Hackers stole from 100 banks, rigged ATMs to spew cash

ATLANTA, Ga. (CNN) – It may be the biggest bank heist ever. Hackers have stolen about $1 billion dollars from banks and ATMs around the world.

It’s being called the Ocean’s 11 of cybercrime. Hackers in Russia, China, Europe coming together to hack a hundred banks in 30 countries.

How successful? Up to $1 billion in stolen cash and going undetected for two years until banks started noticing something suspicious.

Just one arm of the attack, but certainly the flashiest: an ATM in Ukraine was randomly pouring out bills onto the ground

The hackers were able to take control of the bank-operated machines remotely and make it rain cash with the help of an accomplice.

“We refer to them as money mules. These are basically members of the organized crime ring that’s doing this whose job it was to go pick up money and then deliver it at a specified location.  And we saw instances where the criminal, the money mule, didn’t touch the ATM machine.  They just walked up to it, the money came out, and they walked away,” said Chris Doggett, managing director Kapersky Lab North American.

An ATM itself isn’t unheard of – hacking legend Barnaby Jack demonstrated the hack years ago for MIT.

“I find out a vulnerability that will enable me to bypass these passwords and upload my own software onto the ATM remotely and of course my own software will capture credit card details, dump from the dispenser and that type of thing,” Jack said. “I’m not naive enough to think I’m the only person that can do this.”

Nico Sell with SellSafety is someone who has tried to do this – attempting to hack into an ATM dispensing gold bars.

“We’re in the palace hotel in Abu Dhabi, all these hackers building a human shield around the gold machine, because there’s cameras everywhere. Acting like they’re tourists, taking pictures. We had to unplug the machine because that’s usually how you get the IP address, and then you wait till it restarts, you plug it back in. You can get the IP address other ways but we would have really had to disrupt the entire network at the palaces so that’s about the point that security guards realized something funny was going on and came we all had to run and disperse.” Sell said.

One billion dollars gone, and the attack may not be over yet. Banks may not even realize they’ve been compromised.

It’s a haul that would make even Danny Ocean blush.

“It does feel like we’ve seen another milestone in the arc of cyber-attack history,” Doggett said.

Comments are closed.