Hackers in Europe managed to target several cash machines from an unnamed bank earlier last year by infecting them with malware from USB drives, BBC News reports. The researchers who discovered the hack detailed their findings at the Chaos Computing Congress in Hamburg, Germany recently. According to their report, the ATM thefts were discovered in July after a bank noticed how its machines were emptied of cash even though the cash should have been protected inside safes. The bank then discovered how criminals were cutting holes into ATMs in order to transfer malware from the USB to the ATM. Once the data transfer was complete, the holes would be patched up to conceal the attack.
To withdraw money, hackers would then enter a 12-digit code that brought up a special menu showing how much of each currency denomination was available within the ATM. The thieves would then withdraw the highest value banknotes in order to spend as little time as possible in front of ATMs and thus avoid suspicion.
Interestingly, in order to prevent untrusted fellow gang members from withdrawing money from the compromised ATMs, the hackers used a double sign in mechanism. In addition to the 12-digit code, the thief would also have to enter a second code in response to a unique random sequence of numbers shown on the ATM. The response came via a phone call from another gang member, meaning that at least two people would be involved with each ATM heist. The machine would return to its normal state after three minutes of malicious inactivity.
The research has shown that the hack did not actually target data from regular customers using the machines, and instead focused only on directly retrieving the money. As for the code itself, the hackers “had gone to great lengths to make their malware code hard to analyze,” BBC writes, with researchers concluding that the hackers must have “profound knowledge of the target ATMs.”