In late 2016 we published an article that explained you from start to end on how to blow up an atm. Banks have been fighting this method with new security features on almost all of their ATM machines. Lucky for us eastern european gangs don’t give up so easy. They discovered a new method that requires way less equipment and is even more affective. All that’s required is a little technical knowledge. All the criminals used was a laptop and a small cable. Security Company Kaspersky presented this new technique this week.
It is not a technique for dummies because you will still need a good digital knowledge. According to Kaspersky, the technique has been used at some 12 sites already in Russia and Europe. Kaspersky will not disclose the affected banks and locations, however, they did tell us that one suspect has been arrested.
All that’s needed is a power drill that can drill a hole of more than 7 centimeters. All in all a few minutes of work. The principle is that, once the hole has been drilled you have access to the interior of the ATM machine. The hole is used to lead a small wire through. The wire will be connected to the mainframe of the ATM and the laptop is used to make the ATM spit out bills.
Kaspersky learned about the technique when one of their clients showed an empty ATM with a hole the size of a golf ball. To mask the surgical robbery the thieves had even masked the hole with a sticker. The thieves had connected their laptop through the hole to one of the ATMs serial inputs. In this way, the thieves managed to gain control over the cash dispenser. According to Kaspersky the internal protocol of the ATM was easy to crack and between the modules of the machine no authentication was needed. In short, the thieves were able to give commands to the cash dispenser as if they were coming from another module in the ATM.
Then Kaspersky’s technicians build a microcomputer which was able to control the ATMs. The cost of these components was no more than 10 euros. Once the connection between the Microcomputer and ATM was made it took seconds to make the ATM spit out its cash.
It’s unknown if all types of ATMs are vulnerable but according to Kaspersky, there is one type that can’t be easily protected because it’s software can’t be updated remotely.
According to Kaspersky, there recently exists malware that can infect ATM machines and make then cough up money on any given time. But Kaspersky assesses drilling of the ATMs or variations on this method as a better and quicker way. No computer that thieves can physically reach are safe, the company said.