Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Cybergang Compromises Every ATM In Russian City

timothy posted more than 3 years ago | from the equal-opportunity dept.

Crime 74

Orome1 writes "A group of fraudsters has been arrested in Yakutsk and Moscow for allegedly compromising all the ATMs in the city of Yakutsk — population: around 210,000 — in the Republic of Yakutia in the Russian Federation. Three of the men formed the actual criminal group, and the fourth — a Moscow-based malware developer — was 'subcontracted' by them and received 100,000 rubles (some $3200) to develop a custom ATM virus with which they would infect the devices."

Sorry! There are no comments related to the filter you selected.

In Russia... (2, Funny)

Anonymous Coward | more than 3 years ago | (#34443906)

ATM's take money from you.

Re:In Russia... (-1)

Anonymous Coward | more than 3 years ago | (#34443918)

Like will still make you gay, even in Russia.

Re:In Russia... (-1, Redundant)

spartacus_prime (861925) | more than 3 years ago | (#34443984)

ATM compromises you!

How could it be that easy? (3, Funny)

yog (19073) | more than 3 years ago | (#34443956)

The article said one was a sys admin who apparently had access to the ATM's, and another was a former IT director, but still you'd think there'd be some security to prevent some crooked employee from just emptying out an ATM whenever he felt like it.

Scary how easy it was to compromise an entire city like that. I think I'll stop using ATMs for a while and switch back to bank tellers. Then again, humans are pretty easy to infect, too, using this virus called "money" that makes them do diabolical things.

When MacAfee comes out with a human honesty scanner, that'll help a lot.

Re:How could it be that easy? (4, Informative)

AvitarX (172628) | more than 3 years ago | (#34444240)

but still you'd think there'd be some security to prevent some crooked employee from just emptying out an ATM whenever he felt like it.

Considering they were caught before they could do anything I would say it's a fair assumption.

Re:How could it be that easy? (0)

Anonymous Coward | more than 3 years ago | (#34444422)

The machines probably do have something to try and keep normal people from emptying them it, but then some people can find exploits in the machines.

Wasn't there a Black Hat presentation recently showing how, with about 30 seconds of physical access or for the many machines with remote access enabled(he says it is the default(or at least it was at the time, might still be)), he could install a modified firmware that would let him bring up a new menu (with hidden key sequence or specially labeled card) that would let him "jackpot" the machine?

I want to say I also remember the presentation showing that while the cash box was good and locked, the processor part was fairly easy to access.

Not only that, but I think he also had it set up to save a copy of what the machine saw on the cards people inserted into it. Why bother attaching a skimmer if you can have the machine itself do the recording? Nothing for people to see that indicates that something is amiss. And it looks like he had the remote management setup so he could grab the track data remotely.

Re:How could it be that easy? (1)

Luckyo (1726890) | more than 3 years ago | (#34444664)

The article said one was a sys admin who apparently had access to the ATM's, and another was a former IT director, but still you'd think there'd be some security to prevent some crooked employee from just emptying out an ATM whenever he felt like it.

There probably is, as they got caught.

Re:How could it be that easy? (1)

beakerMeep (716990) | more than 3 years ago | (#34445282)

When MacAfee comes out with a human honesty scanner, that'll help a lot.

I don't wanna know what happens when McAffee forces a reboot... [slashdot.org]

Re:How could it be that easy? (1)

ambrosen (176977) | more than 3 years ago | (#34445324)

Yes, you'd hope so, wouldn't you.

But it's worth reading this article in The Register, one of their best ever: http://www.theregister.co.uk/2005/10/21/phantoms_and_rogues/ [theregister.co.uk]

It seems it happened in the UK in the 1990s.

Re:How could it be that easy? (1)

tokencode (1952944) | more than 3 years ago | (#34445468)

If MacAfee ever comes out with a product for humans I'm running as far and as fast as I can. It already helps to eliminate the human "money virus" even without being installed in us.

Re:How could it be that easy? (1)

garompeta (1068578) | more than 3 years ago | (#34446344)

About the human infections: I wonder how you would prevent penetrations in the "backdoor".

The ATM's should have been using HOSTS files (0)

Anonymous Coward | more than 3 years ago | (#34443960)

Everyone knows that HOSTS files despite being slower, more difficult to maintain and distrubte and not preemptive or reactive in the least to threats, have magical powers to stop viruses!

APK

P.S. ==> We really need to get the word out and let people know, HOSTS files are the only method 100% SECURE against unknown threats.

Re:The ATM's should have been using HOSTS files (1)

TheRaven64 (641858) | more than 3 years ago | (#34444356)

Nice troll, but next time, remember that apk always signs his semi-literate ramblings about the benefits of hosts files with apk, not APK.

Malware guy got ripped off (1)

Anonymous Coward | more than 3 years ago | (#34444038)

They paid him only $3200 to compromise every ATM in a city of 210K people? That doesn't seem like nearly enough.

Re:Malware guy got ripped off (0)

Anonymous Coward | more than 3 years ago | (#34444368)

That really depends on the effort:risk:reward ratio.

If he whipped up the malware in 10 hour, and the purchaser has no physical evidence which could trace back to him, then $3200 for that contracted job is pretty good.

Re:Malware guy got ripped off (1)

asdf7890 (1518587) | more than 3 years ago | (#34445160)

The worth of earnings are relative. How much is $3200 worth against the cost of living where he is located? It could be a small fortune.

Also the market might not bare a larger fee. There could be a lot of developers capable of doing what he did available and that as much and any other factor has a significant effect on the asking price for a job.

Re:Malware guy got ripped off (0)

Anonymous Coward | more than 3 years ago | (#34452398)

How much is $3200 worth against the cost of living where he is located? It could be a small fortune.

Considering an average price of approx. $2000 for a *small* one-room apartment *close* to the center of Moscow, it is a good thing that you've included "could" in the second quoted sentence.

Re:Malware guy got ripped off (1)

shutdown -p now (807394) | more than 3 years ago | (#34453744)

Moscow is insanely expensive compared to practically everywhere else in Russia. Within Moscow, it also gets even more insanely expensive as you get closer to the center. Still, $2k is way too much for a one-room apartment. You can find one right in the center for $1k.

Now, Yakutsk - that's out in the middle of nowhere, pretty much. I couldn't even find any apartments for rent online. But I'd expect it to be $300 for a 1-room, top.

Average wage in Russia: $530 a month (0)

Anonymous Coward | more than 3 years ago | (#34445360)

Average net wage in Russia is about 400 euros (~530 dollars) a month. The differences within middle class are large but not massive (average wage for engineers in russia is some $800 a month, give or take) As can be expected, it is more than that in the big cities but less than that in the more rural areas. As such, this sum was about half a year's worth of wages over there (And several months' worth of wage even for educated people)... It is difficult to find exact and comparable statistics (average vs. median and other differences in the methods...) but based on WorldSalaries.org, the closest corresponding number I can find (median net income) of USA is about $2,300. So the $3.2k isn't all that insignificant amount in Russia.

It also isn't all that easy country for software engineers. They are affordable but can't quite compete with price when it comes to India. They also suffer a lot from the same problems (fake degrees. If you have money, it is easy to get a degree whether you know anything or not. If you don't have money... Well, you probably aren't going to study in any decent school anyways) as India. They need foreign clients both for money and for supervision (The companies that do a lot of international business tend to be rather competent and the corruption is relatively low.) but the negative stereotypes about russians run deep (and it would be outright lie to say that they have no merit. Try drive a foreign car there for a week and count how many times you have to bribe the cops. No, the answer is not going to be "0". And don't say "It's unethical! You should not support that corruption!" if you've never been in that situation. Trying to not pay bribes - IE: The minor fine for whatever reasons they just made up - is quite troublesome and after an hour or three of sitting in the same room with the cop, you are going to just give up... But the IT sector is surprisingly efficient when you look at the general situation.)

Despite all that, I considered Russia to be a rather good outsourcing location. Haven't had to regret that decision.

Cybergangs? (3, Insightful)

deadhammer (576762) | more than 3 years ago | (#34444044)

Why aren't they just a "gang"? Is it because this crime has to do with technology and is, therefore, magically different than any other crime? If these guys had robbed all the banks in the city the traditional way, we wouldn't call them a "bankgang" or a "robberygang", would we? If they skimmed money the traditional way (bribes and scams) would we call them a "financegang"?

Re:Cybergangs? (2)

AvitarX (172628) | more than 3 years ago | (#34444220)

No, but they would probably be differentiated, and if they specialized in tech crime it's a shorter word.

Also we have bank-robbers, not just robbers. This hardly even sounds like a cyber-crime as I've heard them in the past, as it doesn't appear to have taken place using cyber-space (or proximity wouldn't have been a factor).

I would even say the fact that location was a factor makes it not a cyber-crime (as the media uses the word).

Re:Cybergangs? (0)

TeknoHog (164938) | more than 3 years ago | (#34444334)

if they specialized in tech crime it's a shorter word.

So every high-tech crime has something to do with robotics or other control/feedback systems? http://en.wikipedia.org/wiki/Cybernetics [wikipedia.org]

Re:Cybergangs? (1)

jovius (974690) | more than 3 years ago | (#34444344)

If these guys had been shooting we'd call them BangGang. Nah, Automated Teller Machine Gang should do just fine.

Use Russian ATMs? Really? (1)

Frosty Piss (770223) | more than 3 years ago | (#34444662)

Here's the thing, though... WHO in their right mind would use an ATM is Russia anyway? Good grief, I'd be surprised if they were *NOT* compromised.

If I were to visit Russia, I think I would opt for in-bank transactions and cash-only, *OR* a special limited balance account set up SPECIFICALLY for that trip, to be shit-canned upon return home.

Re:Use Russian ATMs? Really? (2)

Phroggy (441) | more than 3 years ago | (#34444858)

Here's the thing, though... WHO in their right mind would use an ATM is Russia anyway? Good grief, I'd be surprised if they were *NOT* compromised.

If I were to visit Russia, I think I would opt for in-bank transactions and cash-only, *OR* a special limited balance account set up SPECIFICALLY for that trip, to be shit-canned upon return home.

OK, but what if you actually LIVED in Russia and weren't just visiting?

Re:Use Russian ATMs? Really? (1)

Frosty Piss (770223) | more than 3 years ago | (#34444906)

OK, but what if you actually LIVED in Russia and weren't just visiting?

The same conditions apply. Cash only. I would not use a service that was guaranteed to steal all my money. Why would I, *ESPECIALLY* if I was a local?

Re:Use Russian ATMs? Really? (2)

Jade_Wayfarer (1741180) | more than 3 years ago | (#34449944)

Speaking as local, I'm really surprised to read this comment. For more than three years of using credit card I've never experienced any problems with it. None of my friends did too. And not only in Moscow, but in several other cities too. I do trust my bank and it's security measures, and all cases of credit card info theft I know of happened in US or Europe.

Now, for example, one thing I am scared of is US airport security. And how would it look if I'd said something like that: "It's a service guaranteed to humiliate you in every possible way. Why would I use it, *ESPECIALLY* if I was local?"

Re:Use Russian ATMs? Really? (1)

shutdown -p now (807394) | more than 3 years ago | (#34453762)

You'd be forced to use it, pretty much, because most organizations these days pay their employees by transferring the money into their bank accounts. Quite often you don't even get the choice of the bank where that account will be - they'll just open one for you and give you the bank card.

Re:Use Russian ATMs? Really? (5, Informative)

CRCulver (715279) | more than 3 years ago | (#34445190)

I've used ATMs all over the Soviet Union, from the metropolises like Moscow and Almaty to provincial capitals hit hard by job loss and economic migration away. I've never experienced theft of my bank card details. The crime carried out in Yakutsk is not a widespread problem in Russia. To be honest, I'd be more worried using my card in the US when stories keep coming out like those gas pumps that had been tampered with, though again that's probably the media just blowing it out of proportion.

Re:Use Russian ATMs? Really? (1)

Freultwah (739055) | more than 3 years ago | (#34446412)

Newsflash: the Soviet Union ceased to exist in 26 December 1991 and there were no ATMs to be found anywhere in the region back then.

Re:Use Russian ATMs? Really? (2)

Sectrish (949413) | more than 3 years ago | (#34446484)

He probably just forgot to type the word "former" by accident, as he also mentioned Almaty, which afaik is a city in Kazakhstan (part of the former Sovient Union).

Re:Use Russian ATMs? Really? (1)

drolli (522659) | more than 3 years ago | (#34448500)

I had no problems with that.

I didn't use the ATMs in university entrance halls, small shopping malls etc, but the ones in banks or very public places; i obviously did not use a credit card in small shops. The likeliness something bad will happen to you (e.g. Policemen doubting your registration and getting you stuck for several hours unless you pay up their "fee") by making yourself recognizable as a foreigner who uses some strange paths outweighs the possible loss (BTW: i always limit my cards to a reasonable amount - even in countries which believe they are more civilized.)

Re:Cybergangs? (1)

gr8fulnded (254977) | more than 3 years ago | (#34444704)

>If they skimmed money the traditional way (bribes and scams) would we call them a "financegang"?

No, we'd probably call them "Congressman".

Cybernetic implants, of course (1)

HalAtWork (926717) | more than 3 years ago | (#34445218)

These people actually have cybernetic implants, making them cybogs, hence the "cyber" prefix. Gangs are traditionally are very discriminatory, so each member of the gang is a cyborg, making them a "cyber-gang". Each member of the cyber-gang can hold up to 80 gigabytes in their brains, which is what they used to store the payload which remained undetected by norms.

I can fit more then 80g in my pocket but in Russia (1)

Joe The Dragon (967727) | more than 3 years ago | (#34445682)

I can fit more then 80g in my pocket but in Russia you need a brain to fit that much?

Bankstas! :D (1)

antdude (79039) | more than 3 years ago | (#34445236)

See this Sinfest comic strip [sinfest.net] . :)

Re:Cybergangs? (0)

Anonymous Coward | more than 3 years ago | (#34446020)

The difference is probably that a cybergang member can be a nerd, because he never needs to be ready for physical resistance. Kind of like someone playing an MMORPG.

Re:Cybergangs? (1)

khchung (462899) | more than 3 years ago | (#34449754)

If they skimmed money the traditional way (bribes and scams) would we call them a "financegang"?

No, we would call them "identity theft" so the customers will suffer the losses and banks won't be responsible at all.

Re:Cybergangs? (1)

mapkinase (958129) | more than 3 years ago | (#34452858)

The new term is usually used when there is a significant difference in phenomena.

Gangs control the physical territory, racket business, collect from shady businesses, universally use violence.

Cybergangs do nothing of that.

Dig a sewer to Yakutsk! (1)

FatSean (18753) | more than 3 years ago | (#34444048)

Now I'm glad I didn't win that prize from MTVski.

This needs to happen more often (3, Insightful)

dingen (958134) | more than 3 years ago | (#34444094)

Maybe then the world will learn not to run Windows on these kind of devices.

Time to go back to OS/2! (2)

Joe The Dragon (967727) | more than 3 years ago | (#34444254)

Time to go back to OS/2!

Re:Time to go back to OS/2! (1)

dingen (958134) | more than 3 years ago | (#34444786)

No, not at all. What is a general purpose desktop operating system for PC's doing on a single purpose device such as an ATM in the first place?

Re:This needs to happen more often (1)

grasshoppa (657393) | more than 3 years ago | (#34444304)

In my experience, it's not windows that's the problem, but the actual ATM software.

I can almost guarantee that if the developers and put the same skill in to developing a linux variant, we'd see them compromised just as often.

Re:This needs to happen more often (1)

Arker (91948) | more than 3 years ago | (#34445132)

Then why do the older OS/2 terminals still seem to be more reliable?

Re:This needs to happen more often (1)

grasshoppa (657393) | more than 3 years ago | (#34445354)

Again, it's not really the OS; it's the application.

Although I suppose the argument can be made that the more complex and the more facilities provided by the OS, the more likely developers will abuse them.

I have supported applications, running on linux, which have made the server act just like a stereotypically windows box.

Of course, as I understand it, OS/2 is no longer supported. Hence, you aren't allowed to run it in a financial capacity.

OS/2 still has support (0)

Anonymous Coward | more than 3 years ago | (#34469206)

It is not entirely true that OS/2 is not supported.

First, eComStation is the current version of OS/2. It comes with support and it has been reported that some financial institutions have purchased it.

Second, IBM still offers a Service Extension and Total Content Ownership (TCO) offering for OS/2. It mainly consists of defect support for large customers with an install base. Fixes and such are not made available to the public, but based on the specific issue and customer. From what I understand it was primarily offered for customers such as financial instutuions. You can read about it here http://www.ibm.com/software/os/warp-withdrawal/services.html

Third, existing OS/2 customers are able to purchase new licenses of the latest code base on a case-by-case basis (again with the understanding that support is limited). While that means that the average computer user can't purchase on OS/2 license directly from IBM anymore, I'm sure large banks would likely fall into the exception category.

Re:This needs to happen more often (5, Insightful)

Walter White (1573805) | more than 3 years ago | (#34444310)

My roots as an MS hater go back to DOS long before Windows. And I disagree with your claim.

Given access from by the former head of IT, it would be feasible to engineer a compromise for any OS. If they had physical access, anything is possible. Perhaps they even had access to the dev environment which was used to program the machines.

Re:This needs to happen more often (2)

morgan_greywolf (835522) | more than 3 years ago | (#34444326)

I actually agree with this. A few years ago, I was shocked to learn that new ATMs were being installed with Windows XP. The ATM at a local gas station I frequent -- I think it's some sort of Diebold model -- actually has a more-or-less stock Windows XP, complete with Solitaire and Minesweeper! I couldn't make this stuff up if I wanted to. WTF do you need Solitaire and Minesweeper on an ATM?

Seems to me they could save lots of money using one of those ARM SoCs and a stripped-down embedded Linux. It'd be tons more secure.

Re:This needs to happen more often (0)

Anonymous Coward | more than 3 years ago | (#34445192)

This has nothing to do with Windows you retard. Stop burying your head in the sand.

Evident Risk joke (3, Funny)

Progman3K (515744) | more than 3 years ago | (#34444176)

about Yakutsk usually being easy to protect

In Russian Republic of Yakutia . . . . (1)

Latent Heat (558884) | more than 3 years ago | (#34444556)

. . . ATM defrauds you!

Re:Evident Risk joke (2)

PaulMeigh (1277544) | more than 3 years ago | (#34444990)

Except of course when a large North American army is passing through Kamchatka.

Re:Evident Risk joke (0)

Anonymous Coward | more than 3 years ago | (#34445020)

I'm making a RISK game clone for a class and so I was super-excited to know where Yakutsk was.

Re:Evident Risk joke (1)

DarthVain (724186) | more than 3 years ago | (#34459914)

I was waiting for some kind of RISK reference.

Another Paypal Story (1)

retech (1228598) | more than 3 years ago | (#34444322)

For a moment I thought this was a second story in a row about Paypal being complete corporate douche bags.

Re:Another Paypal Story (0)

Anonymous Coward | more than 3 years ago | (#34444394)

For a moment I thought this was a second story in a row about Paypal being complete corporate douche bags.

No, it pretty clearly doesn't mention Paypal at all. Not even if you wanted it to. Learn2read.

$3200????????? (4, Informative)

Ryanrule (1657199) | more than 3 years ago | (#34444476)

fuckin software guys are underpaid everywhere

Re:$3200????????? (1)

Anonymous Coward | more than 3 years ago | (#34445168)

Dunno, seems to me like quite a lot to pay to fuck a software guy.

Re:$3200????????? (0)

Anonymous Coward | more than 3 years ago | (#34452970)

Have you ever seen a software guy? Or smelled one?? Not nearly enough money.

We have a similar gang of fraudsters in US (3, Interesting)

Ada_Rules (260218) | more than 3 years ago | (#34444730)

They've got ATMs all over the place. They run this Ponzi scheme where people give them money and then they loan out almost all of it to other people. Eventually this money gets re-deposited and again they loan out almost all of it. This cycle continues until the total amount of money that they own to depositors is substantially larger than the actual money they can ever get their hands on. They try to re-coup this by charging crazy fees on their ATMs and monthly fees for getting to play in the scheme but in the end like all Ponzi schemes, this one crashed.

So get this, then, they have these other dudes with guns who force people to pay them money so that it can be funneled back into the Ponzi scheme to keep it going.

On second thought, what we have here is far worse than in Russia. Damn Bank of America.

Re:We have a similar gang of fraudsters in US (1)

guyminuslife (1349809) | more than 3 years ago | (#34445810)

Oh, give it a rest.

Re:We have a similar gang of fraudsters in US (1)

Sarten-X (1102295) | more than 3 years ago | (#34448612)

Except that the loans eventually get paid back. Those that don't are made up in other loans' fees and interest. If all loans were paid back at once, there'd be exactly the same amount of value (cash & investments, adjusted for inflation) on hand to pay out to depositors as they deposited in the first place, more or less.

Economics is mostly a lot of connected zero-sum games. For every loan, a person gets an equal amount of cash and debt. The fact that there's a way to increase the magnitude of the numbers involved does not change their sum. All accounts eventually add up to zero.

Those who try to game the system to get more cash end up screwing over others by producing extra debt, in the form of higher interest rates and more fees. This is why several banks worldwide collapsed recently: Too many risky loans defaulted, leaving the banks without enough cash. The money didn't just disappear. It had gone to many different places, like the manufacturer of the big-screen TV in the foreclosed home. The cash went to other people, but the banks were left with the debt. The fees and interest rates weren't high enough to gather the necessary cash, so the banks failed their commitments.

Sure, it's a big shock to see that banks can seemingly produce cash at will, but they're also producing an equal amount of debt. A Ponzi scheme is only one-way, with no intent of ever returning the money that was deposited. It exists purely to push money toward the top of the pyramid, and thus is not a zero-sum game in itself. It is not a fair commercial exchange. It is theft. Fractional banking is fair, so long as the majority of the people involved pay back their debts.

obligatory remark (-1)

Anonymous Coward | more than 3 years ago | (#34444732)

In soviet russia, atm withdraws from you!

Be evil. (1)

sirrunsalot (1575073) | more than 3 years ago | (#34444994)

Who the hell wakes up in the morning, looks in the mirror, and says, "I'm going to be evil today"? Of course these hackers aren't as evil as Nobel Laureate Liu Xiaobo [chinadaily.com.cn] , but I just don't think I'd want to go on living if I ever found myself robbing ATM's or sending billions of spam emails.

Re:Be evil. (0)

Anonymous Coward | more than 3 years ago | (#34445470)

I just don't think I'd want to go on living

Which is why you will instead go on working your middle or lower class job, until the day you drop.

Great wealth is not achieved by men of virtue. The having of great wealth is achieved by the taking of it away from others, with little-to-no regard for how the loss impacts them.

I didn't make the world work this way, and I don't approve of it, but I can observe it, and I can adapt to it.

And so can you.

Cybergang... (1)

orphiuchus (1146483) | more than 3 years ago | (#34445078)

You know, if you'd asked people in the 1980s what they expect "Cybergangs" in 2010 to be, I bet they would guess something way cooler.

Massive Crime (1)

Eadwacer (722852) | more than 3 years ago | (#34446102)

Hundreds of rubles stolen from residents

Practice (1)

the eric conspiracy (20178) | more than 3 years ago | (#34446158)

For the upcoming World Cup in Russia.

Cybergang? (1)

dr. chuck bunsen (762090) | more than 3 years ago | (#34446466)

want to be in a 'Cybergang'! That sounds fucking awesome...

A RISKy proposition. (0)

Anonymous Coward | more than 3 years ago | (#34446628)

I have three armies on Yakutsk and its my turn to roll.

Yakutsk (0)

Anonymous Coward | more than 3 years ago | (#34447546)

All I can remember about Yakutsk is that it didn't have a factory complex and only gave you 1 IPC. I guess things have changed there?

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?