Cyber criminals use text messages to rob ATMs

Using codes via text messages to steal hundreds of dollars from ATMs might seem too easy to be real. Unfortunately, older ATM machines are vulnerable to this new type of cyber-attack, referred to as the “Ploutus” ATM attack.

This is because a majority of older ATMs run on versions of Windows XP, just like a standard computer. However, this specific Microsoft operating system is being cycled out on April 8th, meaning the software company will no longer provide security updates, or “patches,” for Windows XP. This means computers running on XP – including ATMs – will be largely unprotected against viruses and cyber-attacks in the near future.

As April 8th approaches, the banking industry is facing a serious risk of cyber-attacks for ATMs across the country, especially those in more remote locations. In order to complete the robbery, the attacker must gain access into the inside of the ATM and connect a mobile phone, usually via a USB. Getting to the ATM’s inner computer is often not too difficult since the money stored in the ATM is protected separately in a safe.

Once the phone is connected to the ATM it infects the machine with the Ploutus Trojan. Next, the attacker sends SMS commands to the phone connected to the ATM’s network. This command starts up the Ploutus malware to cause the ATM to issue a previously specified amount of cash.

This brings us to the big question: is there a way to protect ATMs from these type of new attacks? While modern ATMs have improved security features, such as encrypted hard-drives, older ATMs running on Windows XP are more susceptible to security holes. Two ways to protect ATMs is by updating their security features and operating system as well as improving the physical security of the computer inside, which could prevent attackers from installing malware.

Note: If your computer is still running on Windows XP, it is highly recommended that you update to a more current system, such as Windows 7 or 8, before April 8th to protect it from future security issues and cyber-attacks.

For more information about the Ploutus attack and how it works, read this Symantec article.

– Hannah Sassi,  Consumer News & Opinion


1 Comment

Filed under News You Can Trust

One response to “Cyber criminals use text messages to rob ATMs

  1. Mark Burrows

    This information is somewhat disturbing. I have told companies countless times to have a programmer come in and build a software to hardware operating system independent of the existing OS platforms out there. In the first place, the software will be created right down to your specifications without the tons of added nonsense software and counterproductive material that runs in the background of say Microsoft or Apple. Apple of course is much more business oriented than Microsoft. Yet other operating systems can be based on platforms such as Linux and others out there that they can be code protected by programmer only structures. So basically, the downside is you would have to contract a firm to maintain your software for problems and updating, but the upside is that you will own the original software and the original programmers codes. Anyone coming in to service your system, will require you to provide the original software, manual, and for you to input the codes.
    Yet, everyone eventually became swayed by the low cost self maintenance of Microsoft and Apple using environments that were as familiar as their home computer.
    See my point? Over abundance equals easy target. When things become common, then of course there is the common denominator in cracking the security codes.
    When you hear about the big international hacker stories, it is because they are always systems that are in constant use by masses of members of population.
    When you see in the movies a hacker going into a private company, with it’s own operating system and over riding it, that is fictional fantasy based on the fact that a lot of public use systems get cracked. Inter company systems do not unless the codes were leaked verbally or in written form.
    Of course there is what is called the random generator, but I would like to actually see one that takes only moments to crack a privately secured system. They don’t exist, in reality a random generator would take months even years to match the electronic codes of a privately written operating system and security encode.
    Now I agree that banks are a bit tougher to protect because they do fall into the public access category, but still, using a Microsoft XP operating system? Also you are suggesting that all older ATMs are like that?
    Then it is not the bank’s fault, it is the company that has standardized the ATM system. I would assume them liable for any losses and use the bank’s legal facilities as my springboard, for surely, they do not wish to be responsible.

    Mark Burrows

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s