A recent presentation at the hacker-themed Chaos Computing Congress in Hamburg, Germany has detailed how several cash machines were infected with software that allowed thieves to withdraw the cash multiple times before being discovered. The machines were vandalised to allow the insertion of a USB flash drive to the underlying computer, the drive then installed software on the system that runs the cash machine, and the hole was patched up so that it wasn’t obvious that the machine had been compromised.
The thieves were then able to return to the machine at any time and enter a 12 digit code, this brought up a special interface that they had installed which listed the total number of each note, then allowing them to extract the most amount of money in the shortest amount of time.
The intrusion was discovered in July after the lender involved noticed that several machines were being emptied, but that their safes were unharmed. Surveillance was increased and the banks discovered the sneaky tactics that were being used. Interestingly the thieves setup a system to prevent them betraying each other (return to the machine alone). This involved a second prompt that required the user to phone another member of their gang, who would give them the decrypt code based on the numbers displayed on the cash machine.
Despite their efforts, extensive knowledge of the ATM hardware and software, and the great lengths they went to to disguise the hardware intrusion, they still named the file they installed on the system “hack.bat”, which obviously stood out from the usual file names.
Thank you BBC for providing us with this information.
