Hacking and infecting an ATM is a desirable target for cyber fraudsters, as it allows them to gain access to the money stored in it. At the same time, attackers can act both remotely and in contact with an ATM. Also, the device can become the starting point for hacking the entire infrastructure of the bank. Classification and methods of hacking ATMs
The main methods of hacking ATMs can be divided into the following categories:
1. Substitution of the processing center
Each ATM is connected with a network cable to the so-called processing center - a kind of server that sends commands for issuing money, cards, checks, issuing information about the state of the account, etc. With the help of special equipment, an attacker is able to replace this processing center, thereby issuing false commands to the ATM. If the attack is successful, the hacker will be able to withdraw all funds in the device's reserve using any bank card and any PIN-code.
2. Hacking with special devices
For this method, an attacker will need a key to access the "guts" of the machine. You can get it in different ways: from an unscrupulous bank employee, using social engineering, by buying on the Internet or by counterfeiting. After opening the case, a special device (the so-called "black box") is connected to the USB port of the ATM, which makes the machine give out all the cash. Some of these "black boxes" can even be controlled from a smartphone.
3. Infection with malware
When gaining access to the USB port of an ATM or its remote control service (for example, if the banking network has already been hacked), a cybercriminal can inject a computer infection into the device. One of the most famous examples of malicious code for ATMs is the Tyupkin Trojan.
4. Physical impact (opening an ATM)
The most popular ATM robbery method is to smash the device, blow it up, drill. The ultimate goal of the criminal is the safe in which the money is kept. However, such actions are very noticeable, and for the entire operation the thieves will have only 2-3 minutes before the police squad arrives.
Example: video of breaking into an ATM in Chita.
https://www.youtube.com/watch?v=3EraeEmw510
An outdoor surveillance camera at a VTB bank branch in the city of Chita captured a family row while trying to break into an ATM. The robbery ended unsuccessfully.
The reason for hacking ATMs
Small banks are most vulnerable to hacker attacks. All hacks of self-service devices occur due to employee errors: an incorrectly configured ATM network or even the entire bank, incorrectly configured or missing security systems (software whitelists, protection against physical intrusion, etc.), employee negligence, and insider activity. Most ATMs are running Windows XP Embedded, which has a large number of vulnerabilities with an equally large number of exploits for them.
Threat source and risk analysis
All of the above factors pose a threat. However, it is very easy to reduce the number of vulnerabilities: it is important to install CCTV cameras near ATMs, provide authentication between the ATM and the control program, segment the network correctly, use software whitelists, secure access keys, work with staff to avoid leaks of information about the ATM device, the same keys access to them, etc. There are special lines of antivirus software for ATMs, although in some cases malware can disable it.
Hacking ATMs is a huge risk for a bank: both for its money (for example, losses from Tyupkin are measured in hundreds of millions of dollars) and for its image (not all banks have protected depositors' money with insurance). Fortunately, secure and properly configured machines are virtually immune to hacker attacks.
The main methods of hacking ATMs can be divided into the following categories:
1. Substitution of the processing center
Each ATM is connected with a network cable to the so-called processing center - a kind of server that sends commands for issuing money, cards, checks, issuing information about the state of the account, etc. With the help of special equipment, an attacker is able to replace this processing center, thereby issuing false commands to the ATM. If the attack is successful, the hacker will be able to withdraw all funds in the device's reserve using any bank card and any PIN-code.
2. Hacking with special devices
For this method, an attacker will need a key to access the "guts" of the machine. You can get it in different ways: from an unscrupulous bank employee, using social engineering, by buying on the Internet or by counterfeiting. After opening the case, a special device (the so-called "black box") is connected to the USB port of the ATM, which makes the machine give out all the cash. Some of these "black boxes" can even be controlled from a smartphone.
3. Infection with malware
When gaining access to the USB port of an ATM or its remote control service (for example, if the banking network has already been hacked), a cybercriminal can inject a computer infection into the device. One of the most famous examples of malicious code for ATMs is the Tyupkin Trojan.
4. Physical impact (opening an ATM)
The most popular ATM robbery method is to smash the device, blow it up, drill. The ultimate goal of the criminal is the safe in which the money is kept. However, such actions are very noticeable, and for the entire operation the thieves will have only 2-3 minutes before the police squad arrives.
Example: video of breaking into an ATM in Chita.
https://www.youtube.com/watch?v=3EraeEmw510
An outdoor surveillance camera at a VTB bank branch in the city of Chita captured a family row while trying to break into an ATM. The robbery ended unsuccessfully.
The reason for hacking ATMs
Small banks are most vulnerable to hacker attacks. All hacks of self-service devices occur due to employee errors: an incorrectly configured ATM network or even the entire bank, incorrectly configured or missing security systems (software whitelists, protection against physical intrusion, etc.), employee negligence, and insider activity. Most ATMs are running Windows XP Embedded, which has a large number of vulnerabilities with an equally large number of exploits for them.
Threat source and risk analysis
All of the above factors pose a threat. However, it is very easy to reduce the number of vulnerabilities: it is important to install CCTV cameras near ATMs, provide authentication between the ATM and the control program, segment the network correctly, use software whitelists, secure access keys, work with staff to avoid leaks of information about the ATM device, the same keys access to them, etc. There are special lines of antivirus software for ATMs, although in some cases malware can disable it.
Hacking ATMs is a huge risk for a bank: both for its money (for example, losses from Tyupkin are measured in hundreds of millions of dollars) and for its image (not all banks have protected depositors' money with insurance). Fortunately, secure and properly configured machines are virtually immune to hacker attacks.
