by Tim Stickings, Daily Mail:
The FBI has sent a confidential alert to warn banks of a global ‘cash-out scheme’
A ‘jackpotting’ scheme would see hackers use malware to take control of ATMs
Smaller banks with less sophisticated security are said to be most vulnerable
America’s intelligence chiefs have warned banks of a major hacking threat to cash machines worldwide in the next few days.
The FBI sent out a confidential alert on Friday to warn that cyber criminals are planning a global ‘cash-out scheme’ using malware to take over ATMs and steal millions of dollars.
Banks were warned that they could fall victim to an ‘unlimited operation’ in which millions of dollars could be withdrawn from cash machines.
Smaller banks with less sophisticated security systems are thought to be most vulnerable to an attack using the ‘jackpotting’ technique, the Daily Telegraphreports.
The FBI sent out a confidential alert on Friday to warn that cyber criminals are planning a global ‘cash-out scheme’ using malware to take over ATMs and steal millions of dollars
The warning said: ‘The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach.’
The website Krebs On Security reported that criminals could create ‘fraudulent copies’ of bank cards by installing their data on reusable magnetic strip cards.
The FBI warned that ‘at a pre-determined time, the co-conspirators withdraw account funds from ATMs using these cards.’
‘Historic compromises have included small-to-medium size financial institutions, likely due to less robust implementation of cyber security controls, budgets, or third-party vendor vulnerabilities,’ the alert said.
Attacks could affect banks all over the world with British banks with large overseas interests including Barclays and HSBC thought to have been made aware of the danger from the ‘jackpotting’ technique.
Earlier this year it was revealed that a co-ordinated group of hackers had stolen more than $1million by hijacking cash machines in the U.S.
The spate of attacks represented the first widespread jackpotting activity in the United States, officials said in January.
The heists, which involved hacking ATMs to rapidly shoot out torrents of cash, were across the United States spanning from the Gulf Coast to New England.
British banks with large overseas interests including Barclays and HSBC are thought to have been made aware of the danger from the ‘jackpotting’ technique
An alert at the time from an ATM maker said the method included gaining physical access, replacing the hard drive and using an industrial endoscope to depress an internal button required to reset the device.
A U.S. Secret Service alert sent to banks in January said machines running Windows XP were more vulnerable and encouraged ATM operators to update to Windows 7 to protect against the attack.