What happens in an ATM, doesn’t always stay in an ATM

By Richard Arneson

It’s either not talked about often or doesn’t happen that frequently. But it should come as no surprise to learn that there is that targets ATMs. It makes perfect sense. ATMs run software, require connectivity and are stuffed with cash. Let me say that again—they’re stuffed with cash.

The latest ATM is quite different than your average , though. Actually, it’s a lot different. The malware, named WinPot, turns ATMs owned by an unnamed, but apparently well-known, vendor into slot machines. They’re selling it on the dark web for upwards of a thousand bucks. They created an interface that crudely mimics a one-armed bandit. Dials represent each of the ATM’s four (4) cassettes, which are the areas in which the cash is held (the design is to prevent an ATM from emptying its entire contents at a single time).

It’s no game of chance

WinPot differs from a traditional slot machine in one (1) very significant way—there’s no chance or luck involved. Once the “spin” button is tapped, the cash starts flowing. And after a cassette has emptied its cash, a “scan” button instructs the ATM to look for other cassettes that are still loaded with money. The slot machine-like interface is apparently for comedic effect only.

WinPot is not the first malware to attack ATMs. In fact, it’s not even the first to combine ill-gotten gains with laughs, or at least a hacker’s version of humor. Two (2) years ago, Cutler Maker was made available on the dark web for five (5) grand. It was loaded by plugging a flash drive into an ATM USB port. The interface looked more like the menu from a 1950’s-era diner. The felon served as virtual cook and accessed ATM cassettes by pushing “Check Heat”, then extracted cash with the cleverly labeled “Start Cooking” button.

Thankfully, illegally pulling cash from ATMs is no slam dunk

Just last year, Qin Qisheng, a software engineer from China, detected an operating system weakness in ATMs used by Huaxia Bank. Apparently, the OS created a small sliver of time at midnight during which ATM withdrawals weren’t recorded. He withdrew approximately $1 million prior to being arrested. His defense? He was storing the cash in his account for safekeeping, and, once the window had been sealed shut, would return the loot. Qin may know software, but he’s no Clarence Darrow. His defense didn’t hold up in court. He was sentenced to over ten (10) years in prison.

Stay steps ahead of by working with these folks

To find out how to secure your organization’s network and protect its mission critical data, contact GDT’s tenured and talented engineers and security analysts at SOC@GDT.com. From their and Network Operations Centers, they manage, monitor and protect the networks of companies of all sizes, including those for some of the most notable enterprises, service providers, healthcare organizations and government agencies in the world. They’d love to hear from you.

If you want more information about network security, read more about it here:

Google launches itself into cybersecurity space

Getting Stuffed at Dunkin’ Donuts?

Security Myths Debunked

State of the Union address focuses on technology–briefly

The technology arms race was just amped up

Apparently, cyber attackers also consider imitation to be the sincerest form of flattery

Last week’s DHS “alert” upgraded to “an emergency directive”

The Collection #1 data breach—sit down first; the numbers are pretty scary

Shutdown affects more than workers

DDoS Attacks will deny a Massachusetts Man Ten (10) years of Freedom

Phishing for Apples

This isn’t fake news

Don’t get blinded by binge-watching

Mo Money, Mo Technology―Taylor Swift uses facial recognition at concerts

Step aside all ye crimes—there’s a new king in town

Q & A for a Q & A website: Quora, what happened?

They were discovered on Google Play, but this is no game

And in this corner…

Elections are in, but there’s one (1) tally that remains to be counted

Hiring A Hacker Probably Shouldn’t Be Part of Your Business Plan

Gen V

Sexy, yes, but potentially dangerous

Tetration—you should know its meaning

It’s in their DNA

When SOC plays second fiddle to NOC, you could be in for an expensive tune

How to protect against Ransomware