A unnamed European bank chain fell victim to a software hack on its range of ATMs earlier this year, and researchers have figured out how it was done. The researchers, who wish to remain anonymous found that criminals cut holes in the armored exterior of machines, to plug in malware-laden USB flash drives installing code into the ATMs that allowed the thieves access to the cash dispensing functions of the device.
According to the BBC
, details of the hack was presented at the Chaos Communucation Congress
in Germany. After the ATMs were drained with no damage to the safe inside the machine, surveillance found that once the malware had been installed, the thieves patched up the holes, which prevented the extent of the attack from being noticed for months.
The software, which required both a 12-digit code entered at the ATM and a follow-up code given to the thieves over the telephone by a coordinating authority distrustful of the thieves, launched a custom interface that displayed the remaining bills in the machine, along with options to dispense the highest denomination. This allowed the amount of time at the machine, and under surveillance, to be kept to a minimum.