Submitted via IRC for SoyCow8317
Imagine winning the lottery and having an ATM spit huge amounts of cash at you. That's exactly what some cyber criminals are after. They're targeting ATMs and launching "jackpotting" attacks, forcing them to dispense bills like a winning slot machine. Already this year, the U.S. Secret service has warned financial institutions of such attacks.
Security researcher Barnaby Jack demonstrated such an attack and amazed attendees at Black Hat when he made two unpatched ATMs spit out cash on stage. For the most part, however, jackpotting was little more than a hypothetical until recently.
Now, with confirmed strains of malware like Ploutus.D being used in ATM jackpotting attacks on U.S. soil, jackpotting can be added to the growing list of popular ATM attack types, including skimming, shimming and network-based attacks. Here we examine various ATM attack techniques and offer security recommendations to protect against them.
Source: ATM attacks: How hackers are going for gold
(Score: 4, Funny) by Anonymous Coward on Saturday May 12 2018, @02:31PM (4 children)
Ok, got it.
That's.. kinda weird, and rather pointless since apparently I've won the lottery.
(Score: 0) by Anonymous Coward on Saturday May 12 2018, @03:58PM (2 children)
If I won the lottery I just might buy some of these ATMs so they can spit money at me whenever I need to pick my spirits up.
(Score: 3, Funny) by Runaway1956 on Saturday May 12 2018, @04:38PM
You'll find more spirits at the package store or liquor store than at an ATM.
(Score: 2) by MostCynical on Saturday May 12 2018, @09:59PM
Surely you can pay someone to pick up the spririts and do all your shopping.
Or just pay someone to make you feel better.
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 2) by realDonaldTrump on Sunday May 13 2018, @01:02AM
Cash is nice for so many things. For strippers, for anything that needs to be off the books. Less paperwork!
(Score: 1, Insightful) by Anonymous Coward on Saturday May 12 2018, @02:43PM (4 children)
I take it the OS on these machines is Windoze, for lower total cost of pwnership?
(Score: 2, Informative) by Anonymous Coward on Saturday May 12 2018, @03:17PM (3 children)
This made me remember a similar way of thinking aboard cruise ships.
The bridge had software to manage radar and ship status for balance, direction, watertight areas, and so on. I noticed clearly it was made using Motif, the widgets, the fonts, the mousepointer was black and turned the other side on menu selections, etc. And all that was running under windows xp! The wtf moment was galactic!
I asked the IT manager onboard how it was possible that a native unix/linux application was ported to run on windows on a ship sized like a small city, wondering how productive that was, how stable that was, how resource efficient that was. His response was, "it is cheaper for the company to employ windows admins who would install and configure that software however complicated it is, compared to linux equivalents doing it on the same exact hardware. And they are much easier and abundant to find everywhere."
The company was MSC Cruises. All computers on it run pirate copies of Windows, office, adobe, and everything else.
You would think stability and robustness is important on a ship that size and with so many people. Well no. The only important thing is to make money and keep costs as low as possible by any means.
(Score: 3, Funny) by Anonymous Coward on Saturday May 12 2018, @04:01PM (1 child)
Wait, pirate software on a cruise ship? But ... how ... won't that ... um ...
(Score: 2) by Gaaark on Saturday May 12 2018, @11:36PM
Yarrrr...it's run by Captain Feathersword!
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 1, Insightful) by Anonymous Coward on Saturday May 12 2018, @09:53PM
Even if turd polishers are a dime a dozen, you're still running life critical stuff on a turd of an OS.
I see a "but everyone is doing it" defense lining up when the ship is stuck in the water, and the turd polishers can't fix the problem by rebooting.
(Score: 2) by Runaway1956 on Saturday May 12 2018, @03:22PM (6 children)
How do we define "huge amounts of cash"? I wonder if we can do a risk analysis here. What is the likelihood that picking up all that cash exposes you to video surveillance? And, that facial recognition works well enough to identify you? Presuming that you actually have time to spend all that cash before the cops kick your door down - what is your annual profit from hitting that "jackpot"? You get maybe $20,000 from a couple ATM's, then spend 20 years in jail - it doesn't sound so much like "huge amounts of cash". I might consider this technique for making "huge amounts of cash" if there were some revisions in the law, that would limit my jail time to a week.
(Score: 0) by Anonymous Coward on Saturday May 12 2018, @04:05PM (4 children)
All ATMs have cameras in or around them, so you are going to be on video whether you are picking up lots of cash or just squeezing the last $20 out of your checking account before payday. My guess would be that these jackpotters are either wearing a disguise, are not local to the area, or both.
(Score: 2) by Runaway1956 on Saturday May 12 2018, @04:36PM (3 children)
And, disguises never fall off, get blown aside, or otherwise fail. So, you're picking up a wad of cash, and your tyranosaurus rex head falls off, and you're on the evening news, coast to coast.
I wonder if facial recognition is confused by clown makeup?
(Score: 2) by takyon on Saturday May 12 2018, @05:15PM (1 child)
"Do you wanna know how I got these scars?"
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 3, Touché) by JNCF on Saturday May 12 2018, @05:32PM
Why so serious, bATMan?
(Score: 1, Touché) by Anonymous Coward on Saturday May 12 2018, @06:19PM
Actually, a ski mask is pretty foolproof. In fact if you can't handle something as simple as a ski mask you probably can't handle something as complicated as jackpotting an ATM.
Possibly. Many humans are confused by clown makeup.
(Score: 2) by requerdanos on Saturday May 12 2018, @06:13PM
Very, very low. [soylentnews.org] It would make more sense to worry about being struck my a meteorite during your escapades.
A bank employee looking at the video, and at you, and saying "yep that's the guy", on the other hand, is a danger in its own right.
(Score: 2) by realDonaldTrump on Sunday May 13 2018, @12:18AM
You put money into the machine. And instead of a candy bar, you get a gold bar. Or a coin. The best thing I know about me, is that I'm rich. But I don't have one of those machines yet.