A new method of stealing money from Russian ATMs has been discovered. How ATMs are robbed: tricks, viruses and physical force Here's what it all might look like and what you should be on your guard for

In this review, the editors of PaySpace Magazine will talk about how ATMs are robbed and what tricks are most often used by criminals.

How ATMs are robbed Photo: businessinsider.com.au

There are many ways to rob an ATM. Some will require freight transport and a puncher. And for others - sleight of hand and a piece of plastic. The former are more concerned about the bank's security service. And the second - ordinary owners of payment cards who withdraw cash from an ATM. You can't ignore hackers either. A few lines of code - and the ATM will not only issue the money itself, but also transfer the details of the users' cards to the fraudster.

How ATMs are robbed: tricks aimed at cardholders

The ATM is no longer for payment scammers. However, criminals quite often use this device to empty citizens' payment cards. Consider the basic techniques that apply to ATM.

• - installation of special overlays on the ATM that allow you to copy credit card data, as well as "peep" the PIN code from a hidden camera or dummy keyboard. Fraudsters use this data to make fake cards and cash out from victims' bank accounts.

• - installation of a special lining with adhesive tape on the cash hole, which blocks the issuance of money. The purpose of the scammer is to make the customer think that the ATM has run out of money or that an error has occurred. Then the victim will take the card and leave. And the criminal will be able to move the overlay and take the funds

• - installation of special equipment on the slot for receiving a card to block a credit card inside the device. The purpose of the fraudster is to force the cardholder to move away from the ATM, and then to pull out his credit card with a special tool.

How are ATMs robbed using viruses?

• allow a fraudster to remotely receive technical information and PIN codes of bank cards that fall into an ATM
• infect an ATM machine with a virus that gives them access to the banknote vault.

How is an ATM protected from physical hacking?

Fraudsters who don't want to mess around with overlays and other tools to steal payment card details are trying to steal the entire box. Or open it on the spot.

How is an ATM protected from such attacks:

• CCTV Cameras, fix suspicious activity of swindlers near ATM. Modern technologies allow you to continue to film what is happening at the ATM, even if the device itself has already been disabled. Often there are two of them - built into the ATM and located near the object.
• ATM case protects banknotes in the safe thanks to thick walls made of heavy-duty metal, which are difficult to impact with a perforator.
• sensors, which react to a blow or an attempt to open an ATM. And they send a signal to the console of the guards, who usually arrive at the scene in a few minutes.
• wall mounts, thanks to which it will be possible to pull out the ATM only with the help of a cargo vehicle - the ATM itself weighs about 4 tons
• GPS beacons embedded in the ATM to inform the bank's security service about the exact location of the device. The main condition for the beacon to work is the presence of a satellite signal. If the ATM is placed in the basement, the device will not give a signal.

Yesterday, the UBEP of the Main Department of Internal Affairs of Moscow reported the disclosure of another fraud with bank plastic cards. A student of one of the capital's universities, together with a friend, using fake cards, stole money from the accounts of Russians and foreigners through ATMs.

According to Kommersant, the police came to the scammers thanks to the vigilance of employees of the economic and internal security service of one of the major Moscow banks. As you know, all ATMs in Moscow are equipped with hidden cameras. Looking at the recordings from these cameras, bank security officers drew attention to a young man who cashed out several thousand US dollars nine times in a row using different cards from one ATM. The bank considered it suspicious and reported the incident to the UBEP.

The police found out that the money was cashed by a student of one of the capital's universities, Anton Obyedkov, who came to Moscow from Tashkent. He was under covert surveillance. It turned out that the student obviously lived on more than one scholarship. Without working anywhere, he nevertheless did not live in a hostel, but rented an apartment, regularly visited youth cafes and nightclubs, where he spent large sums. It also seemed suspicious that the student very often visited computer markets, where he bought specific programs and components from electronic devices that could be used to make fake bank cards. The policemen assumed that they were dealing with a carder - a person involved in fraud with bank cards. Their assumptions were confirmed. The operatives who were following Anton Obedkov saw him withdrawing a large amount of money through an ATM and detained the student. As it turned out, red-handed. In the pockets of Anton Obedkov's clothes, investigators found 23 fake debit bank cards. With their help, $230,000 could be stolen from bank accounts.

The student did not withdraw. He told investigators how, together with his friend Konstantin Svobodin, he stole more than $60,000 through ATMs. According to the suspect Obedkov, Konstantin Svobodin organized the fraud. A certain Ali (the name was changed in the interests of the investigation - "Kommersant") from France, whom the young men met on an Internet forum where carders communicate, sent Konstantin Svobodin data on several dozen French bank cards and PIN codes for a reward. Using this information, Konstantin Svobodin allegedly made the cards and taught Anton Obedkov to withdraw money using them from ATMs. But Anton Obedkov could not explain how fake Russian bank cards got to him. The operatives guessed this themselves, after conducting a search in the student's apartment. The policemen found Anton Obedkov's notebook with data on bank cards of Russian citizens with PIN codes. In addition, microvideo cameras and parts from home-made card readers, devices that copy information from bank cards, were found in the apartment. According to policemen, the students made and installed hidden cameras and such devices on several ATMs, camouflaging them under the plastic frame of the card capture reader. Using this technique, they collected data on bank cards, which they then used to make duplicate cards. The operatives found an explanation for the fact that in the student's notebook some cards had one or two digits of a four-digit PIN-code presumably indicated. Police officers believe that especially careful ATM users, when typing a PIN code, covered the keyboard with their hand, as banks recommend, and the microcamera was able to capture only part of it.

Yesterday Anton Obedkov was arrested by a court decision. He was charged under Article 159 of the Criminal Code of the Russian Federation (“Fraud”). Konstantin Svobodin disappeared and was put on the wanted list. Investigators of the Main Investigation Department at the Main Department of Internal Affairs of Moscow, conducting the criminal case, have already informed Interpol about the French accomplice of the swindlers.

Alexander ZHEGLOV

Robbers attacked 4,000 ATMs in Russia last year. The losses of banks from such attacks, according to the Informzaschita company, ranged from 2.5 billion rubles to 7 billion. This year, experts believe, the number of attacks will grow to 5 thousand, and the losses will increase accordingly, Izvestia writes. At the same time, banks do not plan to spend more on protecting devices. On the contrary, from January to June of this year, they spent 9% less than a year ago.

How criminals work with ATMs, and why it is still not possible to stop this type of robbery all over the world (more than 26.5 thousand devices were affected in Europe in 2016), MIR 24 understood.

Destroy the ATM

All attacks are divided into physical and logical, and in Russia, nine out of ten attacks were of a physical nature. The easiest and most affordable way is to break open the door of the room, pull the ATM out of the wall with the help of a car, load it into the body and then open it in a safe place. And in one where the police will not be able to track the device using the GPS tracker installed inside. So, for example, in September, six unknown people stole an ATM, which contained about 3.6 million rubles, from a shopping center in New Moscow.

Alternatively, in some models of ATMs, criminals attach a cable to the banknote dispensing window and, if it is built into the safe, tear off the lid of the safe, after which they leave with the money.

All of the following methods are technically more difficult. For example, it is impossible to gut an ATM on the spot without special skills. One day, the police solved the crime in hot pursuit and found the criminals who stole the ATM. It turned out that they did not have enough 16 hours to open the safe installed inside with the help of a grinder. If you use gas-plasma or plasma cutting, then, firstly, an alarm will go off (temperature increase) and a private security company will arrive, and secondly, there may be a layer of concrete in the safe.

Although in 2010, Moscow law enforcement officers with great difficulty managed to detain a gang of intruders who opened ATMs literally like tin cans - it took them less than a minute.

Of course, the ATM can be blown up. However, after the explosives, attackers often leave with nothing. It is worth not calculating a little, and either the device costs whole and unharmed, or they are left alone from the money.

An advanced version of this method was an explosion with the help, which is pumped into the safe, for example, through the hole for issuing banknotes. Then the temperature does not rise, and the explosion knocks out the door of the safe.

Sensors remain the main danger for criminals when opening the device in place. These are temperature sensors, and vibration sensors, and gas analyzers, and alarms for damage to various parts of the ATM. If something works at the beginning of the autopsy, then the attacker will be taken "lukewarm".

Negotiate with an ATM

Another method that is gaining popularity is the Drilled Box, a cross between a physical and a logical attack. Criminals drill an ATM in a place they know, connect to the control center and break into it already. The controlled device independently, without dust and noise, gives the criminals all the money in it. To fix the vulnerability, for example, it is necessary to strengthen the protection in the place where the hole is made, but updating the ATM fleet is not a quick business.

Attackers steal small amounts using the so-called cash trapping. The main principle is to disrupt the work of the shutter, the mechanism that gives out money. In this case, the cardholder tries to withdraw money, but the bills get stuck and the operation is cancelled. He sees the inscription that the operation is interrupted, and goes to another place. There is no debiting of money from his card. And the scammers, when the victim left the place, come up and take out banknotes.

Sometimes a stolen or compromised card is used in cache trapping. Having such a card, first the criminals set up a shutter, and then withdraw as much money as they can. Just in case, let's explain that as a way to "earn" on your card, this will not work, because banks always receive information about such operations. And if you still manage to withdraw money, then avoiding responsibility is unlikely.

Steal a card

Copying a card and picking up a pin code is a technically complex, but at the same time, safe way for an attacker. A so-called skimmer is installed on the card reader or card reader at the entrance door to the service area - a device with a reading magnetic head. It either accumulates information about the cards or transmits it over the air. They also often have a video camera installed that allows you to see the pin code.

Note that skimmers, if you are prepared, are not so difficult to notice - the devices themselves are quite large. Recently, however, criminals are increasingly using an improved method - shimming. It uses a thin and flexible gasket that is inserted into the card reader and does not interfere with the introduction of media into them.

It is impossible for ordinary people to notice such devices. But the method has its downsides. First, it is a really expensive and complex technology. Secondly, you still have to find out the pin code somehow. That is, overlays on the keyboard or video cameras are used, which are already possible to recognize.

After receiving secret information, scammers make fake cards and withdraw money from them. As a rule, this takes place in another country in order to avoid liability.

A less common, albeit highly original, method is the installation of fake ATMs. Citizens try to use them, see an error and go to another ATM, not realizing that they have just opened their bank card.

Recall that no copying threatens those who use cards with a chip. It is not yet possible to read information from him, at least there is no information about such cases.

computer hacking

As with all computer security, hackers who gain access to both ATMs and devices that are on the same network with them remain a serious problem.

For example, in February 2015, it became known about an attack on 30 banks that lost up to $ 1 billion in total. The victims turned to specialists after they noticed that ATMs began to issue banknotes just like that, without any action from the outside. As it turned out, the hackers hacked into the computers of bank employees using emails with attachments, then gave commands to ATMs through the local network.

But these are big scams. And if you return to the ground, then in the event of inadequate protection, hackers can gain control of the ATM even through a normal network port, access to which is outside the ATM. By connecting the device to a fake processing center, an attacker will be able to insert any card, enter any pin code and withdraw all the money in the ATM.

However, you can go further: every ATM can be turned into a skimmer with the help of a virus. The infected machine is activated after entering a special pin code on a special card, and then, to cover the tracks, the following code destroys all traces of the malware. Data of all used cards get to scammers

Each such case is a serious puncture in the field of security, and most banks try to prevent these episodes in advance. But, as already mentioned, it is still far from a full-fledged renewal of the ATM network. Somewhere the banking network may not be segmented, somewhere the ATM does not provide authentication for data exchange, somewhere the white lists of applications that are allowed to run are not configured.

Why it works

First of all, because the banks spending on full-fledged protection, as it turns out, is still less than possible losses. And it is likely that it will never be possible to completely get rid of this type of crime.

A large network of ATMs is an advantage for customers, so banks often install them in places that are not very safe. Or they save on signaling, hoping for, which is sometimes easy to bypass. In the end, sometimes security is just one employee of the private security company, which can be attacked and neutralized. It is also not uncommon for criminals to break into bank branches. This is because the management buys less fortified devices there and thus lures criminals.

Reliable protection would be special paint cassettes inside the safe, which make it pointless to open it. After all, dirty money still cannot be used or exchanged. However, this is too expensive, and such cassettes are widely used only in cash-in-transit vehicles when transporting large amounts of money.

Maxim Konnov

Despite the fact that theft is a criminal offense and you can get a considerable prison term, this does not stop criminals.

They come up with new ways of being citizens. To know what methods of money withdrawal are used by attackers most often and how to protect your savings, read on.

How is money stolen from ATMs?

Thieves are very creative and use many methods to steal your money. But the most common are two types of illegal withdrawal of funds from payment terminals:

1. skimming

A special device is installed on the ATM card reader, which reads information from the magnetic strip of a plastic card. Attackers can only use it.

1. "Lebanese noose"

To carry out this scam, a kind of “pocket” is glued to the terminal, where the money you withdraw goes. The ATM signals the issuance of funds, but in fact you do not receive them. As soon as you step away from the device to complain to the bank or call the support service, the scammers calmly pull out the money and leave.

Most often, money is stolen from an ATM using special devices that read information from the card.

Bank customers

To steal funds from plastic cards, fraudsters often use different devices:

1. Additional keyboard

A special overlay is attached to the real ATM keyboard, which fixes the combinations of the entered PIN codes.

1. miniature video camera

It is fixed next to the ATM keyboard so that you can see which numbers of the pin code you are typing.

1. "Pockets" for banknotes

This has already been discussed above. These are ordinary plastic envelopes that close the slot for issuing money.

1. Fake ATMs

Installed in crowded places to obtain information about the cards of future victims. Naturally, they don't work.

1. Malware

Payment terminals become infected with a virus that transmits to scammers information about all used bank cards.

If you see a suspicious device on an ATM, do not use it and call technical support.

Now online thefts are also actively developing - hacking bank accounts without using physical impact.

To gain access to your e-wallets and accounts, criminals do not even need to leave their homes. They use the following methods:

1. Phishing

Attackers send a letter or SMS message with a virus to your e-mail. It comes on behalf of a well-known brand or the bank itself (payment system). As soon as you open the email, you will "infect" your PC with malware. It will collect information about your passwords, logins, payment card numbers, and then transfer the data to the sender or automatically transfer money from your wallets to the details of the hacker.

1. Winlocker implementation

Winlocker is a malicious computer program that blocks the Windows operating system. In this case, a notification will appear on your screen stating that the computer cannot be operated. To unlock it, you must enter a special password. Of course, for it you need to pay a certain amount to the specified number. After transferring funds, scammers send a code, but the problem may arise again.

The thefts from bank cards and electronic wallets committed via the Internet are becoming increasingly popular among fraudsters.

Bank

A new way to instantly withdraw money from an ATM is called the drilled box. Everything is ingenious and simple - criminals drill a hole in an ATM and connect a special device (tire). It is she who pumps funds out of the terminal.

However, independent manufacturers have invented a device that controls the connection to the ATM information bus and helps prevent such attacks. When connected externally, the ATM simply stops responding to commands from scammers.

Most modern terminals are well protected from hacking and viruses.

Recently, many ATMs in our country came under attack by a new dangerous virus. First, it hacks into the bank's network outer loop and the device administration server in a closed network, and then attacks the ATMs directly.

To prevent such incidents, it is necessary to implement specialized information security programs and engage third-party contractors to reduce the risk of security gaps.

Problems with the withdrawal of funds arise from banks that have not updated the software to the required level.

New ways to steal money from bank cards

Thieves never stop there. Just recently, several new ways to steal money from ATMs have been discovered.

Here are some examples:

1. "Cutting"

Not so long ago, scammers stole several million rubles by cutting and gluing bills of different denominations together. The "updated" money was credited to the attackers' bank cards through terminals. After cashing out the funds, the criminals again made a money cycle.

1. "Guiding Thread"

Another swindler attached a strong thread to a five-thousandth bill and, using this simple device, robbed an ATM for 200 thousand rubles. He put the banknote into the terminal many times, and after the funds were credited to his account, he pulled it back out.

1. "Own course"

There is also a known case when hackers infiltrated the computer system of an ATM and "raised" the dollar to 1.5 thousand rubles. They exchanged 800 dollars for 1.2 million rubles.

Kaspersky Lab experts recently uncovered another interesting scheme. Employees of financial institutions began to complain about the arbitrary issuance of money to people who do not even try to withdraw them.

During the check, a malicious program was found on computers connected to terminals. The hackers gained access to the computers of bank employees, after which they transferred money to their accounts or cashed it out through ATMs. More than 30 banks around the world suffered from their actions, but they still have not been found.

The novelties in the world of fraudulent devices also include shimmers - flexible metal plates thinner than a human hair. They are inserted into the ATM card reader and reads data from plastic cards. This method can be called a modernized skimming.

How to protect your funds from theft?

To protect your savings as much as possible, you need to follow a few simple rules:

• try to withdraw cash from ATMs located in financial institutions, and not in shops or shopping centers;
• inspect the terminal for suspicious devices;
• if the ATM does not see your card or does not give it away after the transaction is completed, do not leave the terminal and call the support service;
• activate SMS notifications to be aware of changes in your account. If you did not make any transactions, and the money was debited, immediately call the bank and block the card.

Be vigilant, and then you will not fall into the "paws" of scammers.

And if trouble does occur, do not sit idly by - contact a competent lawyer. He will tell you what can be done to return the stolen funds and punish the attackers.

Indeed, ATMs invariably attract the attention of financial scammers. Usually, attackers use traditional methods to steal funds - they open the device or take cash along with the "packaging", taking the device away from the bank branch. But the most inventive come up with very unusual methods.

ON THIS TOPIC

banknote mosaic

In the Astrakhan region, criminals stole four million rubles by cutting and gluing banknotes. For their machinations, they used six five-thousandth notes and one thousandth. Each of them was cut into six pieces and glued together. As a result, one improved banknote with a face value of five thousand rubles was obtained, one sixth of which consisted of a thousandth.

The remaining pieces of five thousandth bills were combined and turned into an "extra" banknote. Updated, but insolvent money was credited to cards through ATMs. Having cashed out the funds, the criminals were able to make the money cycle again.

improvised means

In Saratov, a resourceful schemer deceived a payment terminal using an ordinary strong thread. Having attached a thread to a five thousandth bill, he repeatedly lowered it to be credited to the account, and then pulled it back. Before the arrest, the offender managed to steal 200 thousand rubles.

In Moscow, attackers tried to steal money by pumping gas from a cylinder for portable gas stoves into an ATM. They glued an electric motor from a Chinese toy to the cash dispenser and pressed a button on the remote control. As a result of the explosion, not only the ATM was damaged, but also the lobby of the bank branch. And the unlucky criminals were forced to retire empty-handed.

Creativity

Another unusual method of theft was invented by three intruders from Udmurtia. They installed counterfeit ATMs of a non-existent bank in Moscow, the Moscow Region and Sochi. Trusting citizens tried to use the machines to make money transactions. As a result, the scammers managed to find out the passwords of more than a thousand bank cards.

In Ufa, hackers, having penetrated the computer system of an ATM, hacked the service code and "set" the dollar at the level of 1.5 thousand rubles. As a result, they managed to exchange $800 for 1.2 million rubles. Within a month, one of the hackers was detained.

money is slipping

In the Ukrainian Dnieper, resourceful thieves stole more than 40,000 hryvnias from ATMs using adhesive tape. The criminals installed a special overlay on the device - a plastic panel identical in color to the one intended for issuing money. An adhesive tape was glued to its back, which delayed the bills during the issuance by the machine.

The panel was fastened in such a way that the money got stuck when exiting through the ATM bill acceptor. The device turned out to be blocked, information about the error was displayed on the screen. The client, having taken the card, went in search of another ATM. And resourceful thieves removed the pseudo-panel along with adhesive tape and took away the money attached to it.

"Raging" ATMs

Kaspersky Lab specialists managed to uncover yet another scheme for embezzlement of funds from banks.Representatives of financial institutions have repeatedly complained thatthat ATMs spontaneously dispensed funds to people who did nothing with them.As a result of the check, it turned out that no malicious programs were installed on the devices themselves. However, such a program was found in a computer that was part of a single network with ATMs.

Thus, hackers gained access to the PCs of bank employees. Then they used legal withdrawal methods: they transferred money using the SWIFT system or cashed out through ATMs.

The perpetrators have not yet been caught. Meanwhile, 30 financial institutions became victims of their illegal actions, most of which are located in Russia, the USA, Germany, China and Ukraine. Individual thefts reached $ 10 million, and the total financial losses of all affected banks have already approached a billion dollars, reports.

Meanwhile, Sberbank spoke about the appearance in Russia of a relatively new method of stealing money from ATMs. It has been reported that this method of stealing, called the drilled box, can only be applied to certain types of devices.

First, criminals drill a small hole in the body of the ATM, and then connect a special bus to it and use it to pump money out of the device. Like Dni.Ru, the fraudulent scheme was uncovered about five months ago. However, the ATM manufacturer has not yet responded to the problem.

Recall that the theft of funds in Russia is a criminal offense. Depending on its severity, the Criminal Code provides for punishment under Article 159 in the form of fines from 80,000 to 200,000 rubles, forced labor for up to two years, or imprisonment from one to six years.