Metel Hackers Roll Back ATM Transactions, Steal Millions

msm1267 writes: Researchers from Kaspersky Lab's Global Research & Analysis Team today unveiled details on two new criminal operations that have borrowed heavily from targeted nation-state attacks, and also shared an update on a resurgent Carbanak gang, which last year, it was reported, had allegedly stolen upwards of $1 billion from more than 100 financial companies. The heaviest hitter among the newly discovered gangs is an ongoing campaign, mostly confined to Russia, known as Metel. This gang targets machines that have access to money transactions, such as call center and support machines, and once they are compromised, the attackers use that access to automate the rollback of ATM transactions. As the attackers empty ATM after ATM—Metel was found inside 30 organizations—the balances on the stolen accounts remained untouched.

Re:Roll-back as in play-back?

[alphatel]

I read it as they rollback in the database sense, so that the account still has money and they just make repeat withdrawals until the machine is empty.

Exactly correct. With good accounting measures this would be noticed much faster as deficits start to mount. But with criminals hiding in the bank's systems for months, it's easy to plan this during system maintenance or on days when tallies on bankrolls aren't being performed.

A little OT: This reminds me though of how Bank Robbers always shared this mythical celebrity status with a big portion of the population. In the 20's people blamed banks for everything and were happy to see them suffer. In 2016 the banks are still screwing the population over at a much faster rate, yet you never hear of hackers being heroes to any but a select few.