ATM hacking marks both economic institutions and individuals, dependent on the type of attack.
Method 1: Fake processing center
The hacker disconnects the ATM from the bank’s network and so connects it to an appliance that acts as a fake processing center.
The box is employed to manage the cash trays and send commands to the ATM, requesting money from the chosen tray. It’s as simple as that: The attacker can now use any card or input any PIN code, and therefore the rogue transactions will look legitimate.
Method 2: a distant attack on several ATMs
This method involves an insider working within the target bank. The person purchases a key from the insider that opens the ATM chassis. The key doesn’t give an attacker access to the cash trays, but it exposes the network cable. Networks connecting ATMs are often not segmented (separated for security), and ATMs themselves is configured incorrectly. In this case, with such a tool a hacker could compromise several ATMs without delay, whether or not the malicious device is connected to just one of them.
The rest of the attack is distributed even as described in Method 1: A fake processing center is installed on the server, and also the attacker gains full control over the ATMs. Using any card, we can withdraw all of the cash from an ATM, no matter the model. The sole thing the ATMs must have in common for this method to figure is that the protocol they use to attach to the processing center.
Method 3: The recorder attack
As earlier described, the attacker obtains the key to the ATM chassis and accesses it, but now puts the machine into maintenance mode. Then the hacker plugs a so-called recorder into the exposed USB port. A recorder during this case could be a device that enables an attacker to regulate the ATM’s cash trays.
While the attacker tampers with the ATM, its screen displays a service message like “Maintenance in progress” or “Out of service,” although truly the ATM can still draw cash. Moreover, the recorder will be controlled wirelessly via a smartphone. The hacker just taps a button on the screen to urge the cash so disposes of the recorder to cover the evidence that the machine was compromised.
Method 4: Malware attack
There are two ways to taint a target ATM with malware: by inserting a malware-laced USB drive into the port (requiring the key to the ATM chassis) or by infecting the machine remotely, having first compromised the bank’s network.
If the target ATM isn’t protected against malware or doesn’t employ whitelisting, a hacker can run malware to send commands to the ATM and make it dispense cash, repeating the attack until the cash trays are empty.
