Russian hackers have discovered a novel technique to rip off Millions of dollars from banks and ATMs.
Criminals in Russia used a technique, called “Reverse ATM Attack,” and stole 252 Million Rubles (US$3.8 Million) from at least five different banks, according to the information obtained by Russian digital intelligence firm Group-IB.
What is Reverse ATM Attacks?
According to the intelligence firm, an attacker would deposit sums of 5,000, 10,000 and 30,000 Rubles into legitimate bank accounts using ATMs, and immediately withdraw the same amounts right away with a printed receipt of the payment transaction.
The details included in the receipt, containing a payment reference number and the amount withdrawn, would then be transferred to a partner hacker, who had remote access to the infected POS terminals, usually located outside of Russia.
The partner hacker would then use these details to perform a reversal operation on a POS terminal that would lead them into believing that the withdrawals were declined, thereby tricking thousands of American and Czech point-of-sale (POS) terminals, Forbes explained.
Meanwhile, it would appear to the bank as if the attempt to withdraw cash was cancelled, for example: when the customer has insufficient funds and then the same cash amount will be transferred to the attacker’s bank account using a global “money mule” network.
Now, Hackers would repeat these steps as long as the targeted ATM did not end cash.
Hackers Stole $3.8 Million in Cash from ATM Hack
Group-IB said the firm had seen at least five such incidents at five different Russian banks, the criminal activity starting in summer 2014 and finishing in the first quarter of 2015.
The hackers leveraged weaknesses in the withdrawal, transfer and verification stages of credit card transactions used in Russia and managed to bypass checks recommended by VISA and MasterCard.
Here ‘Checks’ means:
- When the reverse operation targets a single bank, transaction details provided by VISA is not verified by the affected banks.
- When ATM Withdrawals were made in one country and cancelled/reversed in another, certain verification points were again missed.
Group-IB is working with the federal authorities to investigate further into the whole money laundering scheme.