Criminals who devastated ATMs with the help of the Tyupkin virus are caught
Europol detained criminals who devastated ATMs without using a plastic card - with the help of Tyupkin virus preloaded into an ATM.
First, using a bootable CD, criminals accessed computers installed inside ATMs running one of the old versions of Windows and infected them with malware. This virus had some peculiarities: it turned off the installed anti-virus protection, and also spent most of the week "in hibernation": it took commands from criminals at night - from Saturday to Sunday and from Sunday to Monday. Also, the trojan could disable the local network so that the bank’s services could not remotely connect to the ATM and check what was happening to it.
In order to receive money, the attacker approached the infected ATM and entered a certain PIN code, after which he got access to a secret command menu, from where it was possible either to start the money issuing process or to perform operations with the Trojan itself, including deleting it.
')
Thus, in Eastern Europe, through the infection of more than 50 ATMs, criminals received money worth hundreds of thousands of dollars, without causing any suspicion.
According to Kaspersky Lab, “So far, hackers have learned how to infect ATMs of only a certain manufacturer, but nothing prevents them from going further and compromising other models. If manufacturers and banks do not take care of more advanced physical security of ATMs, such stories will be repeated more often. ”
Thus, the arrest of eight people caught as a result of searches in Romania and the Republic of Moldova may not stop this type of fraud, ATM manufacturers and financial institutions should be on the alert: change all passwords that are set by default, and most importantly - review physical protection measures their ATMs, because opening an ATM is not as difficult as it seems:
.
Well, do not forget that recently there was another story with the use of ATMs in Eastern Europe, the fraud in which also did not affect customers of banks, namely: Hackers invented a new money-stealing scheme, stealing 250 million rubles .
Then the offender received a payment card, replenished it and immediately removed the money made at an ATM, asking for a check. The transaction data was then sent to an accomplice who had access to infected POS terminals. Through the terminals, according to the code of operation, cancellation of cash withdrawal was formed. As a result, the card balance was instantly restored and the “attacker” money appeared in the account of the attacker. The criminals repeated these actions many times until cash came to an end at ATMs, modifying their scheme after the banks corrected the error. Several lawsuits against the perpetrators were opened, the “money mules” were from London, Ukraine, Latvia and Lithuania.
Link to of. news about the detention of eight people on the Europol website.
Additional information about hacking ATMs and the Tyupkin virus can be found here: “How“ Tyupkin ”robbed ATMs” , “Tyupkin: manipulating ATMs with malware” , “Attacking an ATM with Raspberry Pi” .
UPDATE from 05/19/2016: in Kiev The criminals who infected ATMs with a virus caught on hot
First, using a bootable CD, criminals accessed computers installed inside ATMs running one of the old versions of Windows and infected them with malware. This virus had some peculiarities: it turned off the installed anti-virus protection, and also spent most of the week "in hibernation": it took commands from criminals at night - from Saturday to Sunday and from Sunday to Monday. Also, the trojan could disable the local network so that the bank’s services could not remotely connect to the ATM and check what was happening to it.
In order to receive money, the attacker approached the infected ATM and entered a certain PIN code, after which he got access to a secret command menu, from where it was possible either to start the money issuing process or to perform operations with the Trojan itself, including deleting it.
')
Thus, in Eastern Europe, through the infection of more than 50 ATMs, criminals received money worth hundreds of thousands of dollars, without causing any suspicion.
According to Kaspersky Lab, “So far, hackers have learned how to infect ATMs of only a certain manufacturer, but nothing prevents them from going further and compromising other models. If manufacturers and banks do not take care of more advanced physical security of ATMs, such stories will be repeated more often. ”
Thus, the arrest of eight people caught as a result of searches in Romania and the Republic of Moldova may not stop this type of fraud, ATM manufacturers and financial institutions should be on the alert: change all passwords that are set by default, and most importantly - review physical protection measures their ATMs, because opening an ATM is not as difficult as it seems:
.
Well, do not forget that recently there was another story with the use of ATMs in Eastern Europe, the fraud in which also did not affect customers of banks, namely: Hackers invented a new money-stealing scheme, stealing 250 million rubles .
Then the offender received a payment card, replenished it and immediately removed the money made at an ATM, asking for a check. The transaction data was then sent to an accomplice who had access to infected POS terminals. Through the terminals, according to the code of operation, cancellation of cash withdrawal was formed. As a result, the card balance was instantly restored and the “attacker” money appeared in the account of the attacker. The criminals repeated these actions many times until cash came to an end at ATMs, modifying their scheme after the banks corrected the error. Several lawsuits against the perpetrators were opened, the “money mules” were from London, Ukraine, Latvia and Lithuania.
Link to of. news about the detention of eight people on the Europol website.
Additional information about hacking ATMs and the Tyupkin virus can be found here: “How“ Tyupkin ”robbed ATMs” , “Tyupkin: manipulating ATMs with malware” , “Attacking an ATM with Raspberry Pi” .
UPDATE from 05/19/2016: in Kiev The criminals who infected ATMs with a virus caught on hot
Source: https://habr.com/ru/post/274679/
All Articles