ATM hack lets criminals take 'wads of cash'

[InfoSec News <alerts () infosecnews org>]

http://www.theweek.co.uk/business/60787/atm-hack-lets-criminals-take-wads-of-cash

The Week
9 OCT 2014

A flaw in cash machine software is letting criminals withdraw money 
without using a bank card.

Security firm Kaspersky Labs identified the problem, leading Interpol to 
mount a widespread investigation across the USA, India, France, Israel, 
Malaysia and China.

ATMs infected with malicious software can be instructed to give out 40 
notes at once by entering a series of digits on the keypad. Fraudsters do 
not require a credit or debit card to carry out the scam.

The hack, known as Tyupkin, requires criminals to enter a unique code into 
a machine that has already been compromised by the malware. A second Pin 
code – a random sequence of numbers generated at another location – is 
also needed to unlock the machine before it will dispense the cash.

Security analysts say that this double-Pin system ensures that the hacker 
generating the algorithms maintains control over when and where money can 
be stolen.

[...]

--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/