Checkmarx Acquires Custodela to Bring Enhanced Automation to DevSecOps Programs!

ATMs Robbed With Malicious USB Drives

Lovers of the “Terminator” movie series surely remember how John Connor used his cool “binary code gadget” to hack into his local ATM machine. Technology has changed a lot since the early nineties, but hackers are still milking ATMs using malware-loaded USB drives. It’s estimated that millions of dollars have already been stolen in Europe alone.

ATMs have always been an object of temptation for criminals and fraudsters. While it has become very difficult to physically vandalize and carry away these machines, tampering with their parameters is quite a simple task.

The robberies are now executed by gaining access to the ATM’s internals and plugging in infected USB drives. Sophisticated malware can easily manipulate the outdated software to extract cash and empty the money vault.

The aforementioned criminal organizations, operating in Europe, have been emptying ATMs at will in recent months. The raids are swift, sophisticated and hard to trace, making it tough for the authorities to nab the culprits. The alarming ease of the robberies becomes clear when the outdated operating systems of the ATMs are analyzed.

Today’s ATMs have very unsophisticated hardware – a standard PC with a basic display, a secure keypad, a cryptoprocessor and other tiny bits of machinery connected to the cash vault. The ATM boots up like any computer and runs a full-screen program that serves the bank’s customers. This makes the machines extremely vulnerable.

Once the USB socket beneath the ATM’s plastic body is located, all the criminals have to do is to insert the USB drive and start manipulating the machine. The robbers can then patch-up the dent made in the fascia and return to the scene of the crime later for further “withdrawals”. The software part of the operation isn’t too complicated either.

The .NET based malware used in these Electronic Bank Robberies simply forces the ATM to reboot. The USB drive also contains a Hirens BootCD image with a barebones Windows system, causing the ATM to load the pirate software. This basically overrides the original ATM program and enables the untraceable withdrawal of cash.

Banks must upgrade their systems to eliminate these threats. Most ATM’s today are still powered by Windows XP, an insecure and outdated platform by all standards. Linux powered machines can provide an adequate solution, but renewing the systems is going to take time. Till then, all we can do is use online banking solutions and hope for a safer future.

Source – ATMs Running Windows Robbed

Jump to Category