Chris Skinner's blog

Shaping the future of finance

Cracking ATMs the malware way

Chris Skinner Author Avatar
by
EAST ATM Fraud

I get a lot of email feeds and news from financial websites, but often spot real banking news in more unlikely places ... like New Scientist magazine.

On the front cover of last week's mag was a story about Gaia's evil twin.  

I thought that was going to be about the social networking world of Gaia Online, but it was actually an interesting article about how Earth really works and that Mother Earth is nothing like the Greek Goddess Gaia, who nurtures.  Instead it's more like the murderous wife of Jason of the Argonauts, Medea, who killed her own children.

Nice.

Anyways, flicking through the pages, the tech section was headlined by a story called: 

This relates the following news:

"A devious piece of criminal coding has been quietly at work in a clutch of cash machines at banks in Russia and Ukraine. It allows a gang member to walk up to an ATM, insert a "trigger" card, and use the machine's receipt printer to produce a list of all the debit card numbers used that day, including their start and expiry dates - and their PINs. Everything needed, in fact, to clone those cards and start emptying bank accounts."

Not so nice.

Apparently the shysters intall a 50kb malware on ATMs as part of a legitimate Windows program called 1sass.exe.  This program looks OK to techies and would normally go overlooked because it is part of a normal Windows system that drive most modern ATMs, except that it has no useful function on an ATM as all it is used for is to cache session data so that users don't have to re-enter passwords every time they get a new email or enter a website.

And that's the scheme in a nutshell.

Install the malware and then 1sass.exe collects all the card data and spews it out on demand.

Result: criminals walk along to any ATM, enter the magic code and get an ATM receipt with all the card numbers and PINs.

No wonder the European ATM Security Team (EAST) reckon that ATM fraud is now running at €484 million a year across Europe:

EAST ATM Fraud
That's just ATM fraud, not card fraud.  

Here's the Spiderlabs full briefing presentation: 

Now then, which ATM shall I try out first?

  

The Finanser is sponsored by Vocalink
 VocaLink_rgb_250x120 
For details of sponsorship email us.

Chris Skinner Author Avatar

Chris M Skinner

Chris Skinner is best known as an independent commentator on the financial markets through his blog, TheFinanser.com, as author of the bestselling book Digital Bank, and Chair of the European networking forum the Financial Services Club. He has been voted one of the most influential people in banking by The Financial Brand (as well as one of the best blogs), a FinTech Titan (Next Bank), one of the Fintech Leaders you need to follow (City AM, Deluxe and Jax Finance), as well as one of the Top 40 most influential people in financial technology by the Wall Street Journal's Financial News. To learn more click here...

Intelligent Money: Our Future Is Where We Do Not Think About Money, As Our Money Thinks For Us

What is the future?

Learn more

Learn more about Chris

About Chris Skinner

The Past, Present And Future Of Banking, Finance And Technology

Fintech expert Chris Skinner: countries need digital transformation to remain competitive

Join me on Linkedin

Follow Me on X!

Hire Chris Skinner for dinners, workshops and more

Learn directly from from one of the most influential people in technology, gain insights from the world's most innovative companies, and build a global network.

Chris’s latest book

Order now

Chris Skinner’s ‘Intelligent Money’ Book Launch Event

Lifetime Achievement Award

Kids creating the future bank | TEDxAthens

Alex at the Financial Services

Gaping Void's Hugh MacLeod worked with the Finanser