
ATM Hackers Have Picked Up Some Clever New Tricks - fortran77
https://www.wired.com/story/atm-hackers-jackpotting-remote-malware/
======
ufmace
I wonder how they get access to a communication line or access port or
whatever to load their malware onto the ATM. I would think that's the tough
part - once you get that, it's probably easy to compromise.

~~~
non-entity
I'm now genuinely curious if it's possible to purchase an old atm to hack
around with (solely educationally of course)

Was shocked to recently find semi-modern (mid-2000s) gas-pumps for sale cheap
on eBay so who knows.

~~~
keyme
Just keep in mind that it's very heavy. Very. Like your building's
construction code may not allow that much weight per floor area. Shipping or
mooving it around would be similarly "fun".

~~~
RandomBacon
They make motorized hand carts ("dollies") that make it easy for a single
person to move large safes. Either with motorized wheels, or a motorized
actuator that lifts a second set of wheels up and down which makes it possible
to go over curbs and other obstacles.

It would still probably be "fun" (not easy) for someone who hasn't done it
before, but not impossible.

~~~
shakna
Whilst that's true... It doesn't change that the floor you're moving it to is
probably not rated for the weight.

Picking it up only solves half the problem, and the easier half.

------
s9w
In German the go-to method of "hacking" ATMs is blowing them up. I think they
use some kind of gas to funnel inside the chassis and then ignite it. That
seems to work exceedingly well, the numbers of that happening are insane. Is
that not a thing in the US?

~~~
js2
In Ireland, they just use a backhoe to cart the whole thing off:

[https://www.youtube.com/watch?v=VTe0cdxdSEo](https://www.youtube.com/watch?v=VTe0cdxdSEo)

[https://www.youtube.com/watch?v=QTyON6gPTFI](https://www.youtube.com/watch?v=QTyON6gPTFI)

Ah, and here was a failed attempt to do the same in Virginia:

[https://www.youtube.com/watch?v=u2TSGyXejls](https://www.youtube.com/watch?v=u2TSGyXejls)

How much cash does an ATM hold anyway?

~~~
partyboat1586
Happens in England too

[https://www.theguardian.com/uk-news/2020/mar/23/ram-
raiders-...](https://www.theguardian.com/uk-news/2020/mar/23/ram-raiders-use-
digger-to-steal-atms-from-tesco-extra-in-kent)

------
superbrane
There is no surprise here. The ATM companies making the machines and their
software are so old school and simply outdated in terms of cybersecurity.

~~~
PhantomGremlin
_so old school_

I'd go further than that. These companies are, demonstrably, run by total
idiots.

I knew someone who worked for an ATM company back in the mid 1980s.
Coordinated attacks exploiting weaknesses were routine even then!

That's right. People have been finding hacks to steal cash from ATMs for at
least 35 years!

That's 35 freaking calendar years. How much is that in Internet years? :)

~~~
tomc1985
If game consoles are any indication, even if the security gets better over
time it will never be "hack proof"

------
Stierlitz
> INJX_Pure .. runs a self-crafted HTTP server web interface for its purpose
> ..

Don't run your ATM under Windows and connected to the Internet. I recall
reading an instructional manual that required the visit of two technicians,
that installed and configured a black-box that required the entry of two
unique codes to be activated. Communication to the back-end being done on
private leased-lines. Then they upgraded the ATMs to Windows running over the
Internet :o ..

------
Yc4win
I remember when Bluetooth skimmers started to be used on gas station pumps in
my country. The attacker would wait inside a car in the signals range and
siphon off cc numbers in bulk. Management then put up signs to make sure to
jiggle the reader before inserting your card, to ensure that it was real.

------
zipwitch
I guess I'm out of sync with the times. For some reason, my first thought on
seeing the title was that it would be about some clever new tricks with the
ANSI ATM standard.

