ATM hackers steal £10m across 28 countries in audacious bank heist

The Cosmos Bank robbery involved 14,800 ATM transactions across 28 countries 

Anthony Cuthbertson
Thursday 16 August 2018 04:55 EDT
Comments
Worldwide ATM hack could see millions withdrawn from banks in major operation warns FBI

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Hackers with suspected ties to North Korea have syphoned more than 940 million rupees (£10.5 million) from ATMs around the world in a highly-coordinated attack.

The heist on Cosmos Bank took place across several days, beginning on 11 August, just a day after the FBI warned cyber criminals could be planning a highly-coordinated attack on cash machines.

Hackers carried out the attack by infecting the bank's debit card payment system with malware, which allowed them to self-approve transactions. Fake cards were then used to withdraw money through roughly 14,800 ATM transactions across 28 countries.

Indian media, who first reported the breach, linked the attack to similar hacks previously carried out by Lazarus, a prolific hacking group with ties to North Korea.

"In two days, hackers withdrew [funds] from various ATMs in 28 countries, including Canada, Hong Kong and a few ATMs in India," Cosmos Bank chairman Milind Kale told local reporters.

"We appeal customers to remain calm and not to get panic as savings, term deposits, recurring accounts of all the stakeholders are fully safe.[sic]"

Due to the number of countries involved, Mr Kale warned that it would take "coordinated efforts of all the agencies" in order to recover the stolen money.

Barrie Dempster, head of cyber security consulting at BlackBerry, told The Independent: "With increasing security measures in place, it’s becoming more and more difficult to hack cards, so criminals are aiming for machines. ATMs in particular can be vulnerable to attacks – partially because they offer an immediate pay-out."

A warning sent from the FBI to banks and financial institutions earlier this month stated: "The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an 'unlimited operation'."

An attack on cash machines around the world could be imminent
An attack on cash machines around the world could be imminent (Getty Images/iStockphoto)

A similar attack on the National Bank of Blacksburg, first reported by security expert Brian Krebs, resulted in losses of $2.4 million in 2016. It also involved withdrawals from hundreds of ATMs.

Mr Krebs explained in a blog post how the attacks tend to happen, saying that they usually take place on weekends after the banks close for business on Saturday.

"The 2016 unlimited operation against National Bank began Saturday, May 28, 2016 and continued through the following Monday. That particular Monday was Memorial Day, a federal holiday in the United States, meaning bank branches were closed for more than two days after the heist began."

Security experts joined the FBI in advising banks and financial institutions to keep their security software up-to-date and introduce stronger protections in order to prevent similar attacks in the future.

"ATMs rely on operating systems just like domestic computers, so it is common for ATMs to use versions of Windows or Linux," Lu Zurawski, who works at payment software provider ACI Worldwide, said in a statement shared with The Independent. "And just like with home PCs, owners need to keep their systems up to date with the latest releases of security software patches."

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in