This is what makes ATM hacking ‘more dangerous’
BENGALURU: With the latest tools and devices on sale on the dark web, an ATM machine can now easily be hacked in 15 minutes by an amateur. While earlier in the dark corner of the World Wide Web, one needed to know the basics of it to buy such things, cybersecurity startup CloudSEK has discovered that sellers on the dark web sell latest ready made tools like malware cards, USB ATM Malware and more to hack these machines, making the job easy for any individual.
“Earlier, though these were slightly complicated, now with these devices, anybody can control these machines,” says security researcher at CloudSEK Rakesh Krishnan, who disguised himself as a buyer, contacted individual sellers to know about the latest tools to hack an ATM machine.
One shop offered him ATM Malware Card which includes ATM Malware Card, PIN Descriptor, Trigger Card and an instruction guide. Once installed, it captures all card details stealthily. The amount can be withdrawn using Trigger Card, that dispenses the cash. Another prevalent method to dispense cash is by infecting the machines using a Malware-hosted USB drive. Besides, this particular seller also offered ATM Hacking Appliances such as EMV Skimmer, GSM Receiver, ATM Skimmer, PoS, Gas Pump and Deep Insert, among others.
These malwares mainly target systems running on Windows XP. Further, Krishnan also explains that most of these devices do not require modifications to work on ATMs in different locations. “ATM machines over the world are built in similar ways using similar softwares, so these malwares sell easily,” he adds.
Gautam Kumawat, a cybersecurity expert says that not just on the dark web, many of these inexpensive tools are also available on global ecommerce sites and can be ordered right away. However, these are still not manufactured in India. “Hackers prefer cheaper costs so they usually prefer Chinese ecommerce marketplaces and so these attacks become easier.”
One also does not need to be in physical contact with the machines. For instance, a recently uncovered method is an active ATM Jackpotting Method using the malware Ploutus-D, which takes control of the hardware devices thereby allowing anyone to dispense all the cash within the machine in a few moments.
Krishnan also says that many such shops are updated with latest cracking devices released in the market such as PoS Terminals, Upgraded Antenna, custom-made ATM Skimmers and RFID Reader/Writer. These devices are available at a starting price of about $1,400. The dark web has also been selling ATM hacking tutorials which one can buy for a mere $100. Card cloning is another major cybercrime cops face in India.