Reverse ATM attack used to steal nearly $4 million in cash

Don’t know what is a reverse ATM attack? You are about to find out

 

As banks and financial services are attempting to beef up security in order to preserve funds as much as possible, the level of sophistication with how money is being stolen from these institutes have also increased. Starting from last year, criminals in Russia have found a way to steal nearly 252 million Rubles, which translates into $3.8 million US dollars from five unnamed banks.

They have managed to achieve this feat by using a process called reverse ATM attack. According to the Russian digital intelligence firm Group-IB, reverse ATM attack is able to exploit weaknesses in the international transfer system, allowing criminals to withdraw bundles full of cash with ease. However, according to the security agency, these criminals could have ran away with more cash if they had been more patient, signifying how effective the reverse ATM attack method is when malice is your only intent.

According to Forbes, here is how the process works:

Mules or simple depositors working for these criminals would deposit sums of 5,000, 10,000 and 30,000 Rubles into verified accounts, and after that, they would withdraw the amount from the ATM machine. Afterwards, they take a receipt from the ATM, which details a payment reference number as well as the amount withdrawn by them.

After this process has been successfully carried out, the information is later sent to hackers who then use the data and gain access to thousands of point of sale terminals, which are located in abundance in the US and the Czech Republic. By doing this, they are able to create a ‘reversal operation’ on a terminal that fools the bank into believing the withdrawal of funds had been cancelled.

At the point of sale terminal, this looked as though goods were returned or a payment declined, while to banks it looks like the ATM withdrawal had been cancelled. Funds are returned to the account, though the crooks had already taken the cash and are probably celebrating their payday over a successful, clever and clandestine heist.

The process is continued until there are no physical notes remaining in that particular ATM. This process is then repeated at various locations, which explains how the criminals had been able to steal so much cash in a small amount of time. Group-IB has currently not stated its plans to bring these hackers to justice nor has it specified any other information to the public. However, if we have an update, we will publish it accordingly.