Watch these hackers crack an ATM in seconds

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

criminals are interested in return on investment and the return on investment for an attack like this is much higher because you can target multiple ATMs without leaving your house this is a home based command center think of it as the ID technician for this crime this is just a standard ATM so I'm gonna going to withdraw $40 from this ATM select English fun pin I'm gonna make sure to protect my pin I'm gonna do withdraw checking for 40 we have 2x force red $20 bills I'm gonna request $40 again let's see how much money I can get out I'll take a receipt now this time in fact if you look at my receipt it also says $40 [Music] from a criminal point of view one of the great things about this attack is that the bank has no idea what's happened the bank told to the ATM in a dispensed two bills it has no idea that the attacker modified the response and changed it to ten bills you see everything from XP embedded XP Windows 7 all the way up to more modern variants of Windows so you're saying that the most vulnerable versions of Windows are deployed on thousands of ATM machines yes you have a lot of ATMs across the country that still run Windows XP so the type of vulnerabilities that we exploit initially on an ATM are very common ATMs are architected a very similar way to a home PC in fact often times it may be more vulnerable because of the difficulty in patching ATMs that are distributed across the wide geographic area most of the ATMs don't have a support staff that's standing there and if the bank has to send someone out to each ATM to install software it significantly increases costs so they're usually very conservative about which patches and which software they push out this is the receipt printer has the standard USB connection shows up in Windows just like any other printer you could actually print Word documents on this the same is true for the save the cash dispenser is also just a USB device we've printed out our own money and stocked it up once the ATM is compromised that's where it gets a lot more complicated an attacker has to know how to communicate with the specialized devices each vendor has a separate set of hardware that they're going to be using every piece of software on an ATM has the potential to be a little bit different so we create our own custom software when we're performing attacks the attacker could monitor everything that's going on for example the attacker can see what's actually displayed on the screen of the ATM and also observe the network traffic the highlighted text here is the magnetic stripe data from the card you see the 4000 is corresponds to the $40 that Charles requested a lot of people assume that when an ATM withdraws process the bank is used to yes or no response but in reality it tells the ATM how many bills to dispense so in the response that told the ATM dispense two bills but we can modify it as the attacker changed that zero to two a10 so that ten bills are dispensed do I need two people do I need you extracting cash and some attackers sitting in a remote location synced up conceivably he could do it from right outside the ATM but it makes more sense because there's less rest to him being compromised if he can send a low-cost criminal employee to go pick up the cash for this is us taking control of the ATM now notice it goes out of service [Laughter] sometimes criminals may not want to put a card into the ATM for whatever reason and they may just want to dispense money it is often referred to in the industry as jackpot it doesn't even require a card David is just going to remotely dispense cash how often they're updated often depends on the volume of usage for an ATM but an ATM like this can hold over $200,000 in fact in certain rare instances they can be stocked with up to a million dollars and it's very difficult for banks to to detect this in the short run because ATMs don't have a precise way of measuring how many bills are in the back it's just a counter it's really only if the criminals empty the ATM completely of cash that the warning bells go off so a lot of the technology that is needed to defend against there are things that are already on the market for example having encrypted network connections between the ATM and the bank well that's been available for for literally decades now is surprising how many banks are still using insecure network communication when an a team like this is compromised it's the consumer that pays in the form of increased fees you so this actually runs a variant of Windows Windows something is that common for ATMs yes so it's actually even common to see XP yeah I mean so when you've got something when you've got something that a that basically puts out money like this you don't want to mess with it

Info

Channel: CNET

Views: 5,616,649

Rating: undefined out of 5

Keywords: CNET, Technology, Tech, hackers, ATM, financial hack, financial hacker, bank hack, bank hackers, crime, heist, robbery, money hack, atm hackers, atm hack 2019, hack pro, hacking, money, money heist, black hat 2019, black hat hacker, black hat hacking, black hat, professional hacker, jackpot, atm hacking, atm jackpotting, atm jackpotting video, black hat atm jackpotting

Id: a2A5Ld-QWnU

Channel Id: undefined

Length: 5min 41sec (341 seconds)

Published: Mon Sep 30 2019