Friday 25 November 2016

Malware is Making ATMs 'Spit Cash'

We all know our ATM passwords and have vowed to carry this little secret to our grave because that is sufficient to keep our money safe. What if multiple people withdraw money from your account from several ATM machines even after not knowing your password? No, I’m not talking about a video game. You may now curse the genius hackers, but all of these things are now possible in real life.

Recently, a cyber security firm from Russia has warned about a series of coordinated hacks on the ATM machines. The centralized system of the bank was hacked thereby leading to disgorge of money from several ATMs without the instant knowledge of the bank officials and the account holders.


The activity is conducted by using a program dubbed by Cobalt, an infamous hacker group, to gain access to the bank accounts and in turn, the ATMs. The process has been named “touchless jackpotting”. The machines are not physically tampered with. This is done by penetrating a testing tool into the bank computers and then infecting them with malicious emails for accessing ATM controller servers. All that some accomplice has to wait in the appropriate ATM booth at the right time to collect the money oozing out of the ATM machine.


In earlier days, the hardware based method of robbing where the card information was stolen, was more common. The new method that includes hacking is however much more dangerous because it is actually a smart way to rob a bank, where groups of ATMs are infected simultaneously. So, this method brings twice the money than the old way could, into the sinner’s pockets, that too in a shorter time and with lesser chances of going behind the bars.


The key to solving any financial hacking is following the money. However, this is very difficult in this method because the money is collected in person from different ATM booths. The information of the hack is known only after the money has been withdrawn from the ATMs. Even if the cybercrime police hold links to gain information about Cobalt, they can hardly ever get fortunate enough to turn up at the specific location on the specific time. Moreover, the money mules often do not know the hackers as the hackers may not have met them in person .So even if they get caught; it is very difficult to catch the masterminds behind the entire play.


The Cobalt group might have joined hands with other big groups of hackers like Buhtrap to raid the ATMs of 14 countries so far, that includes Poland, Spain, Britain, Russia, Romania and Netherlands.

The banks can place their ATM machines under the full view of a security camera and with security personnel at the doorstep so that the money mules can be caught easily. The bank employees must be trained to look for any suspicious threats.

Till then, all you can do is protect your ATM password!

No comments:

Post a Comment

Note: only a member of this blog may post a comment.