{"id":257477,"date":"2021-05-24T15:00:33","date_gmt":"2021-05-24T12:00:33","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/how-hackers-are-using-raspberry-pi-to-hack-atms-cloudsavvy-it\/"},"modified":"2021-05-24T15:00:33","modified_gmt":"2021-05-24T12:00:33","slug":"how-hackers-are-using-raspberry-pi-to-hack-atms-cloudsavvy-it","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/how-hackers-are-using-raspberry-pi-to-hack-atms-cloudsavvy-it\/","title":{"rendered":"#How Hackers Are Using Raspberry Pi to Hack ATMs \u2013 CloudSavvy IT"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2fcc722b044\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2fcc722b044\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/how-hackers-are-using-raspberry-pi-to-hack-atms-cloudsavvy-it\/#Hitting_the_Jackpot\" >Hitting the Jackpot<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/how-hackers-are-using-raspberry-pi-to-hack-atms-cloudsavvy-it\/#The_Modus_Operandi\" >The Modus Operandi<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/how-hackers-are-using-raspberry-pi-to-hack-atms-cloudsavvy-it\/#Step_1_Where_Are_the_Targets\" >Step 1: Where Are the Targets?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/how-hackers-are-using-raspberry-pi-to-hack-atms-cloudsavvy-it\/#Step_2_What_Are_the_ATM_Makes_and_Models\" >Step 2: What Are the ATM Makes and Models?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/how-hackers-are-using-raspberry-pi-to-hack-atms-cloudsavvy-it\/#Step_3_Install_Malware\" >Step 3: Install Malware<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/buradabiliyorum.com\/en\/how-hackers-are-using-raspberry-pi-to-hack-atms-cloudsavvy-it\/#Step_4_Jackpot\" >Step 4: Jackpot<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/buradabiliyorum.com\/en\/how-hackers-are-using-raspberry-pi-to-hack-atms-cloudsavvy-it\/#Variations_on_a_Theme\" >Variations on a Theme<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/buradabiliyorum.com\/en\/how-hackers-are-using-raspberry-pi-to-hack-atms-cloudsavvy-it\/#We_Dont_Know_The_True_Scale\" >We Don\u2019t Know The True Scale<\/a><\/li><\/ul><\/nav><\/div>\n<p><strong>&#8220;#How Hackers Are Using Raspberry Pi to Hack ATMs \u2013 CloudSavvy IT&#8221;<\/strong><\/p>\n<div id=\"article-content-area\">\n<figure style=\"width: 1000px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"type:primaryImage wp-image-11461 size-full\" data-pagespeed-lazy-src=\"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/05\/2cc3216b.jpg?width=1200&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"free cash atm\" width=\"1000\" height=\"663\" src=\"https:\/\/www.shutterstock.com\/image-photo\/london-uk-0316-person-withdrawing-money-1937602240\" data-credittext=\"Shutterstock\/Yau Ming Low\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><figcaption class=\"wp-caption-text\"><span class=\"type:primaryImage imagecredit\"><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.shutterstock.com\/image-photo\/london-uk-0316-person-withdrawing-money-1937602240\">Shutterstock\/Yau Ming Low<\/a><\/span><\/figcaption><\/figure>\n<p>Cybercriminals are waging a war against banks, emptying their ATM machines of money. Their tools of choice are malware, a key from eBay, and a Raspberry Pi. Here\u2019s how they\u2019re doing it.<\/p>\n<h2 id=\"hitting-the-jackpot\"><span class=\"ez-toc-section\" id=\"Hitting_the_Jackpot\"><\/span>Hitting the Jackpot<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>It is more than ten years since the late hacker and cybersecurity researcher Barnaby Michael Douglas Jack demonstrated to an enraptured audience how he could compromise automatic teller machines. Jack\u2019s presentation took place on July 28, 2010, at the Black Hat USA conference in Las Vegas.\u00a0Unlike the famous slot machines of Las Vegas, the two ATMs on stage with Jack could be made to dispense cash until they were empty\u2014every time. Reliably and repeatedly.<\/p>\n<p>It\u2019s fitting that the term\u00a0<em>jackpotting<\/em>\u00a0was coined in what is likely the world\u2019s most famous gambling town. It\u2019s used to describe attacks that target ATMs and empty them. The other common ATM attack is\u00a0<em>skimming<\/em>, in which users\u2019 PIN numbers and the data from their cards are copied and used to create cloned cards.<\/p>\n<p>Jackpotting is on the increase, resulting in tens of millions of dollars being lost each year. Hundreds of thousands of ATMs have been hit in Asia and Europe, and attacks are increasing in the U.S. Some estimates say ATMs of 100 different banks in 30 countries have been hit since 2016, netting the various threat actors in the region of $1 billion.<\/p>\n<p>These large-scale operations are sophisticated. They require planning, surveillance, a small army of ground-troops or mules, some knowledge, some malware, and some equipment. Gone are the days when you chain the ATM to your truck and drive away with it.<\/p>\n<p>Now you can use a Raspberry Pi.<\/p>\n<h2 id=\"the-modus-operandi\"><span class=\"ez-toc-section\" id=\"The_Modus_Operandi\"><\/span>The <em>Modus Operandi<\/em><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>An ATM is effectively a computer in a strengthened enclosure linked to drawers full of money. Regrettably, the operating system inside the computers isn\u2019t as hardened as the enclosure the computer sits in. Most run on Windows 7, although Windows XP is also common. These are outdated operating systems that should have been retired a long time ago. Their vulnerabilities are plentiful and well understood by cybercriminals.<\/p>\n<p>Malware packages can be bought on the dark web to exploit the vulnerabilities in these operating systems and to interact with the ATM software. They have names like atmspitter, cutlet maker, green dispenser, fast cash, and pylon. Prices range from around $200 to $1000 dollars, depending on the make and model of the ATMs you\u2019re targeting.\u00a0Some of the malware packs contain compromised proprietary software belonging to the ATM manufacturers.<\/p>\n<p>You\u2019ll also spend about $150 for the bits of equipment you\u2019re going to need, including your Raspberry Pi.<\/p>\n<h3 id=\"step-1-where-are-the-targets\"><span class=\"ez-toc-section\" id=\"Step_1_Where_Are_the_Targets\"><\/span>Step 1: Where Are the Targets?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>The ATMs in a city are m<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ed and studied. Good targets are the ones with high use, because these are loaded with the most money. Ideal targets are high-value ATMs in areas of poor or no surveillance.<\/p>\n<p>Attacks are usually scheduled for days such as Black Friday or Valentine\u2019s Day when ATMs are loaded with up to 20 percent more money than usual. ATMs are also loaded with extra money in the weeks leading up to Christmas because many will have received their annual or Christmas bonus in their pay.<\/p>\n<h3 id=\"step-2-what-are-the-target-makes-and-models\"><span class=\"ez-toc-section\" id=\"Step_2_What_Are_the_ATM_Makes_and_Models\"><\/span>Step 2: What Are the ATM Makes and Models?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Knowledge of the ATM hardware lets you buy the appropriate malware and the appropriate key to open the ATM enclosure. Some manufacturers put their name on the ATM somewhere, which makes identification easier. The big names in ATM manufacture are Diebold Nixdorf, Wincor Nixdorf, NCR, Triton, and Hitachi-Omron.<\/p>\n<p>Photographing the ATM lets you get assistance from dark web contacts or Google image search to determine the make and model. Once you are armed with the versions of ATMs you are going to compromise, you can search dark web markets\u2014and even clear web outlets such as Ali Baba and eBay\u2014for ATM maintenance keys.<\/p>\n<p>Prices for these start at $10 and rise to about $50. You\u2019ll use the key to open the ATM and access the USB ports.<\/p>\n<h3 id=\"step-3-install-malware\"><span class=\"ez-toc-section\" id=\"Step_3_Install_Malware\"><\/span>Step 3: Install Malware<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>The USB ports on ATMs are restricted and will only accept a connection from a keyboard or a mouse. This is to allow servicemen to perform maintenance on the units. You will have loaded the malware onto your Raspberry Pi, and obtained a battery so that it can run as a portable unit.<\/p>\n<p>The malware is written in a way that convinces the ATM that the Raspberry Pi is a keyboard.\u00a0Stored commands tumble out of the Raspberry Pi into the ATM, and the ATM dutifully follows them.<\/p>\n<h3 id=\"step-4-jackpot\"><span class=\"ez-toc-section\" id=\"Step_4_Jackpot\"><\/span>Step 4: Jackpot<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>It\u2019s possible to cause an ATM to spit out banknotes at a rate of 40 bills in 20 or so seconds, or roughly 120 in a minute. If they\u2019re $100 dollar bills that\u2019s $12,000 per minute.<\/p>\n<p>Jackpot indeed.<\/p>\n<h2 id=\"variations-on-a-theme\"><span class=\"ez-toc-section\" id=\"Variations_on_a_Theme\"><\/span>Variations on a Theme<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Large-scale jackpotting hits many ATMs at once, which means you need to have a lot of people on the streets performing these attacks and bringing you the money. These are the cheap mules at the lower end of the criminal spectrum. With a bit of coaching and training, these low-level operatives are capable of doing the physical side of the attack, and the malware does the rest.<\/p>\n<p>It\u2019s cheaper to equip a mule with a Raspberry Pi than a laptop, and a Raspberry Pi is easier to conceal on your person. Sometimes the Raspberry Pi is fitted with a $70 global system for mobile communications (GSM) receiver so that it accepts commands via SMS text message.<\/p>\n<p>Another variant is to insert a USB memory stick into the ATM and reboot it off an operating system in the memory stick. When the ATM has booted, you can install the malware directly into the ATM\u2019s currently dormant operating system. When you reboot the ATM using its regular operating system you can control the malware by inserting a specially created card, or via a secret key combination on the ATM\u2019s keypad.<\/p>\n<p>ATMs contain remote access software so that they can be supported and maintained remotely. If you can compromise this software, you can control your collection of zombie ATMs remotely. All your mules have to do is be at the right place at the right time to pick up the money.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"We_Dont_Know_The_True_Scale\"><\/span>We Don\u2019t Know The True Scale<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>There\u2019s a belief that a lot of ATM theft goes unreported, so we don\u2019t really know the true scale of the problem. We do know two things, however. The first is that the jackpotting we do know about is already massive. The second is, it\u2019s going to continue to grow.<\/p>\n<p>Until the ATM manufacturers take ATM security seriously cybercriminals are going to view ATMs as boxes full of money just waiting to be emptied.\n<\/p><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.cloudsavvyit.com\/11402\/how-hackers-are-using-raspberry-pi-to-hack-atms\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#How Hackers Are Using Raspberry Pi to Hack ATMs \u2013 CloudSavvy IT&#8221; Shutterstock\/Yau Ming Low Cybercriminals are waging a war against banks, emptying their ATM machines of money. Their tools of choice are malware, a key from eBay, and a Raspberry Pi. Here\u2019s how they\u2019re doing it. Hitting the Jackpot It is more than ten&#8230;<\/p>\n","protected":false},"author":1,"featured_media":257478,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/05\/2cc3216b.jpg","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-257477","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/257477","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=257477"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/257477\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/257478"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=257477"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=257477"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=257477"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}