Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why ATM Bombs May Be Coming Soon To the United States

Posted by samzenpus on from the almost-worth-the-troub;e dept.

HughPickens.com writes Nick Summers has an interesting article at Bloomberg about the epidemic of 90 ATM bombings that has hit Britain since 2013. ATM machines are vulnerable because the strongbox inside an ATM has two essential holes: a small slot in front that spits out bills to customers and a big door in back through which employees load reams of cash in large cassettes. "Criminals have learned to see this simple enclosure as a physics problem," writes Summers. "Gas is pumped in, and when it's detonated, the weakest part—the large hinged door—is forced open. After an ATM blast, thieves force their way into the bank itself, where the now gaping rear of the cash machine is either exposed in the lobby or inside a trivially secured room. Set off with skill, the shock wave leaves the money neatly stacked, sometimes with a whiff of the distinctive acetylene odor of garlic." The rise in gas attacks has created a market opportunity for the companies that construct ATM components. Several manufacturers now make various anti-gas-attack modules: Some absorb shock waves, some detect gas and render it harmless, and some emit sound, fog, or dye to discourage thieves in the act.

As far as anyone knows, there has never been a gas attack on an American ATM. The leading theory points to the country's primitive ATM cards. Along with Mongolia, Papua New Guinea, and not many other countries, the U.S. doesn't require its plastic to contain an encryption chip, so stealing cards remains an effective, nonviolent way to get at the cash in an ATM. Encryption chip requirements are coming to the U.S. later this year, though. And given the gas raid's many advantages, it may be only a matter of time until the back of an American ATM comes rocketing off.

20 of 378 comments (clear)

  1. Positive pressure? by __aaltlg1547 · · Score: 5, Insightful

    How about you don't seal the back of the ATM but instead put vents on it and a blower continuously pushing fresh air in? If they thieves try to pump it full of explosive gas, it would blow back out.

    1. Re:Positive pressure? by bickerdyke · · Score: 3, Insightful

      Several manufacturers now make various anti-gas-attack modules: Some absorb shock waves, some detect gas and render it harmless,

      Well, somehow I don't think those manufacturers haven't tried your idea yet. It's not about preventing this kind of attack would be particularly difficult - it just hasn't been neccessary so far.

      --
      bickerdyke
    2. Re:Positive pressure? by BitZtream · · Score: 4, Insightful

      That would be negative pressure, since you're sucking air out.

      Also, related to the summary (not your comment):

      The leading theory points to the country's primitive ATM cards. Along with Mongolia, Papua New Guinea, and not many other countries, the U.S. doesn't require its plastic to contain an encryption chip, so stealing cards remains an effective, nonviolent way to get at the cash in an ATM.

      The theory is flat out wrong. If you still the ATM card, you have the encryption chip. So adding a chip to the card doesn't change this.

      The encryption chip prevents CLONING the card, and has absolutely no effect what so ever on stealing the card. In fact, with the encryption chip, you must steal it to use it rather than whats done currently which is just cloning the card without the owner knowing.

      Way to totally misunderstand the problem guys.

      --
      Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
    3. Re:Positive pressure? by Anonymous Coward · · Score: 1, Insightful

      Better yet, install a gas detector rigged up to a gun mounted in the ATM so that it kills the thieves.

    4. Re:Positive pressure? by gweihir · · Score: 3, Insightful

      You really have no clue how these attacks work. If you steal/clone a primitive obsolete card as used in the US, you can clone it cheaply and just try the pin on any number of not-online ATMs until you have it. (Many rural ATMs are not online over the weekend.) Then you clone a few more and go on an ATM tour, and this time they can be online. That does not work at all with chip-based cards.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    5. Re:Positive pressure? by grep+-v+'.*'+* · · Score: 3, Insightful

      Add a large canister of ink in the money box.

      You're going to add a large canister of ink-jet ink over the money box?? MY GOD, that's worth more than the entire owning bank itself!

      --
      If the universe is someone's simulation -- does that mean the stars are just stuck pixels?
  2. If this information is widely disseminated by rmdingler · · Score: 3, Insightful

    (beyond the halls of this honorable posting forum), you can bet your bottom someone will be doing it by the end of the week.

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway

  3. Re:For all of you USA haters out there: by bogaboga · · Score: 4, Insightful

    Not requiring an "encryption chip" itself shouldn't be something we're proud of. It should be a fact that drives the point home that the USA is almost always a little behind other countries though you'd be hard pressed to find an ordinary American who believes we're indeed a little behind.

    Riding the NY subway system just last week drove the point home when I witnessed rail cars those in South Africa may think are from the 50s, and wouldn't associate with a "first world" country.

  4. Re:For all of you USA haters out there: by halivar · · Score: 5, Insightful

    It's the cost of being first adopters. It's easier to build modern infrastructure when you have no infrastructure to begin with. We've got legacy systems for everything: finance, IT, cable, phone, nuclear, etc., etc. The next people in line implement the next generation using lessons learned from the implementations before them.

  5. Re:The mythbusters need to test this now! by NotDrWho · · Score: 4, Insightful

    They won't until there's a TV show or movie to tie it in to.

    Yeah, sadly, that's pretty much all they do now. I'm pretty sure this was something the Discovery execs forced on them (along with shitcanning the junior mythbusters). Mythbusters is one of the few shows still left on that channel where hillbillies don't fake a bunch of drama while fishing, goldmining, or moonshining. Once Discovery finally strips it of everything that made it great and drives it off the air, the execs will have another free camera crew to send to Alaska with instructions to "try to make it look real" as they stage faux redneck drama.

    --
    SJW's don't eliminate discrimination. They just expropriate it for themselves.
  6. Re:For all of you USA haters out there: by beelsebob · · Score: 5, Insightful

    No, no it's not. Europe too had legacy finance systems. We overhauled them - making us first adopters. The difference is not that you were first adopters (you weren't), it's that we actually spent some money to improve things.

  7. Re:Wont work around here... by beelsebob · · Score: 4, Insightful

    What makes you think that ATMs in europe aren't embedded in a small concrete building?

    Note - that small concrete building usually has a door in the back of it so that a guy can come along, open it, and then fill up the ATM with cash. That again, is the weak point that the explosion will blow out.

  8. Re:For all of you USA haters out there: by fuzzyfuzzyfungus · · Score: 4, Insightful

    We also have a (general, not universal) willingness to let the market squabble it out for an extended period of time, rather than give a good hard shove in the direction of some implementation. This tendency may be abetted by the fact that early adoption creates incumbents who have a vested interest in stalling as long as possible to milk their legacy investments and first-mover advantage, as in our wonderful market for ISPs.

    With the payment card industry, you have a lot of people(all clambering to grab as much of the cut for themselves as they can, and shove as much of the risk onto others as they can) with competing agendas and a desire to have their pet proprietary system gain a foothold so they can extract tolls with it(eg. the incidents where some retailers with functioning NFC POS systems were deliberately disabling them because Apple Pay was a competitor to their 'CurrenC' system, and the ongoing spat between Google and the carrier-backed payment scheme formerly known as ISIS before that became a toxic brand). Nobody actually believes that "USA IS #1!!! Mag stripes RULE!"; but between everyone wanting to control the customer data and processing fees and banks, merchants, and payment processors fighting over risk allocation, it's a bit of a clusterfuck.

    Compare to say, the DoD's CAC rollout: CACs still aren't what you'd call a joy to configure(especially on OSX, or in Citrix environments, or other oddball use cases); but the DoD decided that it wanted everyone using smartcards for cryptographic authentication, said that that was how it was going to be, and it was so (relatively) quickly and smoothly.

    Opinions vary on how often we dodge a bullet, or get the benefit of something new and innovative, thanks to there being no mandate in place vs. how often we suffer pointless bullshit for an agonizingly long period of time(eg. the less-than-totally-compatible US cellular market); but the fact that we tend not to mandate an end to such fights all that often, or all that quickly, is simply a fact. Even when we do mandate something, it's often a de-facto 'national' mandate created because California, or another large state, demands something and it's cheaper to sell California-spec everywhere than it is to have two SKUs.

  9. Is this REALLY a hard problem to solve? by DrXym · · Score: 4, Insightful

    I would have thought that drilling some holes into the back, top or underside of the ATM would fix the problem. The ATM might need some steel plates on the inside of the holes to stop people poking wires through into the machine itself but it shouldn't be rocket science to solve. The underside would be better on the basis that these ATMs are likely to be heavy and fixed to the floor with bolts so the underside would be less accessible.

  10. Re:For all of you USA haters out there: by war4peace · · Score: 3, Insightful

    Who cares when were they built? If they're all built last year based on a design from the 50s, it's still the same crap, just shinier.

    --
    ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
  11. Re:For all of you USA haters out there: by ultranova · · Score: 5, Insightful

    Bomb an ATM in America? One way ticket to Gitmo.

    If you bomb an ATM, you go to prison, not Gitmo. Gitmo is for getting around that pesky Sixth Amendment thing, not for actual criminals.

    --

    Forget magic. Any technology distinguishable from divine power is insufficiently advanced.

  12. Re:For all of you USA haters out there: by Anonymous Coward · · Score: 2, Insightful

    No, Chip and PIN only attempts to absolve banks of any liability and to leave the account holder empty handed.

  13. Re:For all of you USA haters out there: by gtall · · Score: 1, Insightful

    Seeing as the Sixth Amendment only applies to American citizens, why would you assume it applies to foreigners?

  14. Re:For all of you USA haters out there: by itzly · · Score: 1, Insightful

    Since when do Americans care about the poor ?

  15. Re:For all of you USA haters out there: by GrumpySteen · · Score: 1, Insightful

    http://en.wikipedia.org/wiki/A...

    The first ATM in the US was installed in 1960. The first ATM in the UK was installed in 1967.

    In other words, you're full of shit.