Criminals swaps guns for USBs as cash machines were emptied repeatedly using malware stored on the memory sticks.

ATM Emptied Using USB Stick
Cyber criminals used intimate knowledge of a European bank\'s ATMs to steal cash using an infected USB stick. Reuters

It was once the case that banks were robbed using tommy guns and getaway cars, but those days are long gone, as a report last week revealed a 90% decrease in bank robberies in the last two decades.

However as traditional bank robberies wane, traditional criminals have been replaced by cyber-criminals who use sophisticated techniques to steal huge amounts of money in a matter of minutes.

The latest scam to be uncovered saw numerous cash machines belonging to an unnamed European bank targeted during 2013 with the cyber criminals using a humble USB stick to allow them to steal money from the machines.

The operation was uncovered in July but on revealed on Monday, by a couple of researchers at the annual Chaos Computing Congress in Hamburg, Germany. The researchers asked for their names not to be published.

Cut holes

The gang behind the attacks, which had very intimate knowledge of the technical details of the cash machines, cut holes in the ATMs to allow them to insert a USB stick which was infected with specially written malware.

The gang would cover up the holes again once the malware had been uploaded, allowing them to revisit the same ATMs over and over. The bank involved was at a loss as to how their cash machines were being emptied as there was no obvious physical damage to the exterior or the safe where the cash was held.

When stealing money, the gang inputted a special 12-digit PIN code which overrides the traditional software and presents the cyber criminals with a new interface, telling them how much of each denomination was present, allowing them to quickly access the most money in the least amount of time.

Profound knowledge

The researchers added the organisers displayed "profound knowledge of the target ATMs" and had gone to great lengths to make their malware code hard to analyse.

However the criminal gang was also highly suspicious of its own members going out on their own, and so built in a mechanism which meant the person at the ATM had to call back to headquarters in order to get a second PIN code, based on numbers displayed on the ATM screen which changed everytime the operation was carried out.

The ATMs interface would reset to the traditional interface once the criminals had finished emptying the machine, making it more difficult to notice anything suspicious was happening.