Cybergang Compromises Every ATM In Russian City

← Back to Stories (view on slashdot.org)

Cybergang Compromises Every ATM In Russian City

Posted by timothy on Saturday December 4, 2010 @04:29AM from the equal-opportunity dept.

Orome1 writes "A group of fraudsters has been arrested in Yakutsk and Moscow for allegedly compromising all the ATMs in the city of Yakutsk — population: around 210,000 — in the Republic of Yakutia in the Russian Federation. Three of the men formed the actual criminal group, and the fourth — a Moscow-based malware developer — was 'subcontracted' by them and received 100,000 rubles (some $3200) to develop a custom ATM virus with which they would infect the devices."

56 of 74 comments (clear)

Min score:

Reason:

Sort:

In Russia... by Anonymous Coward · 2010-12-04 04:35 · Score: 2, Funny

ATM's take money from you.
How could it be that easy? by yog · 2010-12-04 04:39 · Score: 3, Funny

The article said one was a sys admin who apparently had access to the ATM's, and another was a former IT director, but still you'd think there'd be some security to prevent some crooked employee from just emptying out an ATM whenever he felt like it.
Scary how easy it was to compromise an entire city like that. I think I'll stop using ATMs for a while and switch back to bank tellers. Then again, humans are pretty easy to infect, too, using this virus called "money" that makes them do diabolical things.
When MacAfee comes out with a human honesty scanner, that'll help a lot.

--
it's = "it is"; its = possessive. E.g., it's flapping its wings.
1. Re:How could it be that easy? by AvitarX · 2010-12-04 05:14 · Score: 4, Informative
  
  but still you'd think there'd be some security to prevent some crooked employee from just emptying out an ATM whenever he felt like it.
  Considering they were caught before they could do anything I would say it's a fair assumption.
  
  --
  Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
2. Re:How could it be that easy? by Luckyo · 2010-12-04 06:16 · Score: 1
  
  The article said one was a sys admin who apparently had access to the ATM's, and another was a former IT director, but still you'd think there'd be some security to prevent some crooked employee from just emptying out an ATM whenever he felt like it.
  There probably is, as they got caught.
3. Re:How could it be that easy? by beakerMeep · 2010-12-04 08:00 · Score: 1
  
  When MacAfee comes out with a human honesty scanner, that'll help a lot.
  I don't wanna know what happens when McAffee forces a reboot...
  
  --
  meep
4. Re:How could it be that easy? by ambrosen · 2010-12-04 08:07 · Score: 1
  
  Yes, you'd hope so, wouldn't you.
  But it's worth reading this article in The Register, one of their best ever: http://www.theregister.co.uk/2005/10/21/phantoms_and_rogues/
  It seems it happened in the UK in the 1990s.
5. Re:How could it be that easy? by tokencode · 2010-12-04 08:31 · Score: 1
  
  If MacAfee ever comes out with a product for humans I'm running as far and as fast as I can. It already helps to eliminate the human "money virus" even without being installed in us.
6. Re:How could it be that easy? by garompeta · 2010-12-04 11:21 · Score: 1
  
  About the human infections: I wonder how you would prevent penetrations in the "backdoor".
Malware guy got ripped off by Anonymous Coward · 2010-12-04 04:48 · Score: 1

They paid him only $3200 to compromise every ATM in a city of 210K people? That doesn't seem like nearly enough.
1. Re:Malware guy got ripped off by asdf7890 · 2010-12-04 07:39 · Score: 1
  
  The worth of earnings are relative. How much is $3200 worth against the cost of living where he is located? It could be a small fortune.
  
  Also the market might not bare a larger fee. There could be a lot of developers capable of doing what he did available and that as much and any other factor has a significant effect on the asking price for a job.
2. Re:Malware guy got ripped off by shutdown+-p+now · 2010-12-05 09:44 · Score: 1
  
  Moscow is insanely expensive compared to practically everywhere else in Russia. Within Moscow, it also gets even more insanely expensive as you get closer to the center. Still, $2k is way too much for a one-room apartment. You can find one right in the center for $1k.
  Now, Yakutsk - that's out in the middle of nowhere, pretty much. I couldn't even find any apartments for rent online. But I'd expect it to be $300 for a 1-room, top.
Cybergangs? by deadhammer · 2010-12-04 04:48 · Score: 3, Insightful

Why aren't they just a "gang"? Is it because this crime has to do with technology and is, therefore, magically different than any other crime? If these guys had robbed all the banks in the city the traditional way, we wouldn't call them a "bankgang" or a "robberygang", would we? If they skimmed money the traditional way (bribes and scams) would we call them a "financegang"?

--
I'll be honest, we're throwing science against the wall to see what sticks. -Cave Johnson
1. Re:Cybergangs? by AvitarX · 2010-12-04 05:11 · Score: 2
  
  No, but they would probably be differentiated, and if they specialized in tech crime it's a shorter word.
  Also we have bank-robbers, not just robbers. This hardly even sounds like a cyber-crime as I've heard them in the past, as it doesn't appear to have taken place using cyber-space (or proximity wouldn't have been a factor).
  I would even say the fact that location was a factor makes it not a cyber-crime (as the media uses the word).
  
  --
  Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
2. Re:Cybergangs? by jovius · 2010-12-04 05:26 · Score: 1
  
  If these guys had been shooting we'd call them BangGang. Nah, Automated Teller Machine Gang should do just fine.
3. Re:Cybergangs? by Securityemo · 2010-12-04 05:57 · Score: 1
  
  http://tvtropes.org/pmwiki/pmwiki.php/Main/RuleOfCool
  
  --
  Emotions! In your brain!
4. Re:Cybergangs? by gr8fulnded · 2010-12-04 06:23 · Score: 1
  
  >If they skimmed money the traditional way (bribes and scams) would we call them a "financegang"?
  No, we'd probably call them "Congressman".
5. Re:Cybergangs? by khchung · 2010-12-04 23:35 · Score: 1
  
  If they skimmed money the traditional way (bribes and scams) would we call them a "financegang"?
  No, we would call them "identity theft" so the customers will suffer the losses and banks won't be responsible at all.
  
  --
  Oliver.
6. Re:Cybergangs? by mapkinase · 2010-12-05 07:42 · Score: 1
  
  The new term is usually used when there is a significant difference in phenomena.
  Gangs control the physical territory, racket business, collect from shady businesses, universally use violence.
  Cybergangs do nothing of that.
  
  --
  I do not believe in karma. "Funny"=-6. Do good and forbid evil. Yours, Oft-Offtopic Flamebaiting Troll.
Dig a sewer to Yakutsk! by FatSean · 2010-12-04 04:49 · Score: 1

Now I'm glad I didn't win that prize from MTVski.

--
Blar.
This needs to happen more often by dingen · 2010-12-04 04:53 · Score: 3, Insightful

Maybe then the world will learn not to run Windows on these kind of devices.

--
Pretty good is actually pretty bad.
1. Re:This needs to happen more often by grasshoppa · 2010-12-04 05:21 · Score: 1
  
  In my experience, it's not windows that's the problem, but the actual ATM software.
  I can almost guarantee that if the developers and put the same skill in to developing a linux variant, we'd see them compromised just as often.
  
  --
  Mod me down with all of your hatred and your journey towards the dark side will be complete!
2. Re:This needs to happen more often by Walter+White · 2010-12-04 05:22 · Score: 5, Insightful
  
  My roots as an MS hater go back to DOS long before Windows. And I disagree with your claim.
  Given access from by the former head of IT, it would be feasible to engineer a compromise for any OS. If they had physical access, anything is possible. Perhaps they even had access to the dev environment which was used to program the machines.
3. Re:This needs to happen more often by morgan_greywolf · 2010-12-04 05:23 · Score: 2
  
  I actually agree with this. A few years ago, I was shocked to learn that new ATMs were being installed with Windows XP. The ATM at a local gas station I frequent -- I think it's some sort of Diebold model -- actually has a more-or-less stock Windows XP, complete with Solitaire and Minesweeper! I couldn't make this stuff up if I wanted to. WTF do you need Solitaire and Minesweeper on an ATM?
  Seems to me they could save lots of money using one of those ARM SoCs and a stripped-down embedded Linux. It'd be tons more secure.
  
  --
  My blog
4. Re:This needs to happen more often by Arker · 2010-12-04 07:35 · Score: 1
  
  Then why do the older OS/2 terminals still seem to be more reliable?
  
  --
  =-=-=-=-=-=-=-=-=-=-=-=-=-=-
  Friends don't let friends enable ecmascript.
5. Re:This needs to happen more often by grasshoppa · 2010-12-04 08:10 · Score: 1
  
  Again, it's not really the OS; it's the application.
  Although I suppose the argument can be made that the more complex and the more facilities provided by the OS, the more likely developers will abuse them.
  I have supported applications, running on linux, which have made the server act just like a stereotypically windows box.
  Of course, as I understand it, OS/2 is no longer supported. Hence, you aren't allowed to run it in a financial capacity.
  
  --
  Mod me down with all of your hatred and your journey towards the dark side will be complete!
Evident Risk joke by Progman3K · 2010-12-04 05:06 · Score: 3, Funny

about Yakutsk usually being easy to protect

--
I don't know the meaning of the word 'don't' - J
1. Re:Evident Risk joke by PaulMeigh · 2010-12-04 07:09 · Score: 2
  
  Except of course when a large North American army is passing through Kamchatka.
2. Re:Evident Risk joke by DarthVain · 2010-12-06 03:15 · Score: 1
  
  I was waiting for some kind of RISK reference.
Time to go back to OS/2! by Joe+The+Dragon · 2010-12-04 05:15 · Score: 2

Time to go back to OS/2!
1. Re:Time to go back to OS/2! by dingen · 2010-12-04 06:36 · Score: 1
  
  No, not at all. What is a general purpose desktop operating system for PC's doing on a single purpose device such as an ATM in the first place?
  
  --
  Pretty good is actually pretty bad.
Another Paypal Story by retech · 2010-12-04 05:23 · Score: 1

For a moment I thought this was a second story in a row about Paypal being complete corporate douche bags.
Re:The ATM's should have been using HOSTS files by TheRaven64 · 2010-12-04 05:28 · Score: 1

Nice troll, but next time, remember that apk always signs his semi-literate ramblings about the benefits of hosts files with apk, not APK.

--
I am TheRaven on Soylent News
$3200????????? by Ryanrule · 2010-12-04 05:42 · Score: 4, Informative

fuckin software guys are underpaid everywhere
1. Re:$3200????????? by Anonymous Coward · 2010-12-04 07:40 · Score: 1
  
  Dunno, seems to me like quite a lot to pay to fuck a software guy.
In Russian Republic of Yakutia . . . . by Latent+Heat · 2010-12-04 05:57 · Score: 1

. . . ATM defrauds you!
Use Russian ATMs? Really? by Frosty+Piss · 2010-12-04 06:16 · Score: 1

Here's the thing, though... WHO in their right mind would use an ATM is Russia anyway? Good grief, I'd be surprised if they were *NOT* compromised.

If I were to visit Russia, I think I would opt for in-bank transactions and cash-only, *OR* a special limited balance account set up SPECIFICALLY for that trip, to be shit-canned upon return home.

--
If you want news from today, you have to come back tomorrow.
1. Re:Use Russian ATMs? Really? by Phroggy · 2010-12-04 06:48 · Score: 2
  
  Here's the thing, though... WHO in their right mind would use an ATM is Russia anyway? Good grief, I'd be surprised if they were *NOT* compromised.
  If I were to visit Russia, I think I would opt for in-bank transactions and cash-only, *OR* a special limited balance account set up SPECIFICALLY for that trip, to be shit-canned upon return home.
  OK, but what if you actually LIVED in Russia and weren't just visiting?
  
  --
  $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
  $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
2. Re:Use Russian ATMs? Really? by Frosty+Piss · 2010-12-04 06:54 · Score: 1
  
  OK, but what if you actually LIVED in Russia and weren't just visiting?
  The same conditions apply. Cash only. I would not use a service that was guaranteed to steal all my money. Why would I, *ESPECIALLY* if I was a local?
  
  --
  If you want news from today, you have to come back tomorrow.
3. Re:Use Russian ATMs? Really? by CRCulver · 2010-12-04 07:44 · Score: 5, Informative
  
  I've used ATMs all over the Soviet Union, from the metropolises like Moscow and Almaty to provincial capitals hit hard by job loss and economic migration away. I've never experienced theft of my bank card details. The crime carried out in Yakutsk is not a widespread problem in Russia. To be honest, I'd be more worried using my card in the US when stories keep coming out like those gas pumps that had been tampered with, though again that's probably the media just blowing it out of proportion.
4. Re:Use Russian ATMs? Really? by Freultwah · 2010-12-04 11:29 · Score: 1
  
  Newsflash: the Soviet Union ceased to exist in 26 December 1991 and there were no ATMs to be found anywhere in the region back then.
5. Re:Use Russian ATMs? Really? by Sectrish · 2010-12-04 11:44 · Score: 2
  
  He probably just forgot to type the word "former" by accident, as he also mentioned Almaty, which afaik is a city in Kazakhstan (part of the former Sovient Union).
6. Re:Use Russian ATMs? Really? by drolli · 2010-12-04 17:14 · Score: 1
  
  I had no problems with that.
  I didn't use the ATMs in university entrance halls, small shopping malls etc, but the ones in banks or very public places; i obviously did not use a credit card in small shops. The likeliness something bad will happen to you (e.g. Policemen doubting your registration and getting you stuck for several hours unless you pay up their "fee") by making yourself recognizable as a foreigner who uses some strange paths outweighs the possible loss (BTW: i always limit my cards to a reasonable amount - even in countries which believe they are more civilized.)
7. Re:Use Russian ATMs? Really? by Jade_Wayfarer · 2010-12-05 00:40 · Score: 2
  
  Speaking as local, I'm really surprised to read this comment. For more than three years of using credit card I've never experienced any problems with it. None of my friends did too. And not only in Moscow, but in several other cities too. I do trust my bank and it's security measures, and all cases of credit card info theft I know of happened in US or Europe.
  
  Now, for example, one thing I am scared of is US airport security. And how would it look if I'd said something like that: "It's a service guaranteed to humiliate you in every possible way. Why would I use it, *ESPECIALLY* if I was local?"
  
  --
  Absence of proof != proof of absence.
8. Re:Use Russian ATMs? Really? by EnglishDude · 2010-12-05 05:07 · Score: 1
  
  I wouldn't call $1,600,000 "out of proportion"
  http://www.theregister.co.uk/2006/05/08/shell_suspends_chippin/
9. Re:Use Russian ATMs? Really? by shutdown+-p+now · 2010-12-05 09:47 · Score: 1
  
  You'd be forced to use it, pretty much, because most organizations these days pay their employees by transferring the money into their bank accounts. Quite often you don't even get the choice of the bank where that account will be - they'll just open one for you and give you the bank card.
We have a similar gang of fraudsters in US by Ada_Rules · 2010-12-04 06:27 · Score: 3, Interesting

They've got ATMs all over the place. They run this Ponzi scheme where people give them money and then they loan out almost all of it to other people. Eventually this money gets re-deposited and again they loan out almost all of it. This cycle continues until the total amount of money that they own to depositors is substantially larger than the actual money they can ever get their hands on. They try to re-coup this by charging crazy fees on their ATMs and monthly fees for getting to play in the scheme but in the end like all Ponzi schemes, this one crashed.
So get this, then, they have these other dudes with guns who force people to pay them money so that it can be funneled back into the Ponzi scheme to keep it going.
On second thought, what we have here is far worse than in Russia. Damn Bank of America.

--
--- Liberty in our Lifetime
1. Re:We have a similar gang of fraudsters in US by guyminuslife · 2010-12-04 09:39 · Score: 1
  
  Oh, give it a rest.
  
  --
  I don't believe in time. It's a grand conspiracy designed to sell watches.
2. Re:We have a similar gang of fraudsters in US by Sarten-X · 2010-12-04 17:45 · Score: 1
  
  Except that the loans eventually get paid back. Those that don't are made up in other loans' fees and interest. If all loans were paid back at once, there'd be exactly the same amount of value (cash & investments, adjusted for inflation) on hand to pay out to depositors as they deposited in the first place, more or less.
  Economics is mostly a lot of connected zero-sum games. For every loan, a person gets an equal amount of cash and debt. The fact that there's a way to increase the magnitude of the numbers involved does not change their sum. All accounts eventually add up to zero.
  Those who try to game the system to get more cash end up screwing over others by producing extra debt, in the form of higher interest rates and more fees. This is why several banks worldwide collapsed recently: Too many risky loans defaulted, leaving the banks without enough cash. The money didn't just disappear. It had gone to many different places, like the manufacturer of the big-screen TV in the foreclosed home. The cash went to other people, but the banks were left with the debt. The fees and interest rates weren't high enough to gather the necessary cash, so the banks failed their commitments.
  Sure, it's a big shock to see that banks can seemingly produce cash at will, but they're also producing an equal amount of debt. A Ponzi scheme is only one-way, with no intent of ever returning the money that was deposited. It exists purely to push money toward the top of the pyramid, and thus is not a zero-sum game in itself. It is not a fair commercial exchange. It is theft. Fractional banking is fair, so long as the majority of the people involved pay back their debts.
  
  --
  You do not have a moral or legal right to do absolutely anything you want.
Be evil. by sirrunsalot · 2010-12-04 07:10 · Score: 1

Who the hell wakes up in the morning, looks in the mirror, and says, "I'm going to be evil today"? Of course these hackers aren't as evil as Nobel Laureate Liu Xiaobo, but I just don't think I'd want to go on living if I ever found myself robbing ATM's or sending billions of spam emails.
Cybergang... by orphiuchus · 2010-12-04 07:26 · Score: 1

You know, if you'd asked people in the 1980s what they expect "Cybergangs" in 2010 to be, I bet they would guess something way cooler.
Cybernetic implants, of course by HalAtWork · 2010-12-04 07:48 · Score: 1

These people actually have cybernetic implants, making them cybogs, hence the "cyber" prefix. Gangs are traditionally are very discriminatory, so each member of the gang is a cyborg, making them a "cyber-gang". Each member of the cyber-gang can hold up to 80 gigabytes in their brains, which is what they used to store the payload which remained undetected by norms.

--
Twinstiq, game news
Bankstas! :D by antdude · 2010-12-04 07:50 · Score: 1

See this Sinfest comic strip. :)

--
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
I can fit more then 80g in my pocket but in Russia by Joe+The+Dragon · 2010-12-04 09:16 · Score: 1

I can fit more then 80g in my pocket but in Russia you need a brain to fit that much?
Massive Crime by Eadwacer · 2010-12-04 10:38 · Score: 1

Hundreds of rubles stolen from residents
Practice by the+eric+conspiracy · 2010-12-04 10:50 · Score: 1

For the upcoming World Cup in Russia.
Cybergang? by dr.+chuck+bunsen · 2010-12-04 11:41 · Score: 1

want to be in a 'Cybergang'! That sounds fucking awesome...