Criminals infecting ATMs with a virus caught hot
In Kiev, the criminal group was neutralized, which specialized in secret penetration into the service parts of ATMs and further infection with the malicious program code of the operating system of ATMs, which resulted in unauthorized disbursement of funds. Ukrainian banks suffered damage in the amount of more than 5 million hryvnia, and similar cases of ATM infection occurred in Lviv and other regions of Ukraine.
Employees of the Cyber Police Department of the National Police of Ukraine together with employees of the Carpathian Cyber Police Directorate and the Darnitskiy UE GUNP (Police Directorate of the Main Directorate of the National Police) obtained permits to conduct searches at the place of residence, at the places of virus software development and in cars.
And on May 13, 2016, it was quickly determined that this group of people was preparing for another ATM infection in the territory of Kiev, and it was decided to detain the criminals red-handed.
')
So, in the city of Kiev on the street Grishko, 6, the cyber police officers conducted a set of activities and four members of the criminal group were detained on a hot one.
6 minute video available:
After the procedural events at the crime scene, 10 authorized searches were conducted in the territory of the city of Kiev, Kiev and Lviv regions. More than 20 units of computer equipment, about 50 bank cards issued both in the names of defendants and foreign persons were found and seized.
In addition, parts of ATMs were withdrawn at the place of residence of the detainees (displays, receipt printers, tapes, card collectors and hard drives). Rough entries and bookkeeping confirming illegal activities, POS terminals, as well as a device for reading / writing technical information on bank cards magnetic tapes have been withdrawn.
Remarkably, two ATMs were withdrawn, which were bought by offenders in order to test the malicious code and improve it. As can be seen in the photo above, the ATMs or their parts previously belonged to the Ukrainian bank Nadra, in which in the middle of 2015, the banking license was revoked. The property of the bank was sold on electronic auctions in another way. Apparently, this is how the criminals purchased the ATMs of this bank.
All detainees are citizens of Ukraine. One of the attackers came from the Lviv region, others from the Luhansk and Dnepropetrovsk regions. Militiamen suspect detainees of involvement in 30 facts of theft of money throughout Ukraine. Malicious software, according to the Cyber Police, was developed by the attackers themselves. However, I would like to remind you of a similar situation - infection of ATMs with viruses and detention of criminals - it was described by me earlier: Criminals who empty ATMs with the help of Tyupkin / Habrahabr virus were caught . Then the opinion was voiced that not only Diebold ATMs are vulnerable (in the photo above is the Wincor Nixdorf ProCash ATM), but viral software can be sold on underground forums. As you can see, this happened in reality.
Source: Department of Cyber Police , Ministry of the Interior
Employees of the Cyber Police Department of the National Police of Ukraine together with employees of the Carpathian Cyber Police Directorate and the Darnitskiy UE GUNP (Police Directorate of the Main Directorate of the National Police) obtained permits to conduct searches at the place of residence, at the places of virus software development and in cars.
And on May 13, 2016, it was quickly determined that this group of people was preparing for another ATM infection in the territory of Kiev, and it was decided to detain the criminals red-handed.
')
So, in the city of Kiev on the street Grishko, 6, the cyber police officers conducted a set of activities and four members of the criminal group were detained on a hot one.
6 minute video available:
After the procedural events at the crime scene, 10 authorized searches were conducted in the territory of the city of Kiev, Kiev and Lviv regions. More than 20 units of computer equipment, about 50 bank cards issued both in the names of defendants and foreign persons were found and seized.
In addition, parts of ATMs were withdrawn at the place of residence of the detainees (displays, receipt printers, tapes, card collectors and hard drives). Rough entries and bookkeeping confirming illegal activities, POS terminals, as well as a device for reading / writing technical information on bank cards magnetic tapes have been withdrawn.
Remarkably, two ATMs were withdrawn, which were bought by offenders in order to test the malicious code and improve it. As can be seen in the photo above, the ATMs or their parts previously belonged to the Ukrainian bank Nadra, in which in the middle of 2015, the banking license was revoked. The property of the bank was sold on electronic auctions in another way. Apparently, this is how the criminals purchased the ATMs of this bank.
by the way, ATMs
now you can still buy
All detainees are citizens of Ukraine. One of the attackers came from the Lviv region, others from the Luhansk and Dnepropetrovsk regions. Militiamen suspect detainees of involvement in 30 facts of theft of money throughout Ukraine. Malicious software, according to the Cyber Police, was developed by the attackers themselves. However, I would like to remind you of a similar situation - infection of ATMs with viruses and detention of criminals - it was described by me earlier: Criminals who empty ATMs with the help of Tyupkin / Habrahabr virus were caught . Then the opinion was voiced that not only Diebold ATMs are vulnerable (in the photo above is the Wincor Nixdorf ProCash ATM), but viral software can be sold on underground forums. As you can see, this happened in reality.
Source: Department of Cyber Police , Ministry of the Interior
Source: https://habr.com/ru/post/301196/
All Articles