The BBC is reporting that hackers have found a way to get Automatic Teller Machines (ATMs) to spit out cash, and even have systems worked out that allow them to return to the same machines over and over again to continue draining them of bills.
Details of how the hackers were pulling off the cyber-heists were presented at the Chaos Communication Congress in Hamburg. Apparently, the activity was the work of gangs, but required detailed knowledge of how the machines worked.
Gang members would approach an ATM, cut a hole in a particular spot, exposing a USB port. They would then plug in a USB stick that contained a batch file that launched and displayed information on the ATM screen. Using a 12-digit code, the hacker would determine how much money was in the machine, and in what denominations. They would then proceed to command the machine to spit out only the largest-denomination bills, apparently to minimize their time in front of the machine, thus exposing them to potential arrest.
One interesting twist to how the hackers operated was that they instituted a two-step coding process that required the member at the ATM to call another member to process a second input number. Thus, no gang members could go solo and empty ATMs all over town without the knowledge of other members.
When the cyber-heist was over, members would patch up the hole they had cut, hiding evidence of their crime, but also allowing them to return to the same machine on other days, remove the patch, and plug in more quickly this time.
So far, no arrests have been made in the crimes.
Image via ThinkStock