Police have revealed news of a spectacular malware attack by an East European gang in May that managed to steal £1.6 million ($2.5 million) from dozens of ATM machines in cities across the UK.
The malware involved has not been identified, but the 51 targeted ATMs were located some distance apart in Blackpool, Brighton, Doncaster, Liverpool, London, Portsmouth and Sheffield, police said.
Officers from the specialist London Regional Fraud Team (LRFT) this week arrested a 37 year-old man in Portsmouth in connection with the attack, although its size suggests other might still be at large – police are also searching an address in Edmonton, London.
“An extensive, intelligence led investigation has uncovered what we believe is an organised crime gang systematically infecting and then clearing cash machines across the UK using specially created malware,” said DI Dave Strange, LRFT head.
In what sounds close to the perfect crime, the gang had physically “broken into” the ATMs which were infected with malware that eventually deleted itself effectiveley enough to delay investigation.
No customer accounts were compromised but the ATMs were emptied.
“This operation represents a significant disruption against a sophisticated criminal enterprise who used specialist malware to target cash points and steal large quantities of cash," commented Nigel Kirby, deputy director of the National Crime Agency’s Economic Crime Command.
Attacks on ATMs come in a number of forms including attaching skimmers directly to the machines or, more rarely, hacking into them remotely using stolen credentials. This campaign seems to be a newer method that involves physically installing malware on a vulnerable subset of ATMs, something not reported in the UK before.
After being confined to countries such as Russia, news has surfaced in recent months that a range of East European malware, including ‘Tyupkin’ and ‘PadPin’, is being used to execute similar-sounding attacks in other parts of the world.
One worry is the possible software vulnerabilities the malware is targeting – are hackers picking on older ATMs running Windows XP or are there deeper configuration issues with the ATMs themselves? Having invested millions combatting skimmers, banks will be worried.
Despite its size, the latest ATM raid is still small compared to the 2008 attack on RBS WorldPay that lifted £6 million from 2,100 ATMs in the US. An even larger attack in 2012 saw £29 million stolen from ATMs across an extraordinary 27 countries.