Last month the new broke of some savvy hackers pulling off a never-before-seen scheme in Europe. As BBC reported, this operation came to light at the Chaos Communication Congress in Hamburg, Germany, an annual event where hackers from all over the world go to meet.
This group of hackers crafted ATM-attacking malware and then loaded it onto USB drives, cut holes into a number of ATMs, and installed their code onto the machines. After the code was installed, the hackers patched the holes they created and were on their way.
Once the code was transferred onto the ATM, the malware could be accessed by any of the hackers by entering a 12-digit code into the ATM. This would prompt a special interface to appear, through which the hackers were able to steal money from the machines.
Their software displayed how much money was in the machine by listing the available amount in each denomination of note, and then gave menu options to withdraw each kind. Researchers who analyzed the malware determined that this was to minimize the amount of time the hackers would have to be at the ATM. This way they could withdraw the largest amount in the highest value banknotes and be gone quickly.
Analysis also indicated that the group of hackers likely did not trust one another, because they installed a security code in their software that required second-party confirmation. After inputting the first code in the ATM, the individual was prompted with a request for a second code before the machine dispensed any cash. The only way to get the second code was to call another hacker in the organization to get it. If the code wasn’t input within three minutes, the ATM returned to its normal state.
The name of the European bank branch that was affected was not released, nor were the names of the researchers who brought the information about this scam to the public. The hackers have not yet been identified, but the researchers concluded the group had done extensive work to make their malware software difficult to analyze.