Multiple-ATM Attacks


In a previous post we showed you how easy it is for criminals to empty an ATM of its cash. However, a malware-laden flash drive isn’t the only way to attack an ATM. Here’s another example: This one lets crooks grab the cash from several ATMs at once.

The attack still requires physical access, but it makes use of a device crafted to hook into the network instead of the ATM; the device connects the bank’s network to a server operated by criminals. This  server mimics a processing center controlling all transactions carried out via the ATMs located on the same network. Such an action is possible if the network isn’t segmented and if the security settings have errors.

The ATM model doesn’t matter in this attack; everything comes down to the data exchange protocol — which is the same for all teller machines on the same network.

With the criminal’s device in place, any banking card can be used to withdraw cash; the rogue processing center approves the transaction and the ATM spits out the bills. When all of the cash is gone, a person with a key returns to the compromised machine, takes the device away, and plugs the bank’s cable back in, thus removing all traces of the attack.


To the average, law-abiding citizen, this attack may seem complex, but relatively speaking, it is not. And besides, the endeavor is quite a moneymaker. Thieves are willing to go to far greater lengths to rob ATMs. The primary issue they need to overcome is getting to the network cable. No authentication is required between the hardware units of the ATM and the bank’s infrastructure, so plugging in a rogue device won’t alert security systems.

The above is just one example of the potential consequences of having insufficient ATM security.