Worldwide ATM hack could see millions withdrawn from banks in major operation, warns FBI

Agency warns banks of an imminent 'cashout' attack by gangs of criminals on cash points around the world

Anthony Cuthbertson
Tuesday 14 August 2018 09:32 EDT
Comments
Worldwide ATM hack could see millions withdrawn from banks in major operation warns FBI

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Cyber criminals are planning a highly-coordinated attack on cash machines around the world that could see millions of dollars withdrawn from customer bank accounts, the FBI has warned.

A confidential alert sent to banks stated that the scheme, known as an "ATM cashout", could take place in the space of just a few hours, most likely on a weekend after banks have closed. The scheme involves cloned cards, together with a hack on a bank or payment processor in order to facilitate the fraudulent withdrawal of funds by gangs of cyber criminals.

"The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an 'unlimited operation'," states an FBI alert to banks that was obtained by cyber security expert Brian Krebs.

The seal of the Federal Bureau of Investigation hangs on the outside of the bureau's Washington, DC headquarters
The seal of the Federal Bureau of Investigation hangs on the outside of the bureau's Washington, DC headquarters (Chip Somodevilla/Getty Images)

"Historic compromises have included small-to-medium size financial institutions, likely due to less robust implementation of cyber security controls, budgets, or third-party vendor vulnerabilities. The FBI expects the ubiquity of this activity to continue or possibly increase in the near future."

A similar attack reported last month resulted in losses of $2.4 million for the National Bank of Blacksburg, Mr Krebs noted, which involved hundreds of ATMs across the United States over the course of several months.

Another incident in Thailand in 2016 saw the state-owned Government Savings Bank lose $360,000 from cash machines in the country.

"Virtually all ATM cashout operations are launched on weekends, often just after financial institutions begin closing for business on Saturday," Mr Krebs explained in a blog post.

"The 2016 unlimited operation against National Bank began Saturday, May 28, 2016 and continued through the following Monday. That particular Monday was Memorial Day, a federal holiday in the United States, meaning bank branches were closed for more than two days after the heist began."

In order to maximise the payout in such attacks, hackers often remove fraud controls like withdrawal limits. This allows perpetrators to empty cash machines of all the money stored in them.

The FBI advised banks to review their security measures, keep their software up to date, and implement stronger protections when possible.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in