Crooks Rob Cash Machines Via USB

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Cash machines running Windows XP attacked, researchers at the Chaos Communication Congress say

Criminals managed to steal money from cash machines earlier this year, using USB sticks and exploits of Windows XP.

Researchers speaking at the Chaos Communication Congress, organised by the Chaos Computing Club in Germany, said attackers hit an undisclosed number of cash machines, cutting away at the chassis to reveal the USB slot.

They then uploaded malware to the machine that meant they could draw out cash via their own hidden menu, according to various reports.

ATM card machine Shutterstock © MennaCash machine malware threat

The malware had been created to target one bank, but the researchers, who wished to remain unnamed, warned about a large number of financial institutions which still use vulnerable software in their ATMs.

It appeared the crooks were well-funded and sophisticated. One researcher suggested they had an insider working for them. The malware had the capability to steal customer information but didn’t do so.

“I’m not sure this is the end attack, or the end game,” said one of the researchers, according to Wired. “We’ll probably see this kind of malware on another bank, in another city, on another continent.”

NSA can get at you from 8 miles away

Elsewhere at the Chaos Communication Congress, digital activist and security researcher Jacob Appelbaum claimed he had seen documents indicating the US National Security Agency (NSA) could hack into Wi-Fi connections from 8 miles away. That was back in 2007 too.

In Der Spiegel, Appelbaum had disclosed information on the NSA’s Tailored Access Operations unit, but went further at CCC. The NSA has use drones to carry out such long-range attacks, he said, but he could not produce any evidence to substantiate that claim.

“It tells us that they understand that common wireless cards are probably running Microsoft Windows, which is an American company, that they know about vulnerabilities and they keep them a secret to use them,” Appelbaum added.

“This is part of a constant theme of sabotaging and undermining American companies and American ingenuity.”

Are you a security pro? Try our quiz!