Here’s how cybercriminals profit from hacking ATMs
5:19

Here’s how cybercriminals profit from hacking ATMs

Privacy
Criminals are interested in return on investment, and the return on investment for an attack like this is much higher, because you can target multiple ATMs without leaving your house. [MUSIC] This is a home-based command centre, think of it as the IT-technician for this crime. This is just a standard ATM. So I'm going to withdraw $40 from this ATM. Select English, [INAUDIBLE] PIN, I'm gonna make sure to protect my PIN. I'm gonna do withdraw checking for 40. We have two X-force red $20 bills. I'm gonna request $40 again. Let's see how much money I can get out. [BLANK_AUDIO] I'll take a receipt, now, this time, in fact, if you look at my receipt, it also says $40. [MUSIC]. From a criminal point of view one of the great things about this attack is that the bank has no idea what's happened. The bank told the ATM to dispense two bills. It has no idea that the attacker modified the response and changed it to 10 bills. And what operating systems do these generally run? You see everything from XP Embedded, XP Windows 7, All the way up to more modern variants of Windows. So you're saying that the most vulnerable versions of Windows are deployed on thousands of ATM machines across the country? Yes, you have a lot of ATMs across the country that still run Windows XP. So the type of vulnerabilities that we exploit initially on an ATM are very common. ATMs are architected a very similar way to home PC. In fact it often times it may be more vulnerable because of the difficulty in patching ATMs that are distributed across the wild geographic area. Most of the ATMs don't have a support staff that are standing there. And that the bank has to send someone out to each ATM to install software. It significantly increases cost. So they're usually very conservative about which patches of which software they push out. This is the receipt printer has the standard USB connection shows up in Windows just like any other printer. You could actually print Word documents on this the same is true for the safe. The cash dispenser is also just a USB device was printed out our own money stopped it up. Once the ATM is compromised, that's where it gets a lot more complicated. An attacker has to know how to communicate with the specialized devices. Each vendor has a separate set of hardware that they're going to be using every piece of software on an ATM has the potential to be a little bit different. So we create our own custom software when we're performing attacks. The attacker can monitor everything that's going on. For example, the attacker can see what's actually displayed on the screen of the ATM and also observe the network traffic. The highlighted text here is the magnetic stripe data from the card. You can see the 4000 is corresponds to the $40 that Charles requested. A lot of people assume that when an ATM withdraws, a process that the bank issues a yes or no response, but in reality it tells the ATM how many bills to dispense. So in the response it told the ATM to dispense two bills, but We can modify it as the attacker change that 02210 so the 10 bills are dispensed Do I need to people do I need to you extracting cash and some attacker sitting in a remote location synced up Conceivably he could do it from right outside the atm but it makes more sense because there's less risk to him being compromised if he can send A low cost criminal employee to go pick up the cash for. [MUSIC] This is us taking control the ATM now notice it goes out of service. [LAUGH] Sometimes criminals may not want to put a card into the ATM for whatever reason and they may just want to dispense money. Is often referred to in the industry as jackpotting. And it doesn't even require a card. David is just going to remotely dispense cash. [BLANK_AUDIO] [MUSIC] How often they're updated often depends On the volume of usage for an ATM, but an ATM like this can hold over $200,000. In fact, in certain rare instances they can be stocked with up to a million dollars. And it's very difficult for banks to detect this in the short run because. ATMs don't have a precise way of measuring how many bills are in the back. It's just a counter. It's really only if the criminals empty the ATM completely of cash that warning bells go off. So a lot of the technology that is needed to defend against these are things that are already on the market. For example, having encrypted network connections between the ATM and the bank. Well, that's been available for for literally decades now, surprising how many banks are still using insecure network communication. When an ATM like this is compromised, it's the consumer that pays and the form of increased fees. [MUSIC]

Up Next

Best antivirus software for Windows (2021 edition)
antivirus-thumb

Up Next

Best antivirus software for Windows (2021 edition)

Which VPN should you pick?
vpn

Which VPN should you pick?

Here's how the pandemic is changing how we shop online
nw-micheleherron

Here's how the pandemic is changing how we shop online

Video game industry targeted by Chinese hackers
jeffrosen-00-00-14-25-still002

Video game industry targeted by Chinese hackers

CISA director: Paper record key to keeping 2020 election secure
krebs-image

CISA director: Paper record key to keeping 2020 election secure

Blackhat 2020: Tech community must help secure elections
matt-blaze-image

Blackhat 2020: Tech community must help secure elections

Chinese hackers charged with allegedly stealing COVID-19 vaccine
chinesehackers

Chinese hackers charged with allegedly stealing COVID-19 vaccine

How to protect your phone (and your privacy) at a protest
gettyimages-phone-protest

How to protect your phone (and your privacy) at a protest

Everything you need to know about stalkerware
stalkerware

Everything you need to know about stalkerware

Tech Shows

The Apple Core
apple-core-w

The Apple Core

Alphabet City
alphabet-city-w

Alphabet City

CNET Top 5
cnet-top-5-w

CNET Top 5

The Daily Charge
dc-site-1color-logo.png

The Daily Charge

What the Future
what-the-future-w

What the Future

Tech Today
tech-today-w

Tech Today

Latest News All latest news

How to Back Up Your iPhone
yt-applestuff-ep04-icloud-v02

How to Back Up Your iPhone

Find Free Wi-Fi Near You to Stay Connected
220630-yt-how-to-get-free-wifi-on-the-go

Find Free Wi-Fi Near You to Stay Connected

A Tour of NASA's Moon Rocket Factory
artemis1

A Tour of NASA's Moon Rocket Factory

Watch What Could Be the World's First Commute in a Personal Flying Vehicle
jetson-one-seq-00-06-21-07-still001

Watch What Could Be the World's First Commute in a Personal Flying Vehicle

Deepfake Expert Reacts to Viral Deepfakes
deepfake-3

Deepfake Expert Reacts to Viral Deepfakes

Fun Amazon Finds Under $50 (July 2022)
amazonjuly2022-master-00-11-19-15-still001

Fun Amazon Finds Under $50 (July 2022)

Most Popular All most popular

Watch What Could Be the World's First Commute in a Personal Flying Vehicle
jetson-one-seq-00-06-21-07-still001

Watch What Could Be the World's First Commute in a Personal Flying Vehicle

SpyraTwo hands-on: The ultimate water gun
spyratwo-2

SpyraTwo hands-on: The ultimate water gun

How to Find Cheap Flights
airlinetickets-master-00-05-36-21-still003

How to Find Cheap Flights

Deepfake Expert Reacts to Viral Deepfakes
deepfake-3

Deepfake Expert Reacts to Viral Deepfakes

Fun Amazon Finds Under $50 (July 2022)
amazonjuly2022-master-00-11-19-15-still001

Fun Amazon Finds Under $50 (July 2022)

The iPhone at 15: How Apple's Phone Became the Center of Your Life
yt-applestuff-ep02-v6

The iPhone at 15: How Apple's Phone Became the Center of Your Life

Latest Products All latest products

E Ink Tablets: Everything You Need to Know
eink-website

E Ink Tablets: Everything You Need to Know

Moto G 5G Review: A $400 Phone That May Have Everything You Need
clip0001-00-00-25-15-still001

Moto G 5G Review: A $400 Phone That May Have Everything You Need

Hands-On: We Got to Try the Sony Xperia 1 IV and Its Zoom Lens
xperiafinalpicsite

Hands-On: We Got to Try the Sony Xperia 1 IV and Its Zoom Lens

Lenovo Legion 7 Gaming Laptops Combine Great Power With Simple, Slim Designs
lenovolegion-00-00-45-13-still003

Lenovo Legion 7 Gaming Laptops Combine Great Power With Simple, Slim Designs

Exploring Meta Store: Facebook Parent Meta's First Physical Retail Space
metastore

Exploring Meta Store: Facebook Parent Meta's First Physical Retail Space

Lenovo's Torrent of Slim-Series Laptops Has Almost Too Many Options
lenovoslim-00-00-03-10-still001.png

Lenovo's Torrent of Slim-Series Laptops Has Almost Too Many Options

Latest How To All how to videos

How to Play Games from PlayStation Plus on PC
psstill

How to Play Games from PlayStation Plus on PC

How to Delete or Disable Your Instagram Account
phoneonorange

How to Delete or Disable Your Instagram Account

Fix Your iPhone Screen With Apple's Self-Service Repair Kit
dsc00641

Fix Your iPhone Screen With Apple's Self-Service Repair Kit

How to Buy a Budget Laptop in 2022
budgetlaptops-00-08-35-15-still001

How to Buy a Budget Laptop in 2022

Google Pay: How to Set Up and Use
googlepay-inhand

Google Pay: How to Set Up and Use

Clean Your AirPods and EarPods Without Damaging Them
yt-howto-clean-airpods-v3

Clean Your AirPods and EarPods Without Damaging Them