London police made three arrests last week in connection with the theft of up to £1.6 million ($2.58 million) from over 50 ATMs in cities across the UK.
The crimes took place over this year's May Day holiday weekend (3 - 5
May) and hit 51 cash machines in multiple areas, including Brighton,
Portsmouth and London in the south and Blackpool, Doncaster, Liverpool
and Sheffield in the north of England.
The machines affected are described by police
as being in "standalone public places", rather than attached to banks
or other secure areas, and were apparently physically broken into by
criminals who planted malicious code onto their systems.
This "specialist malware" allowed the crooks to empty the machines of
large amounts of cash, averaging over £30,000 per machine, although
police reports suggest the malware later removed itself before it could
be inspected by investigators, leaving its exact nature something of a
mystery.
The crime spree was investigated by officers from the London Regional
Fraud Team (LRFT), made up of staff from various forces including the
Met Police and City of London Police, backed by intelligence from the
National Crime Agency's Economic Crime Command.
The arrests were made on 23 October, with a 38-year-old man and a
37-year-old woman picked up in Portsmouth and another man, aged 24,
arrested in London. The woman is suspected of money laundering offences,
and the two men of conspiracy to defraud. The older man remains in
custody, while the other two have been released on bail.
Further details on the suspects remain sparse, but the police
described them as part of an "organised eastern European crime gang",
while local media reports refer to them as a "Romanian gang".
As the thieves targeted weaknesses in the systems underlying the ATMs
rather than individual cards or transactions, it's not believed that
any ATM users were directly defrauded by the gang.
ATM security remains an issue for end users, with skimmers and card-catchers a common problem.
But larger-scale fraud and theft involving ATMs tends to make use of
stolen account data to produce cloned cards, which are then used in
synchronised cash-withdrawal operations.
ATMs tend to fall into that category of hardware which lives longer
than the developers of the software powering it may have expected, with
many still running aged and unsupported versions of Windows.
As older machines are slowly replaced, the availability of retired
hardware becomes a playground for hackers wanting to figure out how they
work and how to break into them, either for fun or profit. The availability of old hardware manuals aids this process.
This seems to be allowing more mass heists of the type seen in the UK. A recent incident in Malaysia,
again involving multiple machines hit in the space of a few days,
apparently involved inserting some sort of media and uploading malware
which unlocked the machine's test functions.
Initial speculation suggested the attack was highly sophisticated,
but later reports imply that the machines were rather old and lacked
up-to-date protections.
That's not to say that shiny new machines are immune from compromise though, with every fancy new security process implemented by banks balanced out by ever more devious techniques to subvert their security.
ATMs are basically big boxes full of cash sitting by the side of the
road, and so will always be a very tempting target for crooks. Whether
they target the underlying software, the authentication process, or
simply hit them with hammers until they break open, there will always be
fraud and theft.
Ultimately it's each of us who ends up paying for the losses banks
incur in this way, so it's always good to see those behind these crimes
being tracked down and brought to book.
0 comments:
Post a Comment