Cyber criminals hacked ATMs in Europe by injecting malware through USB to break into it

Two researchers making a study about the anonymous thefts going on in European Bank ATMs have now revealed that how hackers targeted ATM machines by injecting a  Malware and installing it into the ATM machine via USB.  The details of the attack was revealed by two anonymous researchers during Chaos Computing Congress going on in Hamburg, Germany.The two researchers who have asked not to reveal their names, presented on how Hackers recently hacked into an unknown European bank’s ATM. The theft which was made from this Banks ATM, came in light in July 2013. when several of its ATM were hacked and money stolen, despite the use of failsafe security apparatus.  It was only after that, the surveillance was increased and finally it was revealed how they were being targeted.

Researchers confirmed that hacker used a USB installed with Malware for the attack.  The hackers deliberately cut holes in order to plug in the USB containing the Malware that installed the code into the ATMs.   Once the malware was injected the hackers would then patch the hole. This way the banks employees wouldnt notice anything amiss when their security inspections or ATMs where filled up with cash.   After patching the ATM with the malware, the hackers could gain access to the machine with a 12 digit code, providing them a unique interface on the ATM screen, giving information on the amount of money available in each denomination of note and presented unique menu to withdraw the amount they need and in the denomination they needed.  And obviously the hackers then went on to withdraw the highest denomination Banks notes available at that time in the ATM.

It was very interesting to know how the technique and Malware used by the Hackers in gaining entry into the ATMs Master Record.  At this moment, the Researchers who gave information about this Malware injection ATM theft have said that the hackers went to deliberate length to keep the technique a secret about  the files the hackers used other than the fact that the main execution file that was used was named hack.bat.  It also seems plausible that the original brain behind this malware may have developed cold feet and sold the Malware on some underground sites to anyone. But the other side of the coin offers another clue.  The Malware was designed in such a way that before the money could be released hackers are asked to enter a second code in response to the random sets of Digits displayed on the screen. If a valid code is not entered the ATM Machine would switch back to its normal pre-hack interface in 3 minutes.  Obviously the second code could only be known to the inventor of this malware.  From this ingenuity, it is also plausible that the master mind behind this hack was keeping tabs on who ever was using his invention and he was concerned that the user may ditch him/not give him his share.  The researchers summarised there study with a note that the hackers seem to have “profound knowledge of the target ATMs” and had gone to great lengths to make their malware code hard to crack and discover.