Crime investigators detected how cash machines of a European bank were hacked and infected with a malicious bug. The hackers were cutting hole in the fascia to infect the machine with malicious code via USB sticks.
Speakers at the hacker-themed Congress in Hamburg described the attacks, which infected an unnamed European bank by installing bug programs on cash machines.
The two specialists who presented the report asked not to be named. In July it was found out that several cash machines were emptied entirely despite security precautions without the safe being damaged.
The bank decided to increase security after the first attacks and was able to spot the gang drilling holes in front of the machines before inserting a USB flash drive. Once the virus had been transferred, they patched the holes up. This allowed the same machines to be robbed several times without the hack being discovered.
To activate a program the intruders input a 12 digit code at any time which launched a special interface.
The virus analysis revealed that the software showed how many of each denomination of banknote were in the machine, and asked how much of each it should dispense. This enabled the attackers to focus on the highest value banknotes and minimize their exposure as the investigators explain.
However, it seems that the crime boss suspected that someone from the gang could skip off from their business with the malware aiming to start on his own.
To prevent individuals in the group from stealing money themselves, the hackers had to enter the second code depending on digits displayed on the screen. The thief could only obtain the right code by phoning another gang member and telling them the numbers displayed. They had only 3 minutes at their disposal to handle the trick.
The investigators note that the gang must have had a "profound knowledge" of cash machines operation in order to develop, install, and disguise the software in such an efficient manner. However, they added that the approach did not extend to the software's filenames - the key one was called 'hack.bat'.
