Cybersecurity

profileRoz
CSISE3001_HackedATMsCase.pdf
Home>Computer Science homework help>Cybersecurity

2/10/22

CSIS3001 – Intro to Cybersecurity

ATM Hack of

2013 = $40M …in 8hrs

1

1

Learning Objectives:

By the end of this session, students should be able to:

• know business device intrusions, specifically when it relates to ATMs

• be familiar with some of the cyber-physical challenges with ATMs and other business devices

• learn how cyber criminals are collaborating to conduct advanced cyber attacks

2

2

1

2/10/22

What’s an ATM?

• Automated Teller Machines (ATM)

• “Bankomat”

3

What’s an ATM (Cont.)

4

4

2

2/10/22

ATMs Attacks

5

5

ATMs Attacks (Cont.)

6

Source: https://www.youtube.com/watch?v=uKcFgCCwwZ8&feature=youtu.be

6

3

2/10/22

From the Media…

• December 2012 and February 2013, a cyber-ring of criminals, operating in more than 24 countries

• $5 million was stolen around the world on December 21, 2012

• Additional $40 million was stolen on February 19, 2013

• Almost 3000 ATMs in New York City in a matter of hours

• Hackers coordinated with cells on the ground to carry out a precise, sophisticated attack

• Total over $45 million global ATM heist

7

7

From the Media… (Cont.)

• Yonkers NY working-class

– Three worked as bus drivers for special-needs children

– Two worked at Kmart

– Another delivered pizza for Domino’s

• Required ”very very low skills” by operators

• Cyber-ring CC: An organization in Russia

involved in money laundering

• Trips to meet in Bucharest (Romanian capital)

8

8

4

2/10/22

From the Media… (Cont.)

9

9

From the Media… (Cont.)

10

10

5

2/10/22

From the Media… (Cont.)

• Far-reaching and best-coordinated cyber- attack

• Using data stolen from prepaid debit card accounts

• MasterCard alerted USSS

11

11

From the Media… (Cont.)

12

12

6

2/10/22

13

From the Media… (Cont.)

Source:

13

Attack Overview

14

Credit-card

processing company

• Visa and MasterCard prepaid debit cards DB

• Secured 12 account numbers for cards issued by the Bank of Muscat in Oman (Middle east)

• Raised the withdrawal limits

Cashing crews

14

7

2/10/22

Anatomy of the ATMs Breach

15

15

Inside ATM

16

16

8

2/10/22

Inside an ATM (Cont.)

17

17

Inside an ATM (Cont.)

18

18

9

2/10/22

ATM Hack – Closer Look

19

19

ã 2022- -Dr. Yair Levy , College of Computing and Engineering (

Hacking ATM via SMS

20

20

10

2/10/22

41 ATMs in Taiwan in July 2016

21

21

22

ATM Hacking Mitigation

• Use of geo-location + face recognition → 2FA

22

11

2/10/22

23

ATM Hacking Mitigation (Cont.)

• Multibiometrics ATMs

23

• Questions?

• Discussion

24

CYBERSECURITY Everyone's job!

24

12