ATMs
over the years have been seen throughout the communities at the banks and
credit unions. These however are now seen in several forms of retail
establishments (convenience stores, grocery stores, malls, etc.) and in the
workplace for the convenience of the consumers. The first ATMs were implemented
in 1967 at a Barclays Bank branch in London (Kochetova, 2016). With the vast
number of these located across the planet, all loaded with money, the attackers
have decided to work at breaching these for profit.
History
The
attacks on ATMs are not a new phenomenon. These attempts have been recorded for
at least a decade. In 2010 at Black Hat there was a demonstration on the
methodology to jackpot on ATM machine. In this instance the demonstrator showed
the methods to gain admin privilege and issue the command for it to liberate
all of its cash (ATMequipment, 2010).
Another
presentation by Barnaby Jack also at Black Hat first demonstrated how to open
an ATM, plug in a USB, and restarting the ATM. This attack was not complex or
difficult. A second attack bypassed the authentication process remotely. A rootkit
was installed, and the ATM machine was pwned (Dirro, 2010; Zetter, 2010).
A
later attack involved jackpotting ATMs by only using the keypad. This attack
was done over 18 months in the Nashville, TN area. The attackers fraudulently
collected over $400K in other people’s money. They were caught and will spend a
great deal of time at the hospitable jail. With the lure of easy money, this is
not unusual.
Recent
Attack
Over
the last six years, after the security had improved, the incidents of ATM
attacks had decreased to a not significant level. This was mostly done by
people just being curious an not breaching the machine.
That
was, until recently. There was a theft of over $2M from ATMs with fraudulent
withdrawals in Taiwan. As this had not happened for years, the authorities had
no idea of the method it was perpetrated. From the camera recording, it was
seen that the thefts were done without a card being inserted into the machine
(Ducklin, 2016). At this point, the machine was jackpotted. The people
gathering the cash wore masks, making identification exceptionally difficult at
best. As the investigation continued, it became known that this was done by at
least two Russian nationals. At first glance, it appeared the attackers used
malware downloaded by the ATM.
Further
research indicated the parties involved were from Infocube, a security firm
located in Russia, and a gang focused on cybercrime, Carbanack (Cluley, 2016).
Carbanack is a familiar name in certain circles. They have been accused of
fraudulently acquiring over $200M. In other attacks, they have used e-payment
systems and installed malware on the infrastructure the ATMS operate on.
These
suspects were located and arrested (Abel, 2016). One was located in northeast
Taiwan and two were in Taiwan’s capital of Taipei. There were also 13 others,
who had fled the country, who were also implicated. Fortunately over half of
the money was recovered. The process used to place the malware on the system
for this attack in unknown. This attack on the network (Gray, 2016) will be
investigated further.
References
Abel, R., (2016, July 19). Three arrested in £1.8
mil ($2.5M) Taiwanese ATM malware heist. Retrieved from http://www.scmagazineuk.com/three-arrested-for-alleged-using-malware-to-snag-18mil-from-taiwanese-atms/article/510195?DCMP=EMC-SCUK_Newswire&spMailingID=14995005-spUserID=NTAzOTUzM
ATMequipment. (2010, August 3). Hantle (formerly
Tranos) ATM machines. Retrieved from http://atmequipment.com/News/Technical-Bulletin-Jackpotting-ATM-Machines
Cluley, G. (2016, July 20). Russian security firm
linked to cybercrime gang. Retrieved from https://www.grahamcluley.com/2016/07/russian-security-firm-linked-cybercrime-gang/
Dirro, T. (2010, July 28). Remote jackpot: Hacking
ATMs. Retrieved from https://blogs.mcafee.com/mcafee-labs/remote-jackpot-hacking-data/
Ducklin, P. (2006, July 18). Mystery surrounds $2M
ATM “jackpotting” attack in Taiwan. Retrieved from https://nakedsecurity.sophos.com/2016/07/18/mystery-surrounds-2m-atm-jackpotting-attack-in-taiwen
Durden, T. (2014, November 16). “ATM jackpotting”
exposed-It’s not just the fed that spits out free money. Retrieved from http://www.zerohedge.com/news/2014/11-16/atm-jackpotting-exposed-its-not-just-fed-spits-out-free-money
Gray, P. (2016, July 21). Risky.biz #419—Brian krebs
on future of bank cybecrime. Retrieved from http://risky.biz/RB419
Kochetova, O. (2016, April 26). Malware and
non-malware ways for ATM jackpotting. Retrieved from
https//:securelist.com/analysis/publications/74533/malware-and-non-malware-ways-for-atm-jackpotting-extended-cut/
Krebs, B. (2014, October 20). Spike in malware attacks
on aging ATMs. Retrieved from http://krebsonsecurity.com/2014/10/spike-in-malware-attacks-on-aging-atms/
Krebs, B. (2015, January 6). Thieves jackpot ATMs with
‘Black Box’ attack. Retrieved from http://krebsonsecurity.com/2015/01/thieves-jackpot-atms-with-black-box-attack
Roger, J. (n.d.). Jackpotting ATM machines courtesy
of the jolly roger jackpotting was done rather successfully. Retrieved from http://skepticfiles.org/new/068doc.html
Wikipedia. (2016, July 15). Security of automated
teller machines. Retrieved from https://en.wikipedia.org/wiki/Security_of_Automated_Teller_Machines
Zetter, K. (2010, July 28). Researcher demonstrates
ATM ‘jackpotting’ at black hat conference. Retrieved from https://www.wired.com/2010/07/atms-jackpotted/
No comments:
Post a Comment