“Drilled a hole”: how scammers are hacking into the ATM savings Bank

Deputy Chairman of Sberbank, Stanislav Kuznetsov, speaking at the conference on Tuesday, said that the Bank found a new way to steal cash from ATMs, where fraudsters extort money using a “special computer”.

“The trend there was literally four or five months ago. [Crime] is called box drilled when a hole is drilled in the ATM — some ATM, a certain brand, we all know them and connecting bus and used it to siphoned off the money instantly,” explained Kuznetsov (quoted by “RIA Novosti”).

Other details of the transaction robbers with ATMs Kuznetsov is not called. Not he said, and what manufacturer is involved. In a press-service of Sberbank to comment on the statement of the Deputy Chairman also failed. RBC figured out how this type of fraud, how long has he been there and who is to blame for what happened.

Surgery

Andrey Pastukhov, CEO of IT-company “Anser Pro”, which is engaged in the production of electronics for ATM protection, told RBC that we are talking about the ATMs, manufactured by NCR, one of the leaders in this market. According to the company, it serves about 40 thousand, or 25%, operating in Russia ATM.

“According to confirmed data that we have available, we are talking about older models [NCR], on which the SDC-bus,” he says. It is, in fact, connector, connecting to the attacker which can use its program to instruct the ATM to give money. According to Pastukhov, the cases of successful attacks were recorded by specialists during visits to the crime scene.

On the website of the company “Anser About” there is a diagram which shows a variant of this attack. Attackers carry out her mini-computer with a trail of wires to connect to the ATM. This mini-computer security professionals called the Black Box. So the Shepherds surprised the term “drilled box”, voiced by Deputy Chairman of Sberbank.

Using the drill, the attacker gains access to the bus control peripheral devices of the ATM, including a dispenser device, which controls the cash. According to Pastukhov, often make a hole near the ATM, where users normally enter your PIN. In this place it is easier to pull the connector and connect to the Black Box, he explains.

The connected device delivers the control commands to dispense cash, the ATM takes them and he gives money, says Director of operations Department, VTB 24 Valery Chulkov. “It’s kind of neurosurgical operation. And in the field it was quickly and successfully takes some practice,” adds the head of security of banking systems, the Positive Technologies company Timur Yunusov.

With a drill attack

The security professionals and bankers say that the way to open the ATMs have long been known. The first mention of the drills to penetrate to the control connector of the dispenser of the ATM dates back to 2013, says Yunusov of Positive Technologies. Prior to this, he says, the drill used to fill the ATM with gas and explode.

According to Chulkova from VTB24, the type of fraud reported by the savings Bank, is actively discussed in the professional interbank community in 2015, and isolated cases of attacks Black Box appeared in Russia in 2010. Shepherds from the “Anser About” says that the attack using Black Box began at the end of 2015 and their number has since increased significantly.

According to the European group on ensuring security of ATMs (European ATM Security Team, EAST), the total losses of the banks, which they bear from-for malicious software and skimmers (reads data of the card devices), this year was approximately 174 million euros.

Old ATMs

According to the Bank, all in Russia on 1 July 2016 was 203,5 thousand ATMs. The most popular producers from Russian banks are companies such as NCR, Diebold, Wincor Nixdorf, says Yunusov. “Each vendor will be the 2-3 most popular models. To each of them, you can theoretically use a particular attack, it all depends on the model, security settings, disadvantages of a particular Assembly and the human factor,” he said.

Deputy Chairman of Sberbank, Stanislav Kuznetsov, in his speech claimed that the manufacturer of the ATMs were informed about the incident, but a reaction immediately followed. Sberbank, he said, was forced to deliver an ultimatum: “either we won’t buy your ATMs, or take some action”.

According to Vice President of sales at NCR Constantine hotkina, attack, Black Box may be exposed to the ATMs of all manufacturers, with more attackers choose the most popular and almost always the latest models.

“As for the ATM of our production, attacks the device, which was produced until 2009. The system of protection was developed over 15 years ago and fully meet the requirements of the time,” he says. After the devices were written off, not recycling properly, they become available to attackers, he continues, but they were able to create programs and devices to obtain cash. In the new ATMs, which are produced in 2008, according to hotkina, the system of protection against such attacks has already been built.

Gotkin said that his company has released a special update against the Black Box for the previous models of ATMs, and the market there are several IT solutions to counter such attacks. “Unfortunately, people start thinking about security only when there is a loss of money from criminals,” he concludes.

Hotchin did not specify what the number of operating ATMs is obsolete and which banks they use. Not call these numbers and Sberbank. As noted by Kuznetsov, Sberbank is now about 80 thousand ATMs. In the past, according to him, there were 90 thousand, but the Bank has reduced the network by almost 10 thousand devices. According to the representative of one of the IT companies, Sberbank and NCR negotiate the upgrade for the old ATMs. Hotchin is not commented.

Possible loss of

The volume of possible losses of the savings Bank from such attacks, none of the respondents RBC experts estimate could not. According to the annual statements of the savings Bank for the year 2015, the Bank last year prevented more than 154 thousand attempts of plunder of means of citizens to RUR 2.8 billion, But it is mostly about skimming, attacks on the Black Box the Bank is not mentioned.

“Bank losses in the absence of protection can be serious. ATM on average are from 3 to 5 million RUB. All of them can be removed with the help of this thing. If we are talking about the action of several criminal groups, the loss can amount to hundreds of millions of rubles”, — said the head of e-business Binbanka Alexey Degtyarev.