It was revealed at the Chaos Computing Congress that there have been several attacks on European ATMs, in which thieves would cut holes into the machines and inserted their own USB drives, which allowed them to infect the machines with malware and steal money.
The presentation was done by two researchers who have decided to remain anonymous. They detail how in July it was noticed by the lender of some ATMs that despite security being in place, money inside some ATMs was still being withdrawn illegally. Upon closer inspection it was noticed that there had been small holes, big enough for a USB drive, drilled into the machines. Inside these holes USBs with malware would go. The thieves could then enter a code that was 12-digits long and brought up their own menu on the ATM, which allowed them to withdraw money to their heart’s content.
The best part? The holes in the ATMs were patched up… which not only hid the theft but also allowed for the same machine to be hit more than once, since the malware had already infected it.
Unsurprisingly, the thieves were mistrustful of each other. Once the first code was entered, numbers would show up on the screen and a second code needed to be entered, and this code varied and was only known by the masterminds. The thief would have to call the masterminds each time to get the code which corresponded with the number that came up.
No one has been arrested yet and the two who put on the presentation noted that the thieves had “profound knowledge of the target ATMs.”
I’m pretty sure this can be made into movie.
[via BBC News]