Latest in Gear

Image credit: Getty Images

Russian hackers steal $10 million from ATMs through bank networks

The intruders have exploited transfer systems for 18 months.
637 Shares
Share
Tweet
Share
Save

Sponsored Links

Getty Images

The recent rash of bank system hacks goes deeper than you might have thought -- it also includes stealing cash directly from ATMs. Researchers at Group-iB have published details of MoneyTaker, a group of Russian hackers that has stolen close to $10 million from American and Russian ATMs over the past 18 months. The attacks, which targeted 18 banks (15 of which were American), compromised interbank transfer systems to hijack payment orders -- "money mules" would then withdraw the funds at machines.

The first known attack was in the spring of 2016, when MoneyTaker hit First Data's STAR network (the largest transfer messaging system for ATMs in the US). They also compromised Russia's AW CRB network, and swiped documents for OceanSystems' Fed Link system used by roughly 200 banks across the Americas. And in some cases, the group stuck around after the initial heist -- at least one US bank's documents were stolen twice, while the perpetrators kept spying on Russian bank networks.

While it's not clear who's behind MoneyTaker, you're only hearing about them now because they're particularly clever. They've repeatedly switched their tools and methods to bypass software, and have taken care to erase their tracks. For instance, they've 'borrowed' security certificates from the US federal government, Bank of America, Microsoft and Yahoo. One Russian bank did manage to spot an attack and return some of the ill-gotten gains.

This particular hack didn't directly affect users, since it was more about intercepting bank-to-bank transfers than emptying personal accounts. However, it illustrates both the sophistication of modern bank hacks and the vulnerability of the banks themselves. While it would be difficult to completely prevent hacks, it's clear that attackers are having a relatively easy time making off with funds and sensitive data.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
637 Shares
Share
Tweet
Share
Save

Popular on Engadget

Readers weigh in on what makes the OnePlus 7 Pro a worthy contender

Readers weigh in on what makes the OnePlus 7 Pro a worthy contender

View
Magic Leap reportedly only sold 6,000 AR headsets in six months

Magic Leap reportedly only sold 6,000 AR headsets in six months

View
AI-powered Lego sorter knows the shape of every brick

AI-powered Lego sorter knows the shape of every brick

View
Researchers create bone-inspired 3D-printed building materials

Researchers create bone-inspired 3D-printed building materials

View
'Death Stranding' update will fix tiny, hard-to-read text

'Death Stranding' update will fix tiny, hard-to-read text

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr