• 3 hours How Climate Change Is Impacting Global Hunger
  • 6 hours Hacks, Bugs And Exploits: Growing Pains For The $4 Billion Blockchain
  • 8 hours Debunking The A.I. Productivity Myth
  • 24 hours Coca-Cola Hints At Cannabis Product
  • 1 day Saudi Wealth Fund Pumps $1B Into Tesla Rival
  • 1 day Major Financial Institutions Are Planning Crypto Products
  • 1 day Is A Market Meltdown Looming?
  • 2 days Is A Four-Day Workweek Feasible?
  • 2 days This Millennial Brokerage Is Coming To Tesla’s Rescue
  • 2 days $2.7 Billion In Assets To Be Auctioned Following Anti-Corruption Crackdown
  • 2 days Capital Churn, Avocado Toast And The Gold Standard
  • 3 days The New Ultra-Wealthy Benchmark Is $50 Million
  • 4 days Mastercard’s New Global Trade Hedge
  • 5 days Turkish Central Bank Finally Moves To Contain Inflation
  • 5 days U.S. Coal Exports At Risk As Hurricane Florence Nears
  • 5 days Universal Basic Income: Is This The Crypto End Game?
  • 6 days Poll: 80% Of Consumers Bullish On Bitcoin
  • 6 days UK Unicorn Eyes Flying Taxis By 2022
  • 6 days Zuckerberg Outlines Facebook's Plan To Combat 'Fake News'
  • 6 days Is Venezuela Privatizing Some Of Its Oil Fields?
The World’s Largest Cybercrime Empire

The World’s Largest Cybercrime Empire

A leading cybersecurity company has…

Social Media Giants Crack Down On Global Info War

Social Media Giants Crack Down On Global Info War

There’s an overlooked geopolitical showdown…

Alex Kimani

Alex Kimani

Writer, Divergente Research LLC

Alex Kimani is a veteran finance writer, investor, engineer and researcher for Divergente Research LLC and Safehaven.com. 

Contact Author

  1. Home
  2. Tech
  3. Internet

Did North Korean Hackers Just Steal $13M From Global ATMs?

Hax

Three days ago, the FBI warned of a potential ATM hack that could hit bank accounts in locations far and wide in a ‘cashout’ attack similar to one that hit 2,100 ATMS in 2009.

Turns out, the cybercrime sleuth was incredibly prescient on that one.

Hackers have managed to infiltrate the systems of India’s Cosmos Bank to steal $13 million from ATMs across 28 countries, including Canada and Hong Kong. Roughly 12,000 transactions were carried out over a period of two days after hackers infected cash machines in India with malware in a highly choreographed fraud scheme popularly known as ‘ATM Jackpotting.’

Cosmos Bank says the malware created a proxy switch that authorized all the fraudulent payment approvals.

The hackers are yet to be identified, though fingers have started pointing at North Korea’s notorious Lazarus Group that managed to lift $81 million from a Bangladeshi bank in 2016 that, incredibly, lacked a firewall and used cheap $10 switches to connect the bank’s payment systems to the internet.

How ATM Jackpotting Works

Back in 2010, a computer hacker by the name Barnaby Jack raised the specter of ATM logical attacks (aka jackpotting) during the annual Black Hat conference in Las Vegas.

It appears that banks did not pay much attention.

Years later, hackers have refined and perfected Jack’s methods. Related: This Tech Giant Is Pushing For Blockchain Adoption

Jackpotting attacks have targeted a long list of countries, including Mexico, Malaysia, Thailand, Romania, Belarus, Bulgaria, Estonia, Georgia, Poland, Russia, Kyrgyzstan, Armenia, Spain and the U.K. And, even though hackers tend to prefer banks like the Bangladeshi one with poor cybersecurity and infosec systems, they have carried out successful attacks in Japan, and finally in the United States in January this year.

But how do these attacks work?

To perform a successful attack, cybercriminals need to gain physical access to the target ATM machine where the hackers can install their malware or sometimes electronic hardware or a combination of both to control the operations of the ATM machine. The malware installers are pretty sophisticated, using endoscopes—narrow, tube-like devices with cameras used by doctors and surgeons to see inside the human body—to see inside the ATM machine.

Once they detect a place where they can attach a computer cable, they sync the machine’s computer to their laptops. Fraudsters usually dress as ATM technicians and carry a laptop with a mirror image of the ATM’s operating system as well as a mobile device to the targeted ATM machine. ATMs running on Windows XP tend to be particularly vulnerable.

(Click to enlarge)

Source: Krebs on Security

In the U.S., the hackers have been targeting stand-alone ATMs using an advanced strain of malware known as Ploutus.D. Stand-alone ATMs include drive-thru ATMs or those located in pharmacies and big-box retailers. Front-loading ATMs by ATM vendor Diebold Nixdorf have mostly been targeted.

Related: Venezuela’s Gold Reserves Are Reaching Critical Levels

Once the malware installation is complete, the infected ATM is now under the remote control of the fraudsters. Usually it will display an Out of Service message on the screen to other customers. At this point, the hackers will start a dispense cycle.

For Ploutus.D attacks in the U.S., the ATM continuously dispensed cash at the rate of 40 bills every 23 seconds, and continued until the machine had been completely emptied of cash.

It’s estimated that the U.S. hackers were able to net about $1 million in a string of attacks.

Should Consumers Be Worried?

Security experts say that jackpotting attacks do not jeopardize consumer information or funds. So far, there are no reports of any individual accounts that have been compromised by the attacks. The onus is on banks to upgrade and improve their systems to protect themselves from these attacks.

By Alex Kimani for Safehaven.com

More Top Reads From Safehaven.com

Back to homepage

Leave a comment

Leave a comment