Home / Software & Gaming / Security / Thieves target cash machines with pen drive hack

Thieves target cash machines with pen drive hack

The last time I legitimately saw someone hack into an ATM cash machine was John Connor in Terminator 2, but apparently that's still going on, as earlier this year a spree of thievery took place at different cash machines, with the people behind it using memory sticks to upload their own custom malware, letting them spit out whatever notes they desired.

This news came to light at the Chaos Computing Congress – which yesterday showed us that a Wii U gamepad could stream PC content – with two anonymous researchers breaking down the system the thieves used.

To begin with, they would physically break into the ATM, giving them access to a USB port, which would then allow them to upload a piece of malware, opening up new options on the cash machine's menu. From there it could have been a simple matter of telling it to spit out all the 50s and 20s, but according to the report there was one more step that was designed to stop whoever was perpetrating the hack, from running off with all the money themselves.

atm
I'm just impressed they did it without a bitchin' mullet

That means this was a gang lead operation, with the system used requiring whoever was breaking into the machines, to call someone and read out a series of numbers and symbols that would appear on the screen. In turn they would be told what keys to input to further access the cash output commands.

Once the machines had been raided, the thieves removed the pen drive and patched up the hole, meaning they could hit the same machine again further down the road.

It wasn't revealed which banks had been targeted, but they were said to be European.

KitGuru Says: Pretty smart, especially the protection against a double crossing. [Thanks BBC]

Become a Patron!

Check Also

Nvidia driver update fixes crucial security vulnerabilities

Nvidia GeForce, RTX, Quadro, NVS and Tesla GPU users will want to update their drivers soon. Nvidia has pushed out a hotfix with a number of critical security fixes that if left unfixed, could allow for unauthorised access to systems.