Menu

Hackers used infected USBs to make ATMs spit out cash

ATM Machine

Fri, 3 Jan 2014 Source: mashable.com

Hackers reportedly used USB sticks to install malware on ATMs in Europe, eventually controlling them to dispense cash.

According to the BBC, German researchers revealed during the Chaos Computing Congress on Dec. 28 in Hamburg, Germany, that criminals used USB drives during a ATM robbing spree last summer. Although ATMs have been the target of attacks for decades, they often run older software, making it easier for criminals to hack the systems.

The ATMs were running Windows XP. The bank discovered hackers were installing malware and then patching up the security holes as an attempt to go unnoticed. This allowed several machines to be hacked the same way several times.

To dispense money, the hackers used a 12-digit code that revealed how much money — and the denomination of each bill — was housed inside the machine. The interface then displayed menu options to dispense the notes they wanted, most likely those of the highest value. To prevent hackers from going solo, the interface prompted a second login code; the answer would require the hacker to call another person involved in the ring.

If the code wasn't entered in three minutes, the machine would return to its previous normal screen. This step indicates there may have been some mistrust among the group, the researchers said.

It was not revealed which banks or countries were affected by the attacks.

Source: mashable.com