Web Host Chat - The UK's host forum since 2001!
Colocation Rack Services
UK Web & Reseller Hosting
UK Leased Lines
VMWare Cloud Servers
Advertise here!
Data Centres

Cash machines raided with infected USB memory sticks

Researchers have discovered how thieves sliced into cash machines to infect them with malware last year.
Cash machines still running Windows XP were the targets.
Posted by administrator.
Published 21:36, Thu 2 Jan 2014.
Viewed 115 times.
Details of the incidents on unnamed European bank's cash machines were put forward at the hacking themed Chaos Communication Congress in Hamburg.

The criminals drilled holes in to the machines in order to insert the USB drives to install their codes in to the ATM's.

At present the gang has still not been caught, and the empty cash machines are still turning up.

The crimes appear to suggest that the criminals did not trust each other. The two researches who explained the attacks have asked for their names to remain anonymous.

The thefts were discovered in July after the bank involved realised that many of it's ATMs were being emptied despite their use of safes for the cash inside. They increased surveillance and found the vandalising of the machines to insert infected memory sticks.

Windows cash machines are being infected by USB memory sticks to empty them dry
Windows cash machines are being infected by USB memory sticks to empty them dry

As soon as the malware had been transferred they patched up the holes to disguise them and it enabled them to re-use the same machine easier in the future.

To activate the malware, a 12 digit code needed to be entered that then launched a special interface. Analysis of the software on four of the infected cash machines showed that this interface would show the amount of money available in each type of note denomination and options to release the cash as required.

It is thought that this enabled the thieves to focus on the most valuable notes and limit the amount of time they were out in the open and able to be seen.

It was added that the criminals had a profound knowledge of the ATM machines, and had gone to great measures to ensure the malware was hard to investigate. However on of the software's file names was hack.bat, so the imagination had clearly run out by then.

Amazingly most of the world's cash machines (ATMs) run on some version of Windows. In the old days it was quite common to find a crashed cash machine with the famous blue screen of death.

Ongoing banks will need to upgrade, or update their ATM's to prevent these attacks continuing, and there is not much else they can do about it.
Comments on this
  • Quite scary that a USB port would be so easily accessible on a cash machine (I assume from the front??)
    If ever there was a good need for using a proprietary interface and software this would be it.

    Especially with these mini ATM's you get in corner shops that could easily be reverse engineered and then the knowledge used to take on a bank ATM..

    Gary Coates - ServerHouse Ltd
    Established Colocation provider, Running Two Tier II & Two III data centres from two diverse sites in Hampshire. Bespoke complex managed hosting, 24x7 IT and resilient business connectivity from 100Mbs
    09:07, Fri 3 Jan 2014
  • They clearly need a copy of Norton on there!
    Admin for Webhostchat.co.uk
    09:10, Fri 3 Jan 2014
  • Post a comment on this
    Please login in order to use this feature.
    Please login to view the full contents of this page.
    If you don't have an account you can;
    Register one here.

    Don't miss:

    Five keys to choose a cloud computing provider
    There are many companies who have chosen to make the leap to the cloud. In fact, according to a Internet survey report more companies used cloud computing in order to improve their productivity. However, before addressing this new IT delivery model it is essential for companies to make an analysis of the main Cloud computing service providers of the market. First, companies should consider one thing before establishing any relationship, without trust it is impossible to establish a good working relationship. However, there are more aspects that need to be fixed before signing an agreement on cloud computing.
    Rural broadband maps criticised for lacking detail
    The government and BT are under fresh attack for the way the rollout of the UK's rural broadband is being handled.
    After nine years, the Million Dollar homepage is 22% dead
    The Million Dollar Homepage was a phenomenon in 2005, but almost a decade on, it stands as a monument to the fragility of the internet: over one-fifth of the links on the site are dead.
    GitHub Founder Suspended over Harassment Claims
    Last Friday, Julie Ann Horvath dramatically quit over allegations of harassment by leadership at GitHub over the last two years. GitHub is a developer platform that allows users to share code. The website is based on Git, the version control software created by Linux hacker and founder, Linus Torvalds. Until Friday, Julie was a developer at the company.
    Samsung Galaxy Remote Backdoor Discovered
    The developers at Replicant (an Open Source project aimed at replacing all proprietary components within Android OS) has discovered a remote back door in the Samsung Galaxy series of mobile devices and the Nexus S. The backdoor is only present in the proprietary version of Android bundled with the Samsung devices. So far, investigations reveal that the backdoor is relatively benign despite having read and write access to sensitive areas of the filesystem.
    Intel to Make Monster 800Gbps Cables
    No, not gold-plated Monster cables but monster 800Gbps cables! It looks like Intel is forging ahead with it's plans to disaggregate rack server infrastructure. Intel will be launching these new MXC cables in the later half of the year. Each cable bundles up to 64, simplex fibres to aggregate 1.6TB of bandwidth and can transmit up to 300 metres without repeaters.
    Cambridge University - No More Password Leaks
    Those smart folks working at Security Research in the University of Cambridge Computer Labs have developed a hardware device which promises to protect you from password leaks. That's a big promise so does it stack up?
    Energy windfall for data centres
    Energy harvesting has been an ideology for some time. With recent developments, we will soon see solutions being tested that will deliver significant changes in the way data centres are run
    Web.com acquires SnapNames domain names drop-catch/auction service
    Web.com acquired SnapNames on 3/March/2014, and continues partnership with NameJet domain name auction platform from Rightside (the domain name services spinoff from Demand Media)
    Raspberry Pi Foundation Offers $10K Bounty for GPU Driver Port
    With over 100,000 units sold on the first day of sales and over 2 million sold by the end of 2014, the Raspberry Pi has been an incredible success. The Raspberry Pi Foundation, set up as a charitable organisation in 2008, has a mission statement to "promote the study of computer science and related topics, especially at school level, and to put the fun back into learning computing." and despite it's success, not everyone's happy.
    Geo Network - Where Fibre Meets Your Fibre
    Getting physically connected between locations has always been expensive and time consuming due to negotiating rights of way and the actual laying of the physical cable. Chris Smedley, CEO of Geo Networks has decided to team up with Thames Water for a quicker and more efficient way of laying fibre. The London sewerage system.
    US TSA Employing Psycics to Find Passengers With Bitcoins
    Two airport security personel stopped Davi Barker at a US airport, claiming to have 'seen bitcoins' in his bag. Clearly a new form of modern day magic as bitcoins are a virtual currency !
    Dynamic kernel patching from Red Hat
    Red Hat show off their work on dynamic kernel patching which allows kernel upgrades without rebooting your system
    Microsoft now the largest Windows host
    Microsoft's Windows Azure cloud platform has helped it to surpass Amazon as the largest Windows host
    Docklands Harbour Exchange bought in 37 million deal
    A £37million deal was announced on Monday morning for the three building development near South Quay on the Isle of Dogs. It was previously owned by Land Securities Group.
    Nominet Selected to Provide Emergency Backup Registry Services
    In the (increasingly likely) event that one of the newGTLD operators goes t1tsup, transfer of the TLD to an Emergency Operator comes into force. Nominet officially selected as one of the EBERO's
    New Silk Road hit with $2.6 million heist due to known Bitcoin flaw
    "Transaction malleability," which worried Mt. Gox and Bitstamp, strikes again. Not only are Bitcoin trading sites like Bitstamp and Mt. Gox susceptible to the recent accleration of the "transaction malleability" problem, but apparently the Silk Road—or at least its newest incarnation—is too. Is this the end for Bitcoin as we know it?
    Hackers now filming their remote victims
    Cyber-thieves are increasingly grabbing video of how victims use their computer, to better steal from online bank accounts, a security firm reveals.
    Finalists announced for the first UK Cloud Awards
    The shortlist of finalists for the UK Cloud Awards 2014 have been announced, the new awards organised by the Cloud Industry Forum (CIF), Cloud Pro and techUK. There will be 15 awards across 2 categories, projects and products. In the products category, there is a wide variety of new and established businesses from startups to major international corporations. The winners will be announced at ceremony to be held at City Hall on 26th February, 2014.
    Largest Ever DDoS Cyber Attack Hits US and European Victims
    Multiple reports suggest the largest ever DDoS attack - peaking at 400Gbps - has hit targets in the US and Europe though who is behind the attack, and who the victims were remains a mystery.
    Tech Billionaires Made Up 75% Of 2013′s Most Philanthropic People Under 50
    Tech Billionaires Made Up 75% Of 2013′s Most Philanthropic People Under 50 with Zuckerberg giving away nearly $1bn.
    AMD and ARM working together for server CPUs
    AMD has worked with ARM to lower the energy requirements for data centre servers. Power usage is one of the most important aspects of servers today.
    Icelanders to enjoy virtual cash giveaway
    Following the hype and furore around the various virtual currencies being released on a seemingly daily basis, for the first time an entire nation is to be given some virtual currency.
    KNCMiner building Arctic Circle DataCentre for Bitcoin Mining
    KNC Miner (a Swedish Company) are using the 'pre-order' funds they have accumulated from over 4000 orders of a $12000 BitCoin Mining device to build a 10MW datacentre in The Node Pole region, near the Arctic Circle in Sweden.
    DDoS : Who watches the watchmen?
    Recent revelations from more leaked Snowden files show GCHQ has been using hackers own techniques against them and DDoSing their chatrooms and even using crafted BBC articles to scrape data to help identify users.
    .uk domain names to launch on June 10th
    Nominet are cashing in on the new gTLD hype with shorter .uk domains available to register from June 10th 2014
    AWS now the most popular host
    Amazon Web Services hosts more web sites from the top 100,000 domains than any other host according to data provided by Alexa
    PayPal and eBay websites hijacked
    The Syrian Electronic Army are claiming responsibility for hijacking the paypal.co.uk and ebay.co.uk web sites.
    GoDaddy security blunder
    A security blunder by domain registrar GoDaddy has cost a Twitter user their $50k one character handle thanks to some basic social engineering.
    Telehouse opens a new 1000 square meter co-location floor in London
    Telehouse who have long been a leading provider of data centre space has opened the final phased floor with 1000 sq.meters of available co-location space at Telehouse West.
    .Scot wait is over new top level domain for Scotland
    Congratulations Scotland, they have finally been awarded the dot Scot TLD, unfortunately there is no news on .haggis yet.
    Rackspace has lift off for ObjectRocket in the UK
    Rackspace has launched OBJECTROCKET in the UK and releases NoSQL Database-as-a-Service (DBaaS) in it's London data centres.
    Infinity SDC has opened a new flagship data centre
    Brand new Slough based data centre has been opened by Infinity with a respectable PUE of just 1.25. It will offer much needed new data centre space in the Thames Valley area.
    Ministry of Justice signs deal with Ark for Data Centre solution
    Ark claims to provide the most power efficient data centre solutions to lower the running costs with PUE scores as low as 1.08.
    What is a cloud? Not many end users have a clue
    While the companies supplying "cloud" services should know what they are selling, it is quite clear that most customers really don't have a clue what it means, or even if it's fluffy.
    Zapp plans to take on PayPal for Mobile payments
    The mobile payments brand Zapp is planning to squeeze in beside PayPal by investing tens of millions in to it's launch.
    Should all hosting companies accept PayPal
    As more and more people have PayPal accounts, is it important to accept PayPal as a payment method? Or are the risks and costs not worth it.
    Googles Chrome web browser could be keeping an eye on you
    An Israeli web developer says that Google's web browser could be spying on you. Google dismisses the allegation of eavesdropping threat.
    The internet is a gift from god according to the Pope
    Pope Francis clearly loves the web, and has called the internet a "gift from god". And that it is able to bring people together more easily.
    2014's web hosting company problems to keep an eye on
    2014 should see the ever growing web continue to expand at a rate yet again even faster than before. More and more companies will continue to utilise the web's advantages, and with that there will come new challenges for hosting companies.