AN ATM STICKUP: Two methods used to fleece cash machines

Philipsburg – VIJAY SHAH via TecNovedosos

Earlier this year, specialists working at Russian cybersecurity firm Kaspersky Lab announced at a conference held in the Dutch Caribbean territory of Sint-Maarten that bank robbers have found two new, and quite ingenious ways to target ATMs and relieve them of their cash deposits. The IT experts made a presentation in front of delegates at the Computer Security Summit Summit, held on the 4th of April, 2017, where they warned that thieves were upping their game in their attacks on automated bank tellers and gone were the days when all it took was a rope, a heavy-duty vehicle and a small amount of explosives to break into an ATM.

 

According to a report published in Spanish language online magazine tecnovedosos.com, sophisticated robbers now have two tactics at their disposal, cases of which have already been reported by banks in Russia and Europe. In many of these cases, the robberies only took a matter of seconds.

The first tactic reported by security specialists involves a small hole being drilled into the ATM keypad without triggering the machine’s automatic security sensors. A hacker then uses special equipment to directly access the onboard computer. The hacker then decodes the machine’s electronic signals, essentially forcing the machine to electronically hand over all its cash. The ATM is emptied of its cash reserves by the robbers. This tactic exploits a vulnerability in a certain model of ATM, manufactured by a single company, though which company it was was not mentioned by the Kaspersky Lab researchers.

The second tactic involves a more elaborate and far-reaching approach targeting the bank itself. Malicious cybercriminals target the bank’s IT systems with a powerful virus that targets the part of the network that manages the ATMs. Once the virus is entrenched, it is remotely activated by the criminals using the bank’s own systems. A command is sent out by the virus to the ATMs to release their cash reserves. The robber needs then only to pay a visit to the compromised ATM and withdraw all the money, a procedure that takes only a few minutes and will not arouse the suspicions of bank security staff, and also cuts out the risk associated with traditional bank robberies involving ‘stick-ups’, in the eyes of criminals.

The ATMs are compromised by robbers quite easily and once the heist is complete, the hackers wipe out the virus to cover their tracks. The virus, known as ATMitch, has been reported by banks hacked into in Russia and neighbouring Kazakhstan.

In the UK, no such cases have yet been reported involving these tactics. Most ATMs are zeroued in on by less technologically savvy robbers who resort to blowing up cash machines or ripping them out of walls. In the past few years, some fraudsters have adopted a more scientific approach, involving attaching special skimming devices to the card reader slots of ATMs, which masquerade as part of the machine and catch people’s card details and PINs, which the robbers gather from the device and then empty the victims’ accounts. Others have been caught attaching pinhole cameras which watch people enter their PINs. ATM users are advised to always shield their PINs when using cash machines, and to be wary of people standing over them or observing them using the keypad.

SOURCES:

Vijay Shah { विजय }, Twitter, Twitter Inc. https://twitter.com/VShah1984

Tecnología GM 🔹‏, Twitter, Twitter Inc. https://twitter.com/TecnologiaGM

“Descubren dos ingeniosas tácticas para sacarle el dinero a los cajeros automáticos” – tecnovedosos.com/TecNovedosos (5 April 2017) https://www.tecnovedosos.com/metodos-para-robar-cajeros-automaticos/

IMAGE CREDITS:

“Free photo: Scam, Atm, Security, Bank, Money – Free Image on Pixabay – 2048851” – mrganso, Pixabay (4 February 2017) https://pixabay.com/en/scam-atm-security-bank-money-2048851/

“🇸🇽 Sint Maarten on Twitter Twemoji 2.0” – Emojipedia/Emojipedia Pty Ltd https://emojipedia.org/twitter/twemoji-2.0/flag-for-sint-maarten/

Advertisements

2 thoughts on “AN ATM STICKUP: Two methods used to fleece cash machines

  1. Invisibly Me October 14, 2017 / 5:47 pm

    This made for interesting reading as I didn’t know the ins and outs of how this was done. I would say it’s heartening that this isn’t happening in the UK, but I’m sure it’s a matter of time before criminals get a little more sophisticated than the usual vehicle-to-the-wall manoeuvre. x

    Like

    • HEM News Agency October 15, 2017 / 3:15 pm

      Thanks so much for your comment. It is a worry that as our society becomes more technologically, hackers and cybercriminals will soon become like the new Mafia, with a horrifying ability to disrupt our lives just at the press of a button. Hopefully financial institutions will wake up, smell the coffee, and beef up their tech security.

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s