Here’s how cybercriminals profit from hacking ATMs

Privacy
Criminals are interested in return on investment, and the return on investment for an attack like this is much higher, because you can target multiple ATMs without leaving your house. [MUSIC] This is a home-based command centre, think of it as the IT-technician for this crime. This is just a standard ATM. So I'm going to withdraw $40 from this ATM. Select English, [INAUDIBLE] PIN, I'm gonna make sure to protect my PIN. I'm gonna do withdraw checking for 40. We have two X-force red $20 bills. I'm gonna request $40 again. Let's see how much money I can get out. [BLANK_AUDIO] I'll take a receipt, now, this time, in fact, if you look at my receipt, it also says $40. [MUSIC]. From a criminal point of view one of the great things about this attack is that the bank has no idea what's happened. The bank told the ATM to dispense two bills. It has no idea that the attacker modified the response and changed it to 10 bills. And what operating systems do these generally run? You see everything from XP Embedded, XP Windows 7, All the way up to more modern variants of Windows. So you're saying that the most vulnerable versions of Windows are deployed on thousands of ATM machines across the country? Yes, you have a lot of ATMs across the country that still run Windows XP. So the type of vulnerabilities that we exploit initially on an ATM are very common. ATMs are architected a very similar way to home PC. In fact it often times it may be more vulnerable because of the difficulty in patching ATMs that are distributed across the wild geographic area. Most of the ATMs don't have a support staff that are standing there. And that the bank has to send someone out to each ATM to install software. It significantly increases cost. So they're usually very conservative about which patches of which software they push out. This is the receipt printer has the standard USB connection shows up in Windows just like any other printer. You could actually print Word documents on this the same is true for the safe. The cash dispenser is also just a USB device was printed out our own money stopped it up. Once the ATM is compromised, that's where it gets a lot more complicated. An attacker has to know how to communicate with the specialized devices. Each vendor has a separate set of hardware that they're going to be using every piece of software on an ATM has the potential to be a little bit different. So we create our own custom software when we're performing attacks. The attacker can monitor everything that's going on. For example, the attacker can see what's actually displayed on the screen of the ATM and also observe the network traffic. The highlighted text here is the magnetic stripe data from the card. You can see the 4000 is corresponds to the $40 that Charles requested. A lot of people assume that when an ATM withdraws, a process that the bank issues a yes or no response, but in reality it tells the ATM how many bills to dispense. So in the response it told the ATM to dispense two bills, but We can modify it as the attacker change that 02210 so the 10 bills are dispensed Do I need to people do I need to you extracting cash and some attacker sitting in a remote location synced up Conceivably he could do it from right outside the atm but it makes more sense because there's less risk to him being compromised if he can send A low cost criminal employee to go pick up the cash for. [MUSIC] This is us taking control the ATM now notice it goes out of service. [LAUGH] Sometimes criminals may not want to put a card into the ATM for whatever reason and they may just want to dispense money. Is often referred to in the industry as jackpotting. And it doesn't even require a card. David is just going to remotely dispense cash. [BLANK_AUDIO] [MUSIC] How often they're updated often depends On the volume of usage for an ATM, but an ATM like this can hold over $200,000. In fact, in certain rare instances they can be stocked with up to a million dollars. And it's very difficult for banks to detect this in the short run because. ATMs don't have a precise way of measuring how many bills are in the back. It's just a counter. It's really only if the criminals empty the ATM completely of cash that warning bells go off. So a lot of the technology that is needed to defend against these are things that are already on the market. For example, having encrypted network connections between the ATM and the bank. Well, that's been available for for literally decades now, surprising how many banks are still using insecure network communication. When an ATM like this is compromised, it's the consumer that pays and the form of increased fees. [MUSIC]

Up Next

Best antivirus software for Windows (2021 edition)
antivirus-thumb

Up Next

Best antivirus software for Windows (2021 edition)

Which VPN should you pick?
vpn

Which VPN should you pick?

Here's how the pandemic is changing how we shop online
nw-micheleherron

Here's how the pandemic is changing how we shop online

Video game industry targeted by Chinese hackers
jeffrosen-00-00-14-25-still002

Video game industry targeted by Chinese hackers

CISA director: Paper record key to keeping 2020 election secure
krebs-image

CISA director: Paper record key to keeping 2020 election secure

Blackhat 2020: Tech community must help secure elections
matt-blaze-image

Blackhat 2020: Tech community must help secure elections

Chinese hackers charged with allegedly stealing COVID-19 vaccine
chinesehackers

Chinese hackers charged with allegedly stealing COVID-19 vaccine

How to protect your phone (and your privacy) at a protest
gettyimages-phone-protest

How to protect your phone (and your privacy) at a protest

Everything you need to know about stalkerware
stalkerware

Everything you need to know about stalkerware

Prepare for a 'new national surveillance system' in order to wipe out COVID-19
covid19-privacy-final

Prepare for a 'new national surveillance system' in order to wipe out COVID-19

Tech Shows

The Apple Core
apple-core.png

The Apple Core

Alphabet City
alphabet-city.png

Alphabet City

CNET Top 5
top-5.png

CNET Top 5

The Daily Charge
the-daily-charge.png

The Daily Charge

What the Future
what-the-future.png

What the Future

Tech Today
tech-today.png

Tech Today

Cooley On Cars
on-cars.png

Cooley On Cars

Carfection
carfection.png

Carfection

Latest News

Leesa Reserve vs Tempur-Pedic: Which Memory Foam Bed Is Best for You?
The Leesa Reserve mattress and the Tempur-Pedic mattress against a colorful background with a versus logo in the front.

Leesa Reserve vs Tempur-Pedic: Which Memory Foam Bed Is Best for You?

The Future of AR Glasses at AWE 2024
scott-thumb-2

The Future of AR Glasses at AWE 2024

TCL 115-inch TV Unboxing: OMG This Thing is Huge
tcl115inch-00-02-53-17-still001

TCL 115-inch TV Unboxing: OMG This Thing is Huge

Driving 4,000 Miles in Lotus' New EV Was Brutal and I Loved It
lotuscmsstill

Driving 4,000 Miles in Lotus' New EV Was Brutal and I Loved It

A Closer Look at Apple's AI: What We Didn't Hear in the WWDC Keynote
One More Thing Thumbnail

A Closer Look at Apple's AI: What We Didn't Hear in the WWDC Keynote

Dreamfoam Essential Mattress Review: The Ultimate Mattress for RVs and Trailers?
The Dreamfoam Essential mattress against a colorful background with a man's hands pushing down on the side of the bed.

Dreamfoam Essential Mattress Review: The Ultimate Mattress for RVs and Trailers?

Saatva Latex Hybrid Mattress Review: Should You Buy It?
The Saatva Latex Hybrid mattress sits on a bed frame while a man tests the edge of the mattress against a colorful background.

Saatva Latex Hybrid Mattress Review: Should You Buy It?

Lull Original Premium Mattress Review: A Cut Above Lull's Original Bed
The Lull Original Premium mattress with a man laying on top of the bed against a colorful background.

Lull Original Premium Mattress Review: A Cut Above Lull's Original Bed

Nolah Signature Mattress Review: Best Bed for Side Sleepers?
The Casper Wave mattress with a man laying on top of the bed against a colorful background.

Nolah Signature Mattress Review: Best Bed for Side Sleepers?

Our Mattress Experts Unbox Bear's Brand With Scott Paladini
Three people in a room filled with mattresses against a colorful background

Our Mattress Experts Unbox Bear's Brand With Scott Paladini