ATMs are Vulnerable

ATM Hacked

Avoiding credit-card scams is easy as long as you use cash. What happens when getting cash proves just as perilous? Hackers have developed a very sophisticated ATM hack that’s almost impossible to detect, requires neither an ATM card nor a preexisting PIN, and is being used in the United States.

Moscow-based security firm Kaspersky Lab covered the issue on its blog, explaining that ATM scams are on the rise worldwide. The company’s native Russia is a particular hotspot, but the U.S. is second in the number of reported infections.

Scammers start by unlocking an ATM’s enclosure, probably with a default master key, and using a CD to infect the machine with a piece of malware known as Backdoor.MSIL.Tyupkin. Days later, they return to the machine and use Tyupkin to dispense up to 40 bills without the need for verification.

Tyupkin only works on ATMs that run Windows 32-bit operating systems and are made by a major manufacturer that Kaspersky Lab did not name. Furthermore, Tyupkin accepts commands only in the dead of night on certain days of the week, keeping the exploit well-hidden most of the time.

When a malefactor does run the program, he or she needs a specially generated PIN based on an algorithm unique to the malware. Then, he or she can withdraw 40 bills at a time directly from the ATM: no user account required.


The good news (if you can call it that) is that since the hack affects ATMs directly, everyday users don’t need to worry about this particular hack too much, unless their bank eventually folds due to nonstop theft.

Banks can theoretically also catch malefactors in the act with security cameras, since the scammers must be on-premises both to install the malware and withdraw cash. However, it’s difficult to differentiate a scammer and a regular customer from afar, especially if they’re blocking the screen with their bodies.

Kaspersky Lab suggests that banks change the locks on their ATM enclosures, since criminals often have master keys, and install physical alarms to go off when an ATM enclosure is opened. Banks that don’t tighten their security could find their oversights very costly.

A well-known hack that works on older mini bank ATM’s

These are usually rounder at the top and say mini bank across it.

1. Once you’ve found the atm, press and hold down the ‘ENTER’ ‘CANCEL’ CLEAR’ buttons for about 3-5 seconds.

2. Then, let go of all 3 buttons and press the ‘1’ ‘2’ and ‘3’ keys in order. You should now see a screen that says enter password.

3. Sometimes, the owners don’t change the default passwords. if this is the case, you will have full power. The account you want to get into is the admin account. The default password can be ‘555555’ or ‘666666’.

4. If you get in, the menu options are self explanatory. Other default passwords for lower-access accounts can be ‘111111’, ‘222222’, ‘333333’ or ‘444444’.

This is for educational purposes only. Use at your own risk.

About Deepak Devanand

Seeker of knowledge
This entry was posted in Kali Linux, Security, Uncategorized and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s