How hackers break into ATMs

Baxteen

Honorary Master
Joined
Feb 26, 2013
Messages
17,354
mmm maybe I need to get a donkey and a copy of the malware... for science....
 

Nerfherder

Honorary Master
Joined
Apr 21, 2008
Messages
28,236
A unique digit combination key based on random numbers is freshly generated for every session. This ensures that no person outside the gang can accidentally profit from the fraud.

I love it !

No robin hood over here.
 

Compton_effect

Honorary Master
Joined
Sep 7, 2006
Messages
12,292
This is what banks can do to mitigate the risk:

1. Review the physical security of their ATMs and consider investing in quality security solutions.
2. Replace all locks and master keys on the upper hood of the ATM machines and ditch the defaults provided by the manufacturer.
3. Install an alarm and ensure it is in good working order. The cyber-criminals behind Tyupkin only infected ATMs that had no security alarm installed.
4. Change the default BIOS password.
5. Ensure the machines have up-to-date antivirus protection.

Ok. Number 2 is a bit extra cost. But really? Number 4 - default passwords?
The first thing I make sure is done on any server I take ownership of - change the damn passwords. (Ok, there was the one time the idiot of a sysadmin forgot to write it down and we had a world of hurt fixing that mess)
 

FaSMaN

Expert Member
Joined
Mar 24, 2010
Messages
1,876
I'll just leave this here....

[video=youtube;PW5ELKTivbE]http://www.youtube.com/watch?v=PW5ELKTivbE[/video]
 
Last edited:

Icko

Well-Known Member
Joined
Dec 9, 2005
Messages
278
"First, they get physical access to the ATMs and insert a bootable CD to install the malware"

How do they do this at first place???
 

Compton_effect

Honorary Master
Joined
Sep 7, 2006
Messages
12,292
I would like to know as well.

Seems the banks never replaced the keys to the ATM case with new ones. It still had the manufacturer default.
And really - I know its a glorified pc, but you'd expect them to have the points of access locked down. USB ports and CD Rom disconnected. Only have on USB port left working, behind its own lock.
 

Fingolfin

Senior Member
Joined
Oct 15, 2012
Messages
999
One by one, to a precise schedule, the last bastions of access to anonymous cash are abandoned to banditry. The smear campaign against 'gateway phase' technology continues, enabling the eventual closing of the gate. When that happens...will you be on the inside, or the out?

220px-Sheep%27s_face%2C_Malta.jpg
 

koeksGHT

Dealer
Joined
Aug 5, 2011
Messages
11,857
I don't see the OS as the problem, the actual ATM software which connects to the controllers for the dispenser seems to have the issue. Seems like some inside knowledge is needed(well access to an atm)
 

w1z4rd

Karmic Sangoma
Joined
Jan 17, 2005
Messages
49,682
Ok. Number 2 is a bit extra cost. But really? Number 4 - default passwords?
The first thing I make sure is done on any server I take ownership of - change the damn passwords. (Ok, there was the one time the idiot of a sysadmin forgot to write it down and we had a world of hurt fixing that mess)

Windows has a CD you can boot off to reset the password and Linux just requires a small change to the bootloader. What OS where you guys running ?:D
 

Petec

Expert Member
Joined
Mar 22, 2012
Messages
2,862
Barnaby Jack demo'd this years ago. Also on many other electronic devices.
The man had him killed, but Jack's work will carry on, exposing these vulnerable systems.
 

gregmcc

Honorary Master
Joined
Jun 29, 2006
Messages
24,501
Awesome trick. You would have thought they wouldnt use default bios password and at least disable the CD in bios.
 

Grant

Honorary Master
Joined
Mar 27, 2007
Messages
57,539
Barnaby Jack demo'd this years ago. Also on many other electronic devices.
The man had him killed, but Jack's work will carry on, exposing these vulnerable systems.

old skool jackpotting :D
 

zamicro

Expert Member
Joined
Oct 22, 2007
Messages
3,823
Unfortunately, working for big companies, I have seen too many times that security is not top of the list during development. This does not surprise me one bit.
 
Top