Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Crime Security The Almighty Buck IT Your Rights Online

Cybergang Compromises Every ATM In Russian City 74

Orome1 writes "A group of fraudsters has been arrested in Yakutsk and Moscow for allegedly compromising all the ATMs in the city of Yakutsk — population: around 210,000 — in the Republic of Yakutia in the Russian Federation. Three of the men formed the actual criminal group, and the fourth — a Moscow-based malware developer — was 'subcontracted' by them and received 100,000 rubles (some $3200) to develop a custom ATM virus with which they would infect the devices."
This discussion has been archived. No new comments can be posted.

Cybergang Compromises Every ATM In Russian City

Comments Filter:
  • by Anonymous Coward

    ATM's take money from you.

  • by yog ( 19073 ) * on Saturday December 04, 2010 @12:39PM (#34443956) Homepage Journal

    The article said one was a sys admin who apparently had access to the ATM's, and another was a former IT director, but still you'd think there'd be some security to prevent some crooked employee from just emptying out an ATM whenever he felt like it.

    Scary how easy it was to compromise an entire city like that. I think I'll stop using ATMs for a while and switch back to bank tellers. Then again, humans are pretty easy to infect, too, using this virus called "money" that makes them do diabolical things.

    When MacAfee comes out with a human honesty scanner, that'll help a lot.

  • by Anonymous Coward

    They paid him only $3200 to compromise every ATM in a city of 210K people? That doesn't seem like nearly enough.

    • The worth of earnings are relative. How much is $3200 worth against the cost of living where he is located? It could be a small fortune.

      Also the market might not bare a larger fee. There could be a lot of developers capable of doing what he did available and that as much and any other factor has a significant effect on the asking price for a job.
  • Cybergangs? (Score:4, Insightful)

    by deadhammer ( 576762 ) on Saturday December 04, 2010 @12:48PM (#34444044)
    Why aren't they just a "gang"? Is it because this crime has to do with technology and is, therefore, magically different than any other crime? If these guys had robbed all the banks in the city the traditional way, we wouldn't call them a "bankgang" or a "robberygang", would we? If they skimmed money the traditional way (bribes and scams) would we call them a "financegang"?
    • by AvitarX ( 172628 )

      No, but they would probably be differentiated, and if they specialized in tech crime it's a shorter word.

      Also we have bank-robbers, not just robbers. This hardly even sounds like a cyber-crime as I've heard them in the past, as it doesn't appear to have taken place using cyber-space (or proximity wouldn't have been a factor).

      I would even say the fact that location was a factor makes it not a cyber-crime (as the media uses the word).

    • by jovius ( 974690 )
      If these guys had been shooting we'd call them BangGang. Nah, Automated Teller Machine Gang should do just fine.
    • Here's the thing, though... WHO in their right mind would use an ATM is Russia anyway? Good grief, I'd be surprised if they were *NOT* compromised.

      If I were to visit Russia, I think I would opt for in-bank transactions and cash-only, *OR* a special limited balance account set up SPECIFICALLY for that trip, to be shit-canned upon return home.
      • by Phroggy ( 441 )

        Here's the thing, though... WHO in their right mind would use an ATM is Russia anyway? Good grief, I'd be surprised if they were *NOT* compromised.

        If I were to visit Russia, I think I would opt for in-bank transactions and cash-only, *OR* a special limited balance account set up SPECIFICALLY for that trip, to be shit-canned upon return home.

        OK, but what if you actually LIVED in Russia and weren't just visiting?

        • OK, but what if you actually LIVED in Russia and weren't just visiting?

          The same conditions apply. Cash only. I would not use a service that was guaranteed to steal all my money. Why would I, *ESPECIALLY* if I was a local?

          • Speaking as local, I'm really surprised to read this comment. For more than three years of using credit card I've never experienced any problems with it. None of my friends did too. And not only in Moscow, but in several other cities too. I do trust my bank and it's security measures, and all cases of credit card info theft I know of happened in US or Europe.

            Now, for example, one thing I am scared of is US airport security. And how would it look if I'd said something like that: "It's a service guaranteed
          • You'd be forced to use it, pretty much, because most organizations these days pay their employees by transferring the money into their bank accounts. Quite often you don't even get the choice of the bank where that account will be - they'll just open one for you and give you the bank card.

      • by CRCulver ( 715279 ) <crculver@christopherculver.com> on Saturday December 04, 2010 @03:44PM (#34445190) Homepage
        I've used ATMs all over the Soviet Union, from the metropolises like Moscow and Almaty to provincial capitals hit hard by job loss and economic migration away. I've never experienced theft of my bank card details. The crime carried out in Yakutsk is not a widespread problem in Russia. To be honest, I'd be more worried using my card in the US when stories keep coming out like those gas pumps that had been tampered with, though again that's probably the media just blowing it out of proportion.
      • by drolli ( 522659 )

        I had no problems with that.

        I didn't use the ATMs in university entrance halls, small shopping malls etc, but the ones in banks or very public places; i obviously did not use a credit card in small shops. The likeliness something bad will happen to you (e.g. Policemen doubting your registration and getting you stuck for several hours unless you pay up their "fee") by making yourself recognizable as a foreigner who uses some strange paths outweighs the possible loss (BTW: i always limit my cards to a reasona

    • >If they skimmed money the traditional way (bribes and scams) would we call them a "financegang"?

      No, we'd probably call them "Congressman".

    • These people actually have cybernetic implants, making them cybogs, hence the "cyber" prefix. Gangs are traditionally are very discriminatory, so each member of the gang is a cyborg, making them a "cyber-gang". Each member of the cyber-gang can hold up to 80 gigabytes in their brains, which is what they used to store the payload which remained undetected by norms.
    • See this Sinfest comic strip [sinfest.net]. :)

    • by khchung ( 462899 )

      If they skimmed money the traditional way (bribes and scams) would we call them a "financegang"?

      No, we would call them "identity theft" so the customers will suffer the losses and banks won't be responsible at all.

    • The new term is usually used when there is a significant difference in phenomena.

      Gangs control the physical territory, racket business, collect from shady businesses, universally use violence.

      Cybergangs do nothing of that.

  • Now I'm glad I didn't win that prize from MTVski.

  • by dingen ( 958134 ) on Saturday December 04, 2010 @12:53PM (#34444094)
    Maybe then the world will learn not to run Windows on these kind of devices.
    • Time to go back to OS/2!

      • by dingen ( 958134 )
        No, not at all. What is a general purpose desktop operating system for PC's doing on a single purpose device such as an ATM in the first place?
    • In my experience, it's not windows that's the problem, but the actual ATM software.

      I can almost guarantee that if the developers and put the same skill in to developing a linux variant, we'd see them compromised just as often.

      • by Arker ( 91948 )
        Then why do the older OS/2 terminals still seem to be more reliable?
        • Again, it's not really the OS; it's the application.

          Although I suppose the argument can be made that the more complex and the more facilities provided by the OS, the more likely developers will abuse them.

          I have supported applications, running on linux, which have made the server act just like a stereotypically windows box.

          Of course, as I understand it, OS/2 is no longer supported. Hence, you aren't allowed to run it in a financial capacity.

    • by Walter White ( 1573805 ) on Saturday December 04, 2010 @01:22PM (#34444310)

      My roots as an MS hater go back to DOS long before Windows. And I disagree with your claim.

      Given access from by the former head of IT, it would be feasible to engineer a compromise for any OS. If they had physical access, anything is possible. Perhaps they even had access to the dev environment which was used to program the machines.

    • I actually agree with this. A few years ago, I was shocked to learn that new ATMs were being installed with Windows XP. The ATM at a local gas station I frequent -- I think it's some sort of Diebold model -- actually has a more-or-less stock Windows XP, complete with Solitaire and Minesweeper! I couldn't make this stuff up if I wanted to. WTF do you need Solitaire and Minesweeper on an ATM?

      Seems to me they could save lots of money using one of those ARM SoCs and a stripped-down embedded Linux. It'd be to

  • by Progman3K ( 515744 ) on Saturday December 04, 2010 @01:06PM (#34444176)

    about Yakutsk usually being easy to protect

  • For a moment I thought this was a second story in a row about Paypal being complete corporate douche bags.
  • $3200????????? (Score:4, Informative)

    by Ryanrule ( 1657199 ) on Saturday December 04, 2010 @01:42PM (#34444476)
    fuckin software guys are underpaid everywhere
    • by Anonymous Coward

      Dunno, seems to me like quite a lot to pay to fuck a software guy.

  • by Ada_Rules ( 260218 ) on Saturday December 04, 2010 @02:27PM (#34444730) Homepage Journal
    They've got ATMs all over the place. They run this Ponzi scheme where people give them money and then they loan out almost all of it to other people. Eventually this money gets re-deposited and again they loan out almost all of it. This cycle continues until the total amount of money that they own to depositors is substantially larger than the actual money they can ever get their hands on. They try to re-coup this by charging crazy fees on their ATMs and monthly fees for getting to play in the scheme but in the end like all Ponzi schemes, this one crashed.

    So get this, then, they have these other dudes with guns who force people to pay them money so that it can be funneled back into the Ponzi scheme to keep it going.

    On second thought, what we have here is far worse than in Russia. Damn Bank of America.

    • Oh, give it a rest.

    • Except that the loans eventually get paid back. Those that don't are made up in other loans' fees and interest. If all loans were paid back at once, there'd be exactly the same amount of value (cash & investments, adjusted for inflation) on hand to pay out to depositors as they deposited in the first place, more or less.

      Economics is mostly a lot of connected zero-sum games. For every loan, a person gets an equal amount of cash and debt. The fact that there's a way to increase the magnitude of the number

  • Who the hell wakes up in the morning, looks in the mirror, and says, "I'm going to be evil today"? Of course these hackers aren't as evil as Nobel Laureate Liu Xiaobo [chinadaily.com.cn], but I just don't think I'd want to go on living if I ever found myself robbing ATM's or sending billions of spam emails.

  • You know, if you'd asked people in the 1980s what they expect "Cybergangs" in 2010 to be, I bet they would guess something way cooler.
  • Hundreds of rubles stolen from residents
  • For the upcoming World Cup in Russia.

  • want to be in a 'Cybergang'! That sounds fucking awesome...

Logic is the chastity belt of the mind!