ATM hackers steal £10m across 28 countries in audacious bank heist

The Cosmos Bank robbery involved 14,800 ATM transactions across 28 countries 

Anthony Cuthbertson
Thursday 16 August 2018 09:55
Worldwide ATM hack could see millions withdrawn from banks in major operation warns FBI

Hackers with suspected ties to North Korea have syphoned more than 940 million rupees (£10.5 million) from ATMs around the world in a highly-coordinated attack.

The heist on Cosmos Bank took place across several days, beginning on 11 August, just a day after the FBI warned cyber criminals could be planning a highly-coordinated attack on cash machines.

Hackers carried out the attack by infecting the bank's debit card payment system with malware, which allowed them to self-approve transactions. Fake cards were then used to withdraw money through roughly 14,800 ATM transactions across 28 countries.

Indian media, who first reported the breach, linked the attack to similar hacks previously carried out by Lazarus, a prolific hacking group with ties to North Korea.

"In two days, hackers withdrew [funds] from various ATMs in 28 countries, including Canada, Hong Kong and a few ATMs in India," Cosmos Bank chairman Milind Kale told local reporters.

"We appeal customers to remain calm and not to get panic as savings, term deposits, recurring accounts of all the stakeholders are fully safe.[sic]"

Due to the number of countries involved, Mr Kale warned that it would take "coordinated efforts of all the agencies" in order to recover the stolen money.

Barrie Dempster, head of cyber security consulting at BlackBerry, told The Independent: "With increasing security measures in place, it’s becoming more and more difficult to hack cards, so criminals are aiming for machines. ATMs in particular can be vulnerable to attacks – partially because they offer an immediate pay-out."

A warning sent from the FBI to banks and financial institutions earlier this month stated: "The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an 'unlimited operation'."

An attack on cash machines around the world could be imminent

A similar attack on the National Bank of Blacksburg, first reported by security expert Brian Krebs, resulted in losses of $2.4 million in 2016. It also involved withdrawals from hundreds of ATMs.

Mr Krebs explained in a blog post how the attacks tend to happen, saying that they usually take place on weekends after the banks close for business on Saturday.

"The 2016 unlimited operation against National Bank began Saturday, May 28, 2016 and continued through the following Monday. That particular Monday was Memorial Day, a federal holiday in the United States, meaning bank branches were closed for more than two days after the heist began."

Security experts joined the FBI in advising banks and financial institutions to keep their security software up-to-date and introduce stronger protections in order to prevent similar attacks in the future.

"ATMs rely on operating systems just like domestic computers, so it is common for ATMs to use versions of Windows or Linux," Lu Zurawski, who works at payment software provider ACI Worldwide, said in a statement shared with The Independent. "And just like with home PCs, owners need to keep their systems up to date with the latest releases of security software patches."

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

View comments