European cybercriminals have been using USB drives to steal money from cash machines owned by an unnamed bank. Details on the attacks were revealed at the Chaos Computing Congress in Germany recently. The attack involved cutting a hole in the ATM to plug in a USB drive used to install code onto the ATM.
The first word of the thefts surfaced last summer when the bank that was targeted began to notice cash machines being emptied despite safeguards in place to prevent thefts. Once the thieves finished their theft at a cash machine, they would patch up the hole to allow the same exploit to be used at other machines.
The flash drives were used to install software that the thieves could run whenever they wanted by entering a special 12 digit numerical code. When the special code was entered, they could launch a special interface for the machine.
That special interface showed all of the money in the machine and how many notes of each denomination were inside. The display of all the denominations of bills in the machines allowed the thieves to target only the largest bills so they were exposed for the least time possible. Interestingly, the thieves who created the USB drives also mistrusted their fellow crooks and the hack required a second code that changed frequently to be entered to remove the cash. That second code was presumably given when the thief called another member of the organization.