Hackers are always trying to find new ways to mess with systems and black hat hackers love when messing with a system can yield money. Researchers at the Chaos Computing Conference in Hamburg, Germany detailed how a group of people were able to use USB sticks to empty ATM machines from an undisclosed bank and country.
According to the researchers, the group of hackers physically cut a hole into an ATM to expose its USB port. After doing this, they used a malware-infected USB stick to take over the ATM’s software. Once the ATM was exposed and a 12 digit code was entered, a custom user interface would pop up on the ATM revealing how much money was present in the ATM’s safe.
Of course, the malware would then allow the hackers to take out whatever amount of money they would like from the system. Once they were done, the hole could be covered up and the ATM would go back to operating as usual.
It took a little while for the bank to realize what was happening but once it noticed that its ATMs were empty, the bank installed additional surveillance around them. The hackers had continued to come back to the same group of ATMs as it allowed them to skip past the tedious step of cutting new holes into the machines.
Even the hackers themselves did not trust each other and once researchers were able to gain access to the infected files used to empty the ATMs, it became clear that a single person couldn’t pull this off. Instead, numbers would have to be entered by each of the hackers to avoid any one of them going rogue and stealing the USB drive to take money for themselves.
The researchers involved with the Conference have not been named but during the event, they noted that the hackers had to have extensive knowledge of the ATMs that they were targeting with the hack. Although the malware used to takeover the machines was complex, the individual files were reportedly as simple as “hack.bat.”
Summary: Hackers in Europe were able to steal money from ATMs by using a USB stick with malware installed. The hack required multiple people to be involved and in order to access a USB port on the ATM, they would have to physically cut a hole into the machine.
Image Credit: infosecuritymagazine