On Sunday, we learned that along with sweeping invasions of high-level corporate security, the NSA has developed ways for USB drives to transmit the data they’re storing to government surveillance.
Now, it turns out that flash drives can also help rob banks.
The BBC reports that an unnamed European bank was robbed earlier this year by a team of meticulous thieves who wrote a program that would tell the banks’ ATM machines to dispense money to them.
The thieves put their code on USB drives. Then they physically cut into the ATMs, inserted the USB sticks into the machine’s hard drive, and let the program do its magic. Once they’d taken the cash, they simply closed the hole in the box and went on their way.
Two unnamed researchers presented a detailed finding of the methods the thieves used to break into the ATMs at a German hacker conference held this week. The researchers presented the results of analysis done on four of the compromised ATM machines.
The thieves’ strategy for robbing the banks was to hit multiple ATMs, spending only a limited amount of time at each bank. The program the thieves wrote was designed to cull only high-value bills so they’d spend less time rounding up lots of money. Then, after they’d patched the hole where they inserted the USB device, they’d simply leave and hit up another ATM.
Then they’d come back later and do it all again.
Because the ATM’s safe wasn’t actually broken into, a lag time elapsed before authorities noticed money was missing. In July, the bank finally did notice, however, and increased security around the machines to figure out what was going on. They discovered a ring of thieves who possessed both an in-depth knowledge of the ATMs and the complex, 12-digit security code required to activate the program.
The response code required to complete the process and withdraw the money changed every time it was accessed. Because the numerical code changed constantly, the thieves had to phone a third party for access to the activation key.
Once the thieves were inside, the program helpfully informed them how many bills were in the ATM, and how much of each dollar amount was in the safe. All the thieves had to do was tell the machine how much to give them.
The report did not reveal how many thieves were involved in the heist or how many ATMs had been targeted in the ongoing robbery ring. There’s also no word on whether the thieves have been caught.
Although it’s the only reported heist to involve USB drives, it’s not the only complex robbery ring to target ATMs this year. In May, Manhattan crooks rounded up an astounding $45 million from a string of ATM machines throughout New York city in a carefully orchestrated crime spree involving dozens of people and lasting only a few hours. Arrests in that case are still being made.
Photo via 76657755@N04/Flickr