Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security The Almighty Buck

ATM Hacks in 'More Than a Dozen' European Countries in 2016 (zdnet.com) 22

Cybercriminals have hacked ATMs in more than a dozen countries in Europe this year using software that forces the machines to spit out cash, according to Russian cybersecurity firm Group IB. ZDNet adds: This type of attack, known as "jackpotting", is part of hackers' shifting focus from stealing card numbers and online banking details towards a more lucrative method that gives them access to both ATMs and electronic payments. The firm said attacks had successfully compromised banks in Armenia, Belarus, Bulgaria, Estonia, Georgia, Kyrgyzstan, Moldova, Poland, Romania, Russia, Spain, and the United Kingdom, as well as in Malaysia. However, the firm declined to disclose the banks' names. ATM makers Diebold Nixdorf and NCR Corp said that they are aware of the attacks, and have been working with customers to mitigate the threat. Dmitry Volkov, head of intelligence at Group IB said that he expects more heists on ATMs in the future.
This discussion has been archived. No new comments can be posted.

ATM Hacks in 'More Than a Dozen' European Countries in 2016

Comments Filter:
  • It's just evidence that Dr Who's been in town
  • by Esteanil ( 710082 ) on Tuesday November 22, 2016 @12:47PM (#53340055) Homepage Journal

    "software that forces the machines to spit out cash" sounds useful.
    Anybody got a copy? :-P

  • Not so bad when compared to what they do around here http://5newsonline.com/2016/09... [5newsonline.com]

    All the cash in the atm VS The storefront, the displays, the atm and all the cash in the atm.

  • by fubarrr ( 884157 ) on Tuesday November 22, 2016 @01:00PM (#53340201)

    >banks in Armenia, Belarus, Bulgaria, Estonia, Georgia, Kyrgyzstan, Moldova, Poland, Romania, Russia, Spain, and the United Kingdom, as well as in Malaysia

    The only bank with branches in aforesaid countries, with exception of Spain (they run a re-branded outlet after Spain busted Russian mafia there,) is Russian Sberbank; and yes, they had master password leakages many times before.

    And I believe that guys who were PWNing them were their own, as nobody except for Russians have mule networks with such size and reach.

  • The other known "trick" is to make the ATM hardware to mess up it's cash cassette setup, to make it think than all cassettes have $5 buck notes instead of 100. This requires service password, but no physical access. It is impossible for the serviceman with this password to simply order the ATM to open its protected compartment or spew cash, but things like turning off its internet connection, see its VPN settings, launch internet explorer to a site with exploit (most ATMs are windows XP machines) and etc.

    Ba

    • some are at the default passwords as well.

    • by mlts ( 1038732 )

      I've wondered why passwords are used. With the tech we have (including a way to ensure the clock is set correctly via NTP), why not use both a service password and a OTP using a TOTP mechanism like the Google Authenticator? Done right with the key inputted to a device [1] handed to the service person, they wouldn't be able to extract the TOTP seed, which would prevent someone selling the password.

      Or, perhaps add a smartcard to the mix. The US government uses PIV/CACs all the time, why not use that tech i

You are in a maze of little twisting passages, all different.

Working...