Hackers cause ATMs to disgorge cash — hands free

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

By Byron Aco­hi­do, ThirdCertainty

CANCUN – The sleuthing to track down the Car­banak cyber gang began with a sur­veil­lance video of an ATM machine out­side a Star­bucks café.

In the video, an uniden­ti­fi­able per­son in a hood­ed over­coat waits a few feet from the machine, and moves toward the machine, a moment before it spits out a wad of cash.

The per­son steps back, appears to text mes­sage some­one, then moves back to the machine in per­fect tim­ing to receive anoth­er wad of cash, with­out ever swip­ing a pay­ment card or reach­ing to the touchpad.

The video was shown at the Kasper­sky Secu­ri­ty Ana­lyst Sum­mit here today. It put Kasper­sky Lab ana­lyst Sergey Golo­vanov and col­leagues on the trail of the group behind this operation.

The New York Times on Sat­ur­day broke details of the pro­file Kasper­sky ana­lysts were able to sub­se­quent­ly build.

The Car­banak gang is a mul­ti-nation­al cyber­crime ring that has robbed as much as $1 bil­lion dol­lars from some 100 banks world­wide in less than two years. They used phish­ing attacks to infect­ed com­put­ers of cer­tain employ­ees at tar­get­ed banks, and used that as a foothold to recon­noi­ter the inter­nal oper­a­tions of each vic­tim bank.

It made no dif­fer­ence what soft­ware the vic­tim banks used. “Once they got into the net­work, they learned how to hide their mali­cious plot behind legit­i­mate actions,” Golo­vanov said. “It was a very slick and pro­fes­sion­al cyber robbery.”

Golo­vanov this morn­ing dis­closed some fresh details:

  • The gang cap­tured stream­ing video from employ­ees doing dai­ly inter­nal bank­ing oper­a­tions. They then cre­at­ed video tuto­ri­als on how to manip­u­late cash bal­ances and cash transfers.
  • Once cash trans­fers began, large sums moved into accounts con­trolled by the gang for sev­er­al hours with­out any­one notic­ing. Typ­i­cal loss­es ranged from $2.5 mil­lion to $10 mil­lion per bank.
  • The $1 bil­lion loss esti­mate breaks down to $300 mil­lion tak­en from Kasper­sky finan­cial sec­tor clients, $300 mil­lion worth of loss­es report­ed through Inter­pol and anoth­er $300 mil­lion through Europol, and an esti­mat­ed $100 mil­lion that has gone unre­port­ed to any authorities.

Join­ing Kasper­sky researchers on stage was Peter Zinn, senior tech crimes advi­sor, for the Dutch Nation­al Police.

Zinn out­lined how Kasper­sky ana­lysts approached him with their ear­ly find­ings and how law enforce­ment worked with pri­vate indus­try sub­se­quent­ly col­lab­o­rat­ed with the secu­ri­ty com­pa­ny, with­in the lim­its of Europe’s strict pri­va­cy laws, to dis­rupt Car­banak gang’s operations.

There were no vic­tim banks in the Nether­lands, but Dutch police warned Dutch banks to be on alert for the Car­banak gang’s sig­na­ture attacks. Zinn looped in Europol and for­mal alerts were sent through­out Europe.

3C’s  newslet­ter: Free sub­scrip­tion to fresh analy­sis of emerg­ing exposures



Posted in Data Breach, News & Analysis