Metel Hackers Roll Back ATM Transactions, Steal Millions (threatpost.com)

← Back to Stories (view on slashdot.org)

Metel Hackers Roll Back ATM Transactions, Steal Millions (threatpost.com)

Posted by timothy on Monday February 8, 2016 @05:48AM from the not-metal-mettle-meddle-or-medal dept.

msm1267 writes: Researchers from Kaspersky Lab's Global Research & Analysis Team today unveiled details on two new criminal operations that have borrowed heavily from targeted nation-state attacks, and also shared an update on a resurgent Carbanak gang, which last year, it was reported, had allegedly stolen upwards of $1 billion from more than 100 financial companies. The heaviest hitter among the newly discovered gangs is an ongoing campaign, mostly confined to Russia, known as Metel. This gang targets machines that have access to money transactions, such as call center and support machines, and once they are compromised, the attackers use that access to automate the rollback of ATM transactions. As the attackers empty ATM after ATM—Metel was found inside 30 organizations—the balances on the stolen accounts remained untouched.

5 of 73 comments (clear)

Min score:

Reason:

Sort:

Where's the link? by n0creativity · 2016-02-08 05:55 · Score: 5, Informative

I'm on the mobile site, as I usually am, reading /. on my phone while having a cig (no judgments please). I can't, for the life of me, find the link to RTFA when it's not included in the summary text! What am I missing?!?!
1. Re:Where's the link? by Anonymous Coward · 2016-02-08 06:05 · Score: 1, Informative
  
  https://threatpost.com/spree-of-bank-robberies-show-cybercriminals-borrowing-from-apt-attacks/116173/
  For me in the article header is a clickable link next to the headline "Metel Hackers Roll Back ATM Transactions, Steal Millions ": (threatpost.com)
  If you could heist that many millions you could retire right there and be set. If they're stealing a billion then what do you use that for? That's more like nationstate or mega corp level money and influence.
2. Re:Where's the link? by PPH · 2016-02-08 06:08 · Score: 4, Informative
  
  Link.
  Please, no applause. Just throw money.
  
  --
  Have gnu, will travel.
Re:Roll-back as in play-back? by rhazz · 2016-02-08 06:11 · Score: 5, Informative

No they really mean roll-back, as in a transaction.

1. Get access to PC which has access to banking transactions.
2. Install malware on PC which automatically rolls back ATM transactions with a particular signature (probably matching some stolen or duplicated bank card)
3. Go to an ATM and simply withdraw $500 over and over until the ATM runs out of money.

The ATM allows it because due to the rollbacks the balance of the account hasn't gone down.
Re:Roll-back as in play-back? by Anonymous Coward · 2016-02-08 06:17 · Score: 2, Informative

“With the automated rollback the money was instantly returned to the account, when the cash has already been dispensed from the ATM. The group worked exclusive at nights, emptying ATM cassettes at several locations.”
They'd withdraw the money, and then roll-back the transaction, so that it looks like no transaction actually occurred, at least when looking at the logs.