Cybercriminals are waging a war against banks, emptying their ATMs of money. Malware is their preferred tools, an eBay key and a Raspberry Pi. This is how they are doing it.
Win the jackpot
It's been more than ten years since the late hacker and cybersecurity researcher Barnaby Michael Douglas Jack showed a rapt audience how he could compromise ATMs.. Jack's presentation took place on 28 July 2010 at the Black Hat USA conference in Las Vegas. Unlike the famous Las Vegas slot machines, the two ATMs on stage with Jack could be made to dispense cash until they were empty, forever. Reliably and repeatedly.
It is appropriate that the term jackpot was coined in what is probably the most famous gambling city in the world. Used to describe attacks that target and empty ATMs. The other common attack on ATMs is brushing, where users' PIN numbers and card data are copied and used to create cloned cards.
The jackpot is on the rise, resulting in the loss of tens of millions of dollars each year. Hundreds of hundreds of ATMs have been attacked in Asia and Europe, and attacks are increasing in the US. UU. Some estimates comment that ATMs of 100 different banks in 30 countries have been affected since 2016, representing the multiple threat actors in the region of $ 1 billion.
These large-scale operations are sophisticated. Require planning, surveillance, a small army of ground troops or mules, some knowledge, some malware and some equipment. Gone are the days when you would chain the ATM to your truck and drive away with it.
Now you can use a Raspberry Pi.
the Modus operandi
An ATM is effectively a computer in a reinforced enclosure linked to drawers full of money.. Unfortunately, the operating system inside computers is not as hardened as the case the computer is in. Most run on Windows 7, even though Windows XP is also common. These are outdated operating systems that should have been retired long ago. Its vulnerabilities are abundant and well understood by cybercriminals.
Malware packages can be purchased on the dark web to exploit vulnerabilities in these operating systems and interact with ATM software. They have names like atmspitter, cutlet maker, green dispenser, fast cash and pylon. Prices range from $ 200 and $ 1000 Dollars, depending on the make and model of the ATMs you are targeting. Some of the malware packages contain compromised proprietary software that belongs to ATM manufacturers.
You will also spend around $ 150 for the equipment you will need, including your Raspberry Pi.
Paso 1: Where are the goals?
ATMs in a city are mapped and studied. Good lenses are those with high usage, because they have the most money. Ideal targets are high-value ATMs in areas with little or no surveillance.
Attacks are usually scheduled for days like Black Friday or Valentine's Day, when ATMs are loaded with up to a 20 percent more money than usual. ATMs are also loaded with extra money in the weeks leading up to Christmas because many will have received their annual or Christmas bonus in their pay.
Paso 2: What are the brands and models of ATMs?
Knowledge of the ATM hardware enables you to purchase the appropriate malware and the appropriate key to open the ATM cabinet. Some manufacturers put their name somewhere on the ATM, which facilitates identification. The big names in ATM manufacturing are Diebold Nixdorf, Wincor Nixdorf, NCR, Triton e Hitachi-Omron.
Photographing the ATM enables you to get help from dark web contacts or Google image search to establish the make and model. Once you are armed with the versions of the ATMs that you are going to compromise, you can search the dark web marketplaces, and even on clear websites like Ali Baba and eBay, to obtain ATM maintenance keys.
Prices for these start at $ 10 and rise to approximately $ 50. You will use the key to open the ATM and access the USB ports.
Paso 3: instalar malware
ATM USB ports are restricted and will only accept a connection from a keyboard or mouse. This is to allow the military to maintain units. You will have loaded the malware onto your Raspberry Pi and obtained a battery so that it can function as a portable drive.
The malware is written in a way that convinces the ATM that the Raspberry Pi is a keyboard. Stored commands drop from Raspberry Pi to ATM, and the ATM obediently follows them.
Paso 4: Jackpot
It is feasible to make an ATM spit out bills at a speed of 40 banknotes in 20 or more seconds, the approximately 120 in a minute. If they are banknotes $ 100 Dollars, that's $ 12,000 per minute.
Jackpot actually.
Variations on a theme
The large-scale jackpot hits many ATMs at the same time, which means you need to have a lot of people on the streets carrying out these attacks and bringing the money. These are the cheap mules at the lower end of the criminal spectrum. With a little bit of training and training, these low-level operatives are capable of doing the physical side of the attack and malware does the rest.
It is cheaper to equip a mule with a Raspberry Pi than with a laptop, and a Raspberry Pi is easier to hide on your person. Sometimes, The Raspberry Pi is equipped with a global system of $ 70 for mobile communications receiver (GSM) to accept commands via SMS text messages.
Another variant is to insert a USB memory stick into the ATM and reboot it from an operating system on the memory stick.. When the ATM has started, can install the malware directly into the currently idle ATM operating system. When you restart the ATM with its usual operating system, you can control malware by inserting a specially created card or via a secret key combination on the ATM keyboard.
The ATMs contain remote access software so that they can receive support and maintenance remotely. If you can compromise this software, you can control your zombie ATM collection remotely. All your mules have to do is be in the right place at the right time to collect the money.
We do not know the true scale
There is a belief that many ATM thefts go unreported, so we really do not know the true magnitude of the problem. Despite this, we know two things. The first is that the jackpot we know of is already huge.. The second is that it will continue to grow.
Until ATM Manufacturers Take ATM Security Seriously, Cybercriminals will see ATMs as boxes full of money waiting to be emptied.
