Slashdot Mirror
Why ATM Bombs May Be Coming Soon To the United States
HughPickens.com writes Nick Summers has an interesting article at Bloomberg about the epidemic of 90 ATM bombings that has hit Britain since 2013. ATM machines are vulnerable because the strongbox inside an ATM has two essential holes: a small slot in front that spits out bills to customers and a big door in back through which employees load reams of cash in large cassettes. "Criminals have learned to see this simple enclosure as a physics problem," writes Summers. "Gas is pumped in, and when it's detonated, the weakest part—the large hinged door—is forced open. After an ATM blast, thieves force their way into the bank itself, where the now gaping rear of the cash machine is either exposed in the lobby or inside a trivially secured room. Set off with skill, the shock wave leaves the money neatly stacked, sometimes with a whiff of the distinctive acetylene odor of garlic." The rise in gas attacks has created a market opportunity for the companies that construct ATM components. Several manufacturers now make various anti-gas-attack modules: Some absorb shock waves, some detect gas and render it harmless, and some emit sound, fog, or dye to discourage thieves in the act.
As far as anyone knows, there has never been a gas attack on an American ATM. The leading theory points to the country's primitive ATM cards. Along with Mongolia, Papua New Guinea, and not many other countries, the U.S. doesn't require its plastic to contain an encryption chip, so stealing cards remains an effective, nonviolent way to get at the cash in an ATM. Encryption chip requirements are coming to the U.S. later this year, though. And given the gas raid's many advantages, it may be only a matter of time until the back of an American ATM comes rocketing off.
As far as anyone knows, there has never been a gas attack on an American ATM. The leading theory points to the country's primitive ATM cards. Along with Mongolia, Papua New Guinea, and not many other countries, the U.S. doesn't require its plastic to contain an encryption chip, so stealing cards remains an effective, nonviolent way to get at the cash in an ATM. Encryption chip requirements are coming to the U.S. later this year, though. And given the gas raid's many advantages, it may be only a matter of time until the back of an American ATM comes rocketing off.
How about you don't seal the back of the ATM but instead put vents on it and a blower continuously pushing fresh air in? If they thieves try to pump it full of explosive gas, it would blow back out.
Here in Brazil, more than a few thousand ATMs were exploded in the last years. Using ordinary explosives, and in many cases, demolishing the entire building in the process.
Many times, it destroys the money completely in the process, but as it seems, usually enough remains that the practice continues. No need to be refined, using gas or thinking about the physics. The thieves sometimes hijack trucks and buses to close off the streets for a few minutes while others set up and detonate the ATMs. The police rarely has time to come to the scene and jail them. Also, sometimes, the police itself is involved.
The most effective measure taken to discourage the practice was to pack bags of dyes inside the ATM cassetes, so that the money is stained and rendered unusable. If you try to deposit stained money, it'll be confiscated on the spot.
In the last months, security measures got better in the larger cities, and the thieves moved to exploding the ATMs in smaller cities, or more remote locations in the suburbs.
Not requiring an "encryption chip" itself shouldn't be something we're proud of. It should be a fact that drives the point home that the USA is almost always a little behind other countries though you'd be hard pressed to find an ordinary American who believes we're indeed a little behind.
Riding the NY subway system just last week drove the point home when I witnessed rail cars those in South Africa may think are from the 50s, and wouldn't associate with a "first world" country.
*Automatic* ATM Machines.
Why, when the funny version is available on YouTube?
A local one from the other week: https://www.youtube.com/watch?v=SVEkK_ZhKQo
The local intelligentsia have been doing this on and off since at least 2008:
http://www.smh.com.au/news/national/now-theyre-robbing-with-gas-atms-blown-up/2008/11/18/1226770451062.html
What part of "a well regulated militia" do you not understand?
In Germany a lot of small suburb banks require you to use your ATM card to open the lobby door after hours. At least that was my experience a few years ago. This doesn't prevent someone from using a stolen card to gain access to the bank lobby, but it forces the criminals to enter into a lighted and monitored building before they can engage in any shenanigans.
The mythbusters need to test this now!
Jamie Wants a Big Boom.
(Heard off-camera after some tests had been performed to see how noteworthy an ATM segment would be)
Where's the kaboom? There was supposed to be an earth-shattering kaboom!
I am Slashdot. Are you Slashdot as well?
It's the cost of being first adopters. It's easier to build modern infrastructure when you have no infrastructure to begin with. We've got legacy systems for everything: finance, IT, cable, phone, nuclear, etc., etc. The next people in line implement the next generation using lessons learned from the implementations before them.
They won't until there's a TV show or movie to tie it in to.
Yeah, sadly, that's pretty much all they do now. I'm pretty sure this was something the Discovery execs forced on them (along with shitcanning the junior mythbusters). Mythbusters is one of the few shows still left on that channel where hillbillies don't fake a bunch of drama while fishing, goldmining, or moonshining. Once Discovery finally strips it of everything that made it great and drives it off the air, the execs will have another free camera crew to send to Alaska with instructions to "try to make it look real" as they stage faux redneck drama.
SJW's don't eliminate discrimination. They just expropriate it for themselves.
Not requiring an "encryption chip" itself shouldn't be something we're proud of
The funny thing is that last year I my latest Amex card came with a chip, and so far the only place that I have actually used it is at Walmart of all places.
And when I did use it, the attendant came running over and tried to convince me that I needed to swipe the card rather than poke into the chip-reading hole - even though when I first swiped it, the POS terminal recognized that I had a chipped card and told me that I needed to poke the card into the chip-reading hole.
I am Slashdot. Are you Slashdot as well?
There are a load of solutions that will work with new ATMs, a number of them already mentioned. What is needed is a cheap retro-fit, without modifying the strong box. Many banks don't upgrade this expensive component for years. I think the most promising ideas are ones that ink the money - but they have to get well in to the whole stack. A thin red edge that could be trimmed won't be good enough.
Retrofitting machines to ink the money shouldn't be an issue at all. It would be simple to make small fragile glass packs of various
sizes filled with ink. Then you should be able to apply them with double sided tape anywhere and everywhere inside the machine
there is a void. If you wanted to go one step further you could fill some of the glass packs with different chemicals that when
combined produced combustion and incinerated the bills further. That should be enough to retrofit existing machines assuming
they have any amount of voids. This would also prevent stealing the ATM machine as the glass packs would break if someone
tried to yank the atm with a chain, etc...
Probably the most important part though is putting a sticker on the front that says that you use ink packs so that people know
or assume that even if they are crazy enough to try to blow up an atm that they probably won't get anything.
No, no it's not. Europe too had legacy finance systems. We overhauled them - making us first adopters. The difference is not that you were first adopters (you weren't), it's that we actually spent some money to improve things.
Uh, yeah. Of the 6400 cars in the NYC subway, more than 4300 were built in the last 15 years. Only 1400 are more than 30 years old, only 300 more than 40 years old, and none more than 50 years old.
Here in the Netherlands a complete system for magstripe debit and credit card reading was in place. It worked for years.
However, with the upswing in magstripe data thefts the banks have switched to chip. Next step is to disable magstripe payments by default unless the customer requests it.
Well, I might have a way, but it only works on a semi spherical planet in a vacuum.
What makes you think that ATMs in europe aren't embedded in a small concrete building?
Note - that small concrete building usually has a door in the back of it so that a guy can come along, open it, and then fill up the ATM with cash. That again, is the weak point that the explosion will blow out.
Since the losses due to card fraud are almost entirely borne by the banks, I have to assume it is more cost effective to take the losses than to chip all of the cards.
I'm not sure what you mean regarding the NYC subway - those trains aren't very old. There are some older (1960s-era Budd cars) trains still used on the C line, but they were redone in the late 80s. The J and Z lines have some cars from the early 70s - but again, these were overhauled in the late 80s. Other than that, the oldest cars are from the late 70s - certainly nothing wooden from the 50s. The vast majority of the rolling stock was built by Bombardier, Kawasaki, or perhaps Westinghouse for some of the older 80s trains.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
We also have a (general, not universal) willingness to let the market squabble it out for an extended period of time, rather than give a good hard shove in the direction of some implementation. This tendency may be abetted by the fact that early adoption creates incumbents who have a vested interest in stalling as long as possible to milk their legacy investments and first-mover advantage, as in our wonderful market for ISPs.
With the payment card industry, you have a lot of people(all clambering to grab as much of the cut for themselves as they can, and shove as much of the risk onto others as they can) with competing agendas and a desire to have their pet proprietary system gain a foothold so they can extract tolls with it(eg. the incidents where some retailers with functioning NFC POS systems were deliberately disabling them because Apple Pay was a competitor to their 'CurrenC' system, and the ongoing spat between Google and the carrier-backed payment scheme formerly known as ISIS before that became a toxic brand). Nobody actually believes that "USA IS #1!!! Mag stripes RULE!"; but between everyone wanting to control the customer data and processing fees and banks, merchants, and payment processors fighting over risk allocation, it's a bit of a clusterfuck.
Compare to say, the DoD's CAC rollout: CACs still aren't what you'd call a joy to configure(especially on OSX, or in Citrix environments, or other oddball use cases); but the DoD decided that it wanted everyone using smartcards for cryptographic authentication, said that that was how it was going to be, and it was so (relatively) quickly and smoothly.
Opinions vary on how often we dodge a bullet, or get the benefit of something new and innovative, thanks to there being no mandate in place vs. how often we suffer pointless bullshit for an agonizingly long period of time(eg. the less-than-totally-compatible US cellular market); but the fact that we tend not to mandate an end to such fights all that often, or all that quickly, is simply a fact. Even when we do mandate something, it's often a de-facto 'national' mandate created because California, or another large state, demands something and it's cheaper to sell California-spec everywhere than it is to have two SKUs.
It's the same in the UK, except chip and pin is the default and has been for around eight? ten? years already. I don't know if the magstripe is really used anymore either.
It's quaint seeing a foreigner (American) try to pay for goods with a card, and have to go through special procedures for the signature style payment.
Never mind the antiquated banking system, lack of metric or the crippling health-care system - explain why pennies are still in circulation in the US!
There is a fundamental conservatism in the US that makes it exceptionally difficult to change anything at the national level.
It is something of a paradox, since at the local level, Americans are so adaptable and innovative.
I would have thought that drilling some holes into the back, top or underside of the ATM would fix the problem. The ATM might need some steel plates on the inside of the holes to stop people poking wires through into the machine itself but it shouldn't be rocket science to solve. The underside would be better on the basis that these ATMs are likely to be heavy and fixed to the floor with bolts so the underside would be less accessible.
I am reminded of an article I read a few years ago about some anniversary of the invention of the ATM. The American credited with inventing it, explaining how he did it, said he'd seen one in London, and so came home and invented it.
If you bomb an ATM, you go to prison, not Gitmo. Gitmo is for getting around that pesky Sixth Amendment thing, not for actual criminals.
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
Cuz it is not sexy when a stripper gets and eye taken out by a handful of dollar coins tossed at her.
"Anyone who is capable of getting themselves made President should on no account be allowed to do the job."-THG
Yeah, they're still using designs from the 50s. The cars are still made of wood and have ceiling fans (oops, they are stainless steel/fiberglass and have A/C).
The cars currently being made (R188) were designed in 2011. Previous generation (R160) was designed in 2005. Prior to that was the R143 (2010) and the R142 (1999).