SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
26 Nov 2015

Criminals steal $4 million in cash with novel Reverse ATM attack

Over the last year, criminals in Russia found a way to steal 252 million Rubles ($3.8 million) from five unnamed banks, using a novel technique called a “reverse ATM attack”, according to Russian digital intelligence firm Group-IB.

It exploited esoteric weaknesses in the international transfer system and involved compromised point-of-sale systems in America as well as a global “money mule” network that would handle the stolen funds before passing them on to higher-ups.

Group-IB, which is helping police with the ongoing investigation, said the criminals could have made off with a lot more if they’d been more persistent. Here’s how the Moscow-based firm said it worked: the mules would deposit sums of 5,000, 10,000 and 30,000 Rubles into legitimate accounts, immediately withdrawing what they’d put in. They also took a receipt from the ATM, which contained a payment reference number and the amount withdrawn.

That information was sent to hackers who would use the data and their access to thousands of point of sale terminals, primarily based in the US and the Czech Republic, to create “a reversal operation” on a terminal that tricked the bank into believing the withdrawal of funds had been cancelled. At the point of sale terminal, this looked as though goods were returned or a payment declined, whilst to the banks it appeared the ATM withdrawal had been cancelled.

Funds were returned to the account, though the crooks had already taken the cash. The process was repeated until there was no money remaining in the targeted ATM. Group-IB said it had seen five incidents at five different banks, the criminal activity starting in summer 2014 and finishing in the first quarter of 2015.

The masterminds took advantage of weaknesses in the withdrawal, transfer and verification stages of credit card use in Russia, bypassing checks recommended by VISA and MasterCard. For instance, as the operation targeted a single bank, certain transaction details provided by VISA were not verified by the affected banks as they should have been. And when withdrawals were made in one country and cancelled in another, certain security checks were again missed.

VISA confirmed it helped bring together the affected banks so they could block reversals when funds were withdrawn from an ATM of the bank and reaccredited through a separate terminal. But that fix only addressed the issue of withdrawals from ATMs, not transfers from one card to another. Russian financial cybercrime: how it works.

Criminals managed to adapt their scheme, carrying out a transfer from a card at one bank to a card registered at another, rather than depositing funds. The details from that transaction were used for the reversal, and the latter card would be used to withdraw the funds from the ATM, thereby allowing the criminals to continue their fraud, said Group-IB.

The company said several court cases had been opened against the perpetrators, though it’s unclear who the charges apply to and if they had been issued against the money mules, who flew in from London, Ukraine, Latvia and Lithuania. For now, the fraud can no longer be perpetrated. Thanks to additional fixes, banks can now properly verify which terminal has sent a cancellation request and check if it matches the terminal where the original operation was conducted.

Despite the assistance from VISA and Mastercard, it’s feared banks might fail to implement recommended fixes and criminals could find fresh ways to exploit the international transfer system. “After the first fix the fraudsters modified the scheme a little bit and then did the fraud again. Then it was finally fixed, but nobody is sure that the scheme could not be modified again and be successful,” said Dmitry Volkov, cybercrimes investigation division leader at Group-IB.

“This scheme could affect non-Russian banks, but we know only about Russian victims.” ATM attacks in recent memory have been less sophisticated. Last year, a pair of ninth-graders used a manual for a cash machine that showed them how to get into its ”operator mode” using a guessable password. They didn’t steal any cash, however, but assisted the Bank of Montreal in closing off the vulnerability.

Tags:
hackers information leaks ATM
Source:
Forbes
1929
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015