Information Security News mailing list archives
ATM hack lets criminals take 'wads of cash'
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 9 Oct 2014 08:39:19 +0000 (UTC)
http://www.theweek.co.uk/business/60787/atm-hack-lets-criminals-take-wads-of-cash The Week 9 OCT 2014A flaw in cash machine software is letting criminals withdraw money without using a bank card.
Security firm Kaspersky Labs identified the problem, leading Interpol to mount a widespread investigation across the USA, India, France, Israel, Malaysia and China.
ATMs infected with malicious software can be instructed to give out 40 notes at once by entering a series of digits on the keypad. Fraudsters do not require a credit or debit card to carry out the scam.
The hack, known as Tyupkin, requires criminals to enter a unique code into a machine that has already been compromised by the malware. A second Pin code – a random sequence of numbers generated at another location – is also needed to unlock the machine before it will dispense the cash.
Security analysts say that this double-Pin system ensures that the hacker generating the algorithms maintains control over when and where money can be stolen.
[...]
-- Evident.io - Continuous Cloud Security for AWS. Identify and mitigate risks in 5 minutes or less. Sign up for a free trial @ https://evident.io/
Current thread:
- ATM hack lets criminals take 'wads of cash' InfoSec News (Oct 09)