ATM Hacks in 'More Than a Dozen' European Countries in 2016 (zdnet.com)

← Back to Stories (view on slashdot.org)

ATM Hacks in 'More Than a Dozen' European Countries in 2016 (zdnet.com)

Posted by msmash on Tuesday November 22, 2016 @05:20AM from the bank-heist dept.

Cybercriminals have hacked ATMs in more than a dozen countries in Europe this year using software that forces the machines to spit out cash, according to Russian cybersecurity firm Group IB. ZDNet adds: This type of attack, known as "jackpotting", is part of hackers' shifting focus from stealing card numbers and online banking details towards a more lucrative method that gives them access to both ATMs and electronic payments. The firm said attacks had successfully compromised banks in Armenia, Belarus, Bulgaria, Estonia, Georgia, Kyrgyzstan, Moldova, Poland, Romania, Russia, Spain, and the United Kingdom, as well as in Malaysia. However, the firm declined to disclose the banks' names. ATM makers Diebold Nixdorf and NCR Corp said that they are aware of the attacks, and have been working with customers to mitigate the threat. Dmitry Volkov, head of intelligence at Group IB said that he expects more heists on ATMs in the future.

22 comments

Min score:

Reason:

Sort:

Sigh by Anonymous Coward · 2016-11-22 05:33 · Score: 0

I'm going to hack my penis into your butthole.
Sigh.
1. Re: Sigh by Anonymous Coward · 2016-11-22 05:33 · Score: 0
  
  ROFL!!
2. Re:Sigh by war4peace · 2016-11-22 05:55 · Score: 1
  
  Not required if the security hole is big enough.
  Although I'd wager any hole size would suffice anyway. Skilled penis hacker, amirite?
  
  --
  ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
Sonic by Big+Hairy+Ian · 2016-11-22 05:34 · Score: 1

It's just evidence that Dr Who's been in town

--
Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.
Hmmmm... Useful by Esteanil · 2016-11-22 05:47 · Score: 2

"software that forces the machines to spit out cash" sounds useful.
Anybody got a copy? :-P

--
I'm a dreamer, the world is my playpen. But hey, I'm a serious person, I can't dream all the time.
1. Re:Hmmmm... Useful by unixisc · 2016-11-22 06:22 · Score: 1
  
  Such software should be libre, and under AGPL
2. Re: Hmmmm... Useful by Anonymous Coward · 2016-11-22 08:09 · Score: 0
  
  Up, up, down, down, left, right, left, right, P1, P2, start.
Doesn't sound so bad to me. by sims+2 · 2016-11-22 05:50 · Score: 1

Not so bad when compared to what they do around here http://5newsonline.com/2016/09...
All the cash in the atm VS The storefront, the displays, the atm and all the cash in the atm.

--
Minimum threshold fixed. Thanks!
1. Re:Doesn't sound so bad to me. by rwiggers · 2016-11-22 22:06 · Score: 1
  
  or here...
  http://g1.globo.com/pernambuco...
I guess, it is a single bank by fubarrr · 2016-11-22 06:00 · Score: 3, Interesting

>banks in Armenia, Belarus, Bulgaria, Estonia, Georgia, Kyrgyzstan, Moldova, Poland, Romania, Russia, Spain, and the United Kingdom, as well as in Malaysia
The only bank with branches in aforesaid countries, with exception of Spain (they run a re-branded outlet after Spain busted Russian mafia there,) is Russian Sberbank; and yes, they had master password leakages many times before.
And I believe that guys who were PWNing them were their own, as nobody except for Russians have mule networks with such size and reach.
1. Re:I guess, it is a single bank by Anonymous Coward · 2016-11-28 04:34 · Score: 0
  
  I suspect that it's not a single bank, but certain makes and/or models of ATM that are affected, possibly only with certain software configuration options or installations where ports (e.g. USB) are somewhat accessible.
Another known trick by fubarrr · 2016-11-22 06:13 · Score: 2

The other known "trick" is to make the ATM hardware to mess up it's cash cassette setup, to make it think than all cassettes have $5 buck notes instead of 100. This requires service password, but no physical access. It is impossible for the serviceman with this password to simply order the ATM to open its protected compartment or spew cash, but things like turning off its internet connection, see its VPN settings, launch internet explorer to a site with exploit (most ATMs are windows XP machines) and etc.
Banks to have good checks on their tech staff, but this prevents nothing if a serviceman simply sell his password to a 3rd party.
1. Re:Another known trick by mlts · 2016-11-22 08:09 · Score: 1
  
  I've wondered why passwords are used. With the tech we have (including a way to ensure the clock is set correctly via NTP), why not use both a service password and a OTP using a TOTP mechanism like the Google Authenticator? Done right with the key inputted to a device [1] handed to the service person, they wouldn't be able to extract the TOTP seed, which would prevent someone selling the password.
  Or, perhaps add a smartcard to the mix. The US government uses PIV/CACs all the time, why not use that tech in an ATM?
  [1]: This device could even be an iPod Touch. I keep one of these around just for the sole purpose of working with Duo and Authy, just in case I lose my phone. It wouldn't be too difficult for a bank to make a dedicated device that would lock itself if taken outside a geofenced area.
2. Re:Another known trick by Anonymous Coward · 2016-11-22 09:42 · Score: 0
  
  The other known "trick" is to make the ATM hardware to mess up it's cash cassette setup, to make it think than all cassettes have $5 buck notes instead of 100.
  
  Works only for dollars, where different bills are same-size. With other currencies, the larger bills are physically larger. They don't fit in the wrong compartment. Small bills in a large compartment isn't done because you get paper jams.
  
  launch internet explorer to a site with exploit (most ATMs are windows XP machines)
  Well, windows is a bad choice for this sort of thing, actually having explorer in such a machine is stupid beyond belief. The rule is simple, don't ship vulnerable software on a cash machine (even if that means ditching windows for some "obscure" real-time os) and nobody need ability to surf from a cash machine anyway.
  
  Banks to have good checks on their tech staff, but this prevents nothing if a serviceman simply sell his password to a 3rd party.
  A mere serviceman need to change paper rolls and such. He is not allowed to replace the cash box - and should therefore not have opportunity to make the machine dispense cash either. Someone able to do that should only appear escorted by the same amount of armed guards you use when actually filling the cash box up with large amounts of money.
  If bank managers 'sell their passwords' then you have a climate where banking isn't viable. Hacking cash machines is then the least of your problems.
3. Re:Another known trick by youngone · 2016-11-22 11:50 · Score: 1
  
  I saw two guards changing the money cassettes in an ATM in my local mall a couple of weeks ago, and I am quite pleased that I live in a country where they don't carry guns at all.
  Also skimming still goes on
  The article says that they were arrested after bank staff saw unusual transactions, which might be true, but I would be willing to bet a whole dollar that the police were onto them as soon as they arrived.
  Four Romanians in New Zealand for a holiday? Yeah, right.
4. Re: Another known trick by Anonymous Coward · 2016-11-22 13:57 · Score: 0
  
  No IE eh? Wincor Nixdorf used to have two options. A C (++?) based fat client or a thin client which was a webpage shown in IE. Plus a bunch of DLLs to talk to the cassette hardware etc. No idea if they still have both or a third option. Haven't been involved in this in quite a while plus they got bought by Diebold.
  But basically you could use rundll to tell the hardware to spit out money. Requires access to the computer obviously. But at least some ATMs only had the cassettes in the safe and the computer outside of it I'm told. Why you ask? Because they build whatever the bank orders and some banks are cheap ...
5. Re:Another known trick by Anonymous Coward · 2016-11-22 19:29 · Score: 0
  
  Cool comment, but you don't have to be an offensive asshole. People living in Romania sometimes like to travel too (breathtaking, i know).
I know who it is! by Anonymous Coward · 2016-11-22 06:34 · Score: 0

It looks like John Connor has gone international with his Atari Portfolio! The machines will soon rise against us, as fortold by prophecy!
some are at the default passwords as well. by Joe_Dragon · 2016-11-22 06:54 · Score: 1

some are at the default passwords as well.
Armenia, Georgia and Kyrgyzstan: those three Europ by Anonymous Coward · 2016-11-22 08:10 · Score: 0

Plus Malaysia. More than twelve European countries that not all are actually in Europe. Well done.
Ukrainian hackers by avgapon · 2016-11-22 11:24 · Score: 0

I see that Ukrainian hackers have successfully fended off attacks on Ukrainian ATMs. Otherwise, how would they withdraw cash they steal from the US and Russia?
Keep... by Anonymous Coward · 2016-11-23 02:31 · Score: 0

...your micropenis away, lest you prolapse your colon.