(Via Zerohedge)
Hackers using sophisticated malware and an endoscope have been cracking into U.S. ATM machines, making them spit out cash like slot machines, according to security expert Brian Krebs – who reports that the U.S. Secret Service has been quietly warning financial institutions of the new wave of attacks in a confidential memo.
The practice known as “jackpotting” or “logical attacks,” first reported by ZeroHedge in 2014, has been widespread in Europe and Asia. Thieves typically target stand-alone ATMs such as those found in pharmacies, retail stores and gas stations, accessing the machine’s internals with an endoscope – a tiny camera on a flexible tube with which the hackers use to locate an internal port in the ATMs circuitry in order to connect a laptop and download malware. Another method used by hackers is to completely replace the ATMs hard drive with an identical one loaded with the malware.
Machines running Windows XP are particularly vulnerable, reads the Secret Service report, which recommends updating to Windows 7.
The malware, known as “Ploutus.D” then allows the hackers to remotely instruct the ATM to spit out cash. At present the hackers appear to be targeting Diebold Nixdorf machines – the #1 global ATM provider at around 35% of machines worldwide.
“Once this is complete, the ATM is controlled by the fraudsters and the ATM will appear Out of Service to potential customers,” reads the confidential Secret Service alert, as reported by Krebsonsecurity.com.
Barnaby Jack loading up an ATM for 2010 demonstration. Jack died in 2013
before he was to give a presentation on remotely hacking pacemakers and insulin pumps.
“In previous Ploutus.D attacks, the ATM continuously dispensed at a rate of 40 bills every 23 seconds,” the alert continues. Once the dispense cycle starts, the only way to stop it is to press cancel on the keypad. Otherwise, the machine is completely emptied of cash, according to the alert.
At a hacker conference in 2010, Wired reported, a researcher brought two infected ATMs to the stage and gave a demonstration.
In the first example, a volunteer from the audience swiped a card through the ATM, and the researcher instantly brought up his credit card number and personal information on a computer spreadsheet.
In the second, the researcher gave the machine a command. “Jackpot!!” flashed on the ATM’s screen, and it began spitting bills onto the floor as the crowd cheered. -WaPo
Read More