Criminals have found a way to hack into automated teller machines (ATMs) and steal millions of dollars in cash, an international security specialist warned on Tuesday.
Kaspersky Lab said it has performed a forensic investigation into cyber-criminal attacks targeting ATMs worldwide. Its researchers discovered malware was being used to infect ATMs, allowing attackers to empty cash machines via direct manipulation.
Interpol has alerted the countries that have been affected and is assisting with ongoing investigations, Kaspersky said. South Africa is not among them.
“They work at night and only on Sundays and Mondays. Without inserting a credit card into the ATM slot, they enter a combination of digits on the ATM’s keyboard, make a call to receive further instructions from an operator, enter another set of numbers and the ATM starts giving out cash, lots of cash,” the information security firm said in a statement.
The criminals work in two stages, it said. First, they get physical access to the ATMs and insert a bootable CD to install the malware. After they reboot the system, the infected ATM is under their control.
After a successful infection, the malware runs in an infinite loop waiting for a command. To make the scam harder to spot, the malware only accepts commands at specific times on Sunday and Monday nights. During those hours, the attackers are able to steal money from the infected machine.
“Video footage obtained from security cameras at the infected ATMs showed the methodology used to access cash from the machines. A unique digit combination key based on random numbers is freshly generated for every session. This ensures that no person outside the gang could accidentally profit from the fraud,” Kaspersky said.
“Then the malicious operator receives instructions by phone from another member of the gang who knows the algorithm and is able to generate a session key based on the number shown. This ensures that the mules collecting the cash do not try to go it alone.
“When the key is entered correctly, the ATM displays details of how much money is available in each cash cassette, inviting the operator to choose which cassette to rob. After this, the ATM dispenses 40 banknotes at a time from the chosen cassette.”
The malware identified and named by Kaspersky Lab as Backdoor.MSIL.Tyupkin has so far been detected on ATMs in Latin America, Europe and Asia.
To mitigate against the risk, the company said banks should, among other things, review the physical security of their ATMs; replace all locks and master keys ATM machines and ditch the defaults provided by the manufacturer; install an alarm and ensure it is in good working order; change the default password on the machine’s Bios; and ensure it has up-to-date antivirus protection. — (c) 2014 NewsCentral Media
