Crooks steal cash from ATM machines using infected USB drives
01 January 2014
ATM robberies are known to come in different variations including the gun- toting crook relieving unwary users of their cash, the bogus card scheme, ATM phishing, and others.
However, there appears to be no limit to human ingenuity when it comes to filching cash from both fellow humans and machines.
It has now been revealed that thieves were able to access loads of ATM money by injecting machines with malware using USB drives, BBC reported.
These break-ins were achieved through a combination of low- and high-tech skills. The criminals possibly manually drilled holes in the machines to insert USB sticks that then infected the system with malware. The robbers would then patch the holes on the dispensers.
When the cash leaks from machines were first detected in Europe in July, banks had no as to how the ATMs were being depleted despite security mechanisms. Finally, surveillance cameras caught the crooks using USB drives.
The report said that the details were presented by researchers during the recent Chaos Computing Congress in Hamburg, Germany.
The researchers, who wished to remain anonymous, demonstrated how criminals stored malware on thumb drives, cut out portions of the ATM machines that concealed the USB ports, uploaded the malware to the machine, covered up the hole in the ATM body and then helped themselves to as much cash as they wanted after rewriting the operating system's registry, a Wired.com article said.
According to the article, the malware forced a system reboot in order to rewrite the registry, and that criminals would wait until the ATMs were restocked with cash before springing into action. The researchers were able to reconstruct the malware from samples they came across in the wild.
Uploading malware to ATMs is not unknown. In October, researchers came to know of a piece of Spanish-language malware, known as Ploutus, being uploaded through the CD-ROM drive to ATM machines in Mexico. A few weeks later, other researchers discovered an English-language variant doing the rounds.
Aviv Raff, the CTO at Seculert, who has studied financial malware, told SCMagazine.com on Tuesday that the malware did not appear to be Ploutus.
He said, he believed, it was a tailored malware, created by someone who had access to these kinds of ATMs in the past.