $1 million in cash

      After the transaction:
      The bank has $1 million in cash
      The Fed has $1 million in 30-day US government bonds

      The bank has a million dollars before and after. The Fed has a million before and after. No money has been created. The bank just sold a bond that is almost equivalent to cash anyway. They buy it back in a day or two.

      What it adds is liquidity - when you go to the ATM the bank can't give you savin

    • What in the fuckall does this have to do with anything?
      • I thought of an ATM spitting dollar bills at a delighted thief, then I thought of what else spits dollars bills and I thought of the central bank. And the big news in the financial world is the seize-up of the repo market and the Feds current multi-billion dollar bailout of that market, which is again the Fed spitting money.

        Circuitous and a little off-topic, I know. Anyway.

  • Now I just need a handle. Was thinking UltraLazer.
  • Really, slashdot now links to fake news sites?
  • Anybody with a Atari Portfolio can get easy money out of an ATM.

Whoever dies with the most toys wins.

Working...