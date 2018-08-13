"Cashout": FBI Warns Of Imminent Global ATM Hack

by Tyler Durden
Mon, 08/13/2018 - 22:45

The FBI is warning of an "imminent" global cyberattack on ATM machines that could result in millions of dollars withdrawn from bank accounts far and wide, in a similar "cash-out" attack to one in 2009 which hit ATMs worldwide to the tune of $9 million

"The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an 'unlimited operation'," according to an FBI alert to banks that was obtained by noted cybersecurity expert Brian Krebs

Krebs describes it as a "highly choreographed, global fraud scheme known as an “ATM cash-out,” in which crooks hack a bank or payment card processor and use cloned cards at cash machines around the world to fraudulently withdraw millions of dollars in just a few hours." 

"Historic compromises have included small-to-medium size financial institutions, likely due to less robust implementation of cyber security controls, budgets, or third-party vendor vulnerabilities. The FBI expects the ubiquity of this activity to continue or possibly increase in the near future," the FBI statement reads. 

In other words, financial institutions which haven't upgraded to the latest and greatest in security measures are vulnerable to attack. And since banks will likely reimburse anyone affected by the breach, the FBI's warning should particularly interest small-to-mid sized banks using outdated technology. 

In July, two similar "unlimited operation" attacks resulted in losses of $2.4 million from the National Bank of Blacksburg according to Krebs, who broke the story. 

In both cases, the attackers managed to phish someone working at the Blacksburg, Virginia-based small bank. From there, the intruders compromised systems the bank used to manage credits and debits to customer accounts.

The 2016 unlimited operation against National Bank began Saturday, May 28, 2016 and continued through the following Monday. That particular Monday was Memorial Day, a federal holiday in the United States, meaning bank branches were closed for more than two days after the heist began. All told, the attackers managed to siphon almost $570,000 in the 2016 attack.

The Blacksburg bank hackers struck again on Saturday, January 7, and by Monday Jan 9 had succeeded in withdrawing almost $2 million in another unlimited ATM cashout operation. -Krebs On Security

Meanwhile, the FBI is advising banks on best security practices, such as two-factor authentication using physical or digital tokens, as well as beefed up password requirements. 

The FBI issued a similar alert in 2009, after a "wave of thieves fanned out across the globe nearly simultaneously. With cloned or stolen debit cards in hand—and the PINs to go with them—they hit more than 2,100 money machines in at least 280 cities on three continents, in such countries as the U.S., Canada, Italy, Hong Kong, Japan, Estonia, Russia, and the Ukraine."

When it was all over—incredibly within 12 hours—the thieves walked off with a total of more than $9 million in cash. And that figure would’ve been more had the targeted ATMs not been drained of all their money.

The alleged masterminds of this slick scheme—prosecutors charged earlier this month following an extensive FBI investigation assisted by other federal agencies and our partners around the globe—were three 20-something Eastern Europeans and an unnamed person called simply “Hacker 3.” -FBI (via archive.is)

We're sure the establishment's cashless society will fix all these annoying vulnerabilities. 

JuliaS runswithscissors Mon, 08/13/2018 - 23:16 Permalink

So what they're saying is that Turkey is creating a contagion leading to a global financial collapse and people are about to rush to the ATM's to withdraw cash, and the bankers don't want them to? Instead they want the populus to fear hackers and stay away from ATM's while they stuff the briefcases with our money and sail off to private islands?

Got it!

cbxer55 Giant Meteor Mon, 08/13/2018 - 23:04 Permalink

Yes, I am sure you're correct. I've said it before, they came on here some time ago, registered a whole bunch of phishy id's. Then they use them one-by-one. When one gets banned, boom up comes another with the same damn scam. Nobody here is dumb enough to click their links. I dare say even our dimocrat members here know better. One would hope so leastways.

This site should go back to the days when you had to answer a math question in order to be approved. Captcha wasn't it? When they eliminated that, they opened themselves up to these asshats.

Curiously_Crazy e_goldstein Mon, 08/13/2018 - 23:08 Permalink

Given we know how much actual "cash" they have compared to the value on their books held in 0's and 1's I'd say the banks would be the very last to spread such a story.

They have to cover the fraudulent activity anyway if the event does occur, having people clammer to withdraw non existent pieces of paper is the last thing they'd need on top of it.

GoldenDonuts Mon, 08/13/2018 - 22:49 Permalink

So what they really are saying is that they (The CIA deepstate whatever) are going to use the information that they have stolen by spying on EVERYONE to steal your money and blame it on some chinese guy with funny glasses living in his mom's basement in Toledo.

Duc888 Mon, 08/13/2018 - 22:59 Permalink

 

 

Yea, fuck the FBI.   Lotsa fucking cred there.  Fuck all of them.  Pink slips for every one of the useless motherfuckers.

mattfriend88 Mon, 08/13/2018 - 23:00 Permalink

"And since banks will likely reimburse anyone affected by the breach"

Ever try to get a bank to right such a wrong?  You would think that you can make a call, "I was hacked."  Oh, I am so sorry sir, click, click, click, okay the money is back in your account.  No, you have to fill out a multi page affidavit, get it notarized, call and pester the bank,  then maybe they will give you your money back. 

 

 

cbxer55 mattfriend88 Mon, 08/13/2018 - 23:09 Permalink

I got hacked once, some time ago. My computers security sytem had expired. I wasn't on automatic renewal at the time. During the time I logged on, and re-upped my security system, someone hacked me over in Italy (of all places). Bought some trinket from some Italian website. Called the bank and informed them, siad I can't read, write or speak Italian. They refunded me the money without me ever leaving my home, next day. 

Golden Showers Mon, 08/13/2018 - 23:02 Permalink

I haven't used an ATM in 20 years.

But I suppose in the future, fingerprints, facial recognition, retinal scanning, dna tests, hair samples, brethalyzers and anal probes will all be imployed by every ATM for your security and privacy. Oh, and you can get extra big ass fries with it as long as you put your tattoo in that shit.

MusicIsYou Mon, 08/13/2018 - 23:21 Permalink

Yeah I know, eventually the interest on national debt is going to exceed what government can pay, so instead they are going to empty people's bank accounts to pay interest, and blame it on hackers.