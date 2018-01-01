18/01/29/1326219 story
posted by martyb on Monday January 29, @10:31PM
from the how-do-you-pull-down-the-handle? dept.
Diebold Nixdorf Inc and NCR Corp, two of the world's largest ATM makers, have warned that cyber criminals are targeting U.S. cash machines with tools that force them to spit out cash in hacking schemes known as "jackpotting."
The two ATM makers did not identify any victims or say how much money had been lost. Jackpotting has been rising worldwide in recent years, though it is unclear how much cash has been stolen because victims and police often do not disclose details.
The attacks were reported earlier on Saturday by the security news website Krebs on Security, which said they had begun last year in Mexico.
The companies confirmed to Reuters on Saturday they had sent out the alerts to clients.
Source: Reuters
Article at Krebs on Security.
(Score: -1, Troll) by Anonymous Coward on Monday January 29, @10:35PM
(Score: 3, Touché) by Anonymous Coward on Monday January 29, @10:38PM (6 children)
A good website would tell us exactly how this hack works.
(Score: 0) by Anonymous Coward on Monday January 29, @10:46PM (2 children)
I'd be happy just knowing what "jackpotting" means. Is this a crime against the ATM/bank, or against the customers, etc.
(Score: 1, Troll) by realDonaldTrump on Tuesday January 30, @12:10AM
I used to run casinos, I know a lot about casinos. In the casinos, we had Video Poker and Slot Machines. And the jackpots were prizes. The more people would play, the bigger the prizes -- the jackpots -- became. Unless someone won, it starts again when someone wins.
Some of the companies that make Slot Machines also make Voting Machines. But they're much more careful about the Slot Machines. Because when you win a jackpot from a Slot Machine -- or you hack it -- the prize is money. But when you win the jackpot from a Voting Machine -- or hack it -- the prize is a job as a politician. And you can make a lot of money that way, but you have to work for it, you have to be smart about making deals. Very easy to hack our elections, not so easy to make the money from it.
The jackpotting, someone hacks the cyber in an ATM. And the money comes right out. The cash shoots out of the ATM. Let me tell you, that's not how we did our jackpots. In a real casino, the machine gives a slip -- a voucher. You win, you bring your slip to the Cage, they take your information -- we had to report to the government. And you get your money, if it's money. We did something fun at Trump Taj Mahal. We made plastic surgery a jackpot. So our winners could LOOK LIKE WINNERS. We gave them Botox, we gave them lipo, we gave them face-lifts. And they looked FABULOUS!!!!
(Score: 2, Interesting) by Anonymous Coward on Tuesday January 30, @12:38AM
My guess is that they trick the machine into just continually spitting out money.
An old casino trick, for the slots, you could stick a reflector up inside. The slot machines used a beam and counted the breaks in the beam to know how many tokens had been spit out. If you placed a reflector in the right spot, the beam would never break, and the machine would spit out an apparent jackpot's worth of tokens.
Now imagine you could do the same with a cash machine where you don't have to explain a large number of tokens to the teller's window.
(Perhaps you found this somewhat easier to follow that the troll's post.)
(Score: 2) by pvanhoof on Monday January 29, @10:48PM (1 child)
Search what version of Windows runs on the ATM;
Either find random exploit that allows some sort of execution of code on that version of Windows;
Or start phishing campaign to get employees of Diebold or another ATM supplier to execute E-Mail attachments and then;
Try to get mallware installed on the TeamCity or Jenkins build environment, to infect their official own binaries;
Try to get mallware installed on the so-called admins responsible for installing the software on the final product;
Investigate in and outs of the software running the valves and pumps and whatever equipment the ATM's computer controls to put money in the bay;
Find ways to influence those hardware-systems;
Make the system open and do the things that make you rich.
(Score: 3, Informative) by DECbot on Tuesday January 30, @12:58AM
From the Krebs article:
After that, the attackers reimage the hard drive with the aforementioned malware, which causes the machine to run a the cash dispenser at "a constant rate of 40 bills every 23 seconds." All the while, the machine will look to be out of service. The dispensing will only stop if the machine is depleted of cash or if cancel is pressed on the ATM's keypad.
Here's the kicker:
Patch your shit! (but not too much--you don't want to hose your Intel microcode)
cats~$ sudo chown -R us /home/base
(Score: 4, Funny) by c0lo on Monday January 29, @11:11PM
There's a documentary. Google for 'Terminator 2 ATM hacking scene'.
Trouble is: you need an Atari.
(Score: 3, Insightful) by Hartree on Monday January 29, @11:03PM (3 children)
Many years back someone used a backhoe to rip a rural ATM out of the wall of a bank near where I live.
I suppose you could armor it up against that, but it would be tough.
(Score: 0) by Anonymous Coward on Monday January 29, @11:14PM
There is a whole thing on YouTube about failed ATM thefts. Some of them are rather funny.
(Score: 2) by c0lo on Monday January 29, @11:18PM (1 child)
Google for 'ATM ram raid', it's not that unusual.
(Score: 4, Insightful) by JoeMerchant on Monday January 29, @11:57PM
But, this doesn't make the news or bother people, because everybody knows how to do it.
What gets people all worked up is the idea that somebody is walking around with a widget in their pocket that can give them free cash at any ATM, and they don't know how to make or get one of those...
