Cybergang Compromises Every ATM In Russian City

Orome1 writes "A group of fraudsters has been arrested in Yakutsk and Moscow for allegedly compromising all the ATMs in the city of Yakutsk — population: around 210,000 — in the Republic of Yakutia in the Russian Federation. Three of the men formed the actual criminal group, and the fourth — a Moscow-based malware developer — was 'subcontracted' by them and received 100,000 rubles (some $3200) to develop a custom ATM virus with which they would infect the devices."

In Russia...

[Anonymous Coward]

ATM's take money from you.

How could it be that easy?

[yog]

The article said one was a sys admin who apparently had access to the ATM's, and another was a former IT director, but still you'd think there'd be some security to prevent some crooked employee from just emptying out an ATM whenever he felt like it.

Scary how easy it was to compromise an entire city like that. I think I'll stop using ATMs for a while and switch back to bank tellers. Then again, humans are pretty easy to infect, too, using this virus called "money" that makes them do diabolical things.

When MacAfee comes out with a human honesty scanner, that'll help a lot.

Re:How could it be that easy?

[AvitarX]

but still you'd think there'd be some security to prevent some crooked employee from just emptying out an ATM whenever he felt like it.

Considering they were caught before they could do anything I would say it's a fair assumption.

Re:

[Luckyo]

The article said one was a sys admin who apparently had access to the ATM's, and another was a former IT director, but still you'd think there'd be some security to prevent some crooked employee from just emptying out an ATM whenever he felt like it.

There probably is, as they got caught.

Re:

[beakerMeep]

When MacAfee comes out with a human honesty scanner, that'll help a lot.

I don't wanna know what happens when McAffee forces a reboot... [slashdot.org]

Re:

[ambrosen]

Yes, you'd hope so, wouldn't you.

But it's worth reading this article in The Register, one of their best ever: http://www.theregister.co.uk/2005/10/21/phantoms_and_rogues/ [theregister.co.uk]

It seems it happened in the UK in the 1990s.

Re:

[tokencode]

If MacAfee ever comes out with a product for humans I'm running as far and as fast as I can. It already helps to eliminate the human "money virus" even without being installed in us.

Re:

[garompeta]

About the human infections: I wonder how you would prevent penetrations in the "backdoor".

Re:

[TheRaven64]

Nice troll, but next time, remember that apk always signs his semi-literate ramblings about the benefits of hosts files with apk, not APK.

Malware guy got ripped off

[Anonymous Coward]

They paid him only $3200 to compromise every ATM in a city of 210K people? That doesn't seem like nearly enough.

Re:

[asdf7890]

The worth of earnings are relative. How much is $3200 worth against the cost of living where he is located? It could be a small fortune.

Also the market might not bare a larger fee. There could be a lot of developers capable of doing what he did available and that as much and any other factor has a significant effect on the asking price for a job.

Re:

[shutdown -p now]

Moscow is insanely expensive compared to practically everywhere else in Russia. Within Moscow, it also gets even more insanely expensive as you get closer to the center. Still, $2k is way too much for a one-room apartment. You can find one right in the center for $1k.

Now, Yakutsk - that's out in the middle of nowhere, pretty much. I couldn't even find any apartments for rent online. But I'd expect it to be $300 for a 1-room, top.

Cybergangs?

[deadhammer]

Why aren't they just a "gang"? Is it because this crime has to do with technology and is, therefore, magically different than any other crime? If these guys had robbed all the banks in the city the traditional way, we wouldn't call them a "bankgang" or a "robberygang", would we? If they skimmed money the traditional way (bribes and scams) would we call them a "financegang"?

Re:

[AvitarX]

No, but they would probably be differentiated, and if they specialized in tech crime it's a shorter word.

Also we have bank-robbers, not just robbers. This hardly even sounds like a cyber-crime as I've heard them in the past, as it doesn't appear to have taken place using cyber-space (or proximity wouldn't have been a factor).

I would even say the fact that location was a factor makes it not a cyber-crime (as the media uses the word).

Re:

[TeknoHog]

if they specialized in tech crime it's a shorter word.

So every high-tech crime has something to do with robotics or other control/feedback systems? http://en.wikipedia.org/wiki/Cybernetics [wikipedia.org]

Re:

[jovius]

If these guys had been shooting we'd call them BangGang. Nah, Automated Teller Machine Gang should do just fine.

Re:

[Securityemo]

http://tvtropes.org/pmwiki/pmwiki.php/Main/RuleOfCool [tvtropes.org]

Use Russian ATMs? Really?

[Frosty Piss]

Here's the thing, though... WHO in their right mind would use an ATM is Russia anyway? Good grief, I'd be surprised if they were *NOT* compromised.

If I were to visit Russia, I think I would opt for in-bank transactions and cash-only, *OR* a special limited balance account set up SPECIFICALLY for that trip, to be shit-canned upon return home.

Re:

[Phroggy]

Here's the thing, though... WHO in their right mind would use an ATM is Russia anyway? Good grief, I'd be surprised if they were *NOT* compromised.

If I were to visit Russia, I think I would opt for in-bank transactions and cash-only, *OR* a special limited balance account set up SPECIFICALLY for that trip, to be shit-canned upon return home.

OK, but what if you actually LIVED in Russia and weren't just visiting?

Re:

[Frosty Piss]

OK, but what if you actually LIVED in Russia and weren't just visiting?

The same conditions apply. Cash only. I would not use a service that was guaranteed to steal all my money. Why would I, *ESPECIALLY* if I was a local?

Re:

[Jade_Wayfarer]

Speaking as local, I'm really surprised to read this comment. For more than three years of using credit card I've never experienced any problems with it. None of my friends did too. And not only in Moscow, but in several other cities too. I do trust my bank and it's security measures, and all cases of credit card info theft I know of happened in US or Europe.

Now, for example, one thing I am scared of is US airport security. And how would it look if I'd said something like that: "It's a service guaranteed

Re:

[shutdown -p now]

You'd be forced to use it, pretty much, because most organizations these days pay their employees by transferring the money into their bank accounts. Quite often you don't even get the choice of the bank where that account will be - they'll just open one for you and give you the bank card.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[Freultwah]

Newsflash: the Soviet Union ceased to exist in 26 December 1991 and there were no ATMs to be found anywhere in the region back then.

Re:

[Sectrish]

He probably just forgot to type the word "former" by accident, as he also mentioned Almaty, which afaik is a city in Kazakhstan (part of the former Sovient Union).

Re:

[EnglishDude]

I wouldn't call $1,600,000 "out of proportion"

http://www.theregister.co.uk/2006/05/08/shell_suspends_chippin/ [theregister.co.uk]

Re:

[drolli]

I had no problems with that.

I didn't use the ATMs in university entrance halls, small shopping malls etc, but the ones in banks or very public places; i obviously did not use a credit card in small shops. The likeliness something bad will happen to you (e.g. Policemen doubting your registration and getting you stuck for several hours unless you pay up their "fee") by making yourself recognizable as a foreigner who uses some strange paths outweighs the possible loss (BTW: i always limit my cards to a reasona

Re:

[gr8fulnded]

>If they skimmed money the traditional way (bribes and scams) would we call them a "financegang"?

No, we'd probably call them "Congressman".

Cybernetic implants, of course

[HalAtWork]

These people actually have cybernetic implants, making them cybogs, hence the "cyber" prefix. Gangs are traditionally are very discriminatory, so each member of the gang is a cyborg, making them a "cyber-gang". Each member of the cyber-gang can hold up to 80 gigabytes in their brains, which is what they used to store the payload which remained undetected by norms.

I can fit more then 80g in my pocket but in Russia

[Joe The Dragon]

I can fit more then 80g in my pocket but in Russia you need a brain to fit that much?

Bankstas! :D

[antdude]

See this Sinfest comic strip [sinfest.net]. :)

Re:

[khchung]

If they skimmed money the traditional way (bribes and scams) would we call them a "financegang"?

No, we would call them "identity theft" so the customers will suffer the losses and banks won't be responsible at all.

Re:

[mapkinase]

The new term is usually used when there is a significant difference in phenomena.

Gangs control the physical territory, racket business, collect from shady businesses, universally use violence.

Cybergangs do nothing of that.

Dig a sewer to Yakutsk!

[FatSean]

Now I'm glad I didn't win that prize from MTVski.

This needs to happen more often

[dingen]

Maybe then the world will learn not to run Windows on these kind of devices.

Time to go back to OS/2!

[Joe The Dragon]

Time to go back to OS/2!

Re:

[dingen]

No, not at all. What is a general purpose desktop operating system for PC's doing on a single purpose device such as an ATM in the first place?

Re:

[grasshoppa]

In my experience, it's not windows that's the problem, but the actual ATM software.

I can almost guarantee that if the developers and put the same skill in to developing a linux variant, we'd see them compromised just as often.

Re:

[Arker]

Then why do the older OS/2 terminals still seem to be more reliable?

Re:

[grasshoppa]

Again, it's not really the OS; it's the application.

Although I suppose the argument can be made that the more complex and the more facilities provided by the OS, the more likely developers will abuse them.

I have supported applications, running on linux, which have made the server act just like a stereotypically windows box.

Of course, as I understand it, OS/2 is no longer supported. Hence, you aren't allowed to run it in a financial capacity.

Re:This needs to happen more often

[Walter White]

My roots as an MS hater go back to DOS long before Windows. And I disagree with your claim.

Given access from by the former head of IT, it would be feasible to engineer a compromise for any OS. If they had physical access, anything is possible. Perhaps they even had access to the dev environment which was used to program the machines.

Re:

[morgan_greywolf]

I actually agree with this. A few years ago, I was shocked to learn that new ATMs were being installed with Windows XP. The ATM at a local gas station I frequent -- I think it's some sort of Diebold model -- actually has a more-or-less stock Windows XP, complete with Solitaire and Minesweeper! I couldn't make this stuff up if I wanted to. WTF do you need Solitaire and Minesweeper on an ATM?

Seems to me they could save lots of money using one of those ARM SoCs and a stripped-down embedded Linux. It'd be to

Evident Risk joke

[Progman3K]

about Yakutsk usually being easy to protect

In Russian Republic of Yakutia . . . .

[Latent Heat]

. . . ATM defrauds you!

Re:

[PaulMeigh]

Except of course when a large North American army is passing through Kamchatka.

Re:

[DarthVain]

I was waiting for some kind of RISK reference.

Another Paypal Story

[retech]

For a moment I thought this was a second story in a row about Paypal being complete corporate douche bags.

$3200?????????

[Ryanrule]

fuckin software guys are underpaid everywhere

Re:

[Anonymous Coward]

Dunno, seems to me like quite a lot to pay to fuck a software guy.

We have a similar gang of fraudsters in US

[Ada_Rules]

They've got ATMs all over the place. They run this Ponzi scheme where people give them money and then they loan out almost all of it to other people. Eventually this money gets re-deposited and again they loan out almost all of it. This cycle continues until the total amount of money that they own to depositors is substantially larger than the actual money they can ever get their hands on. They try to re-coup this by charging crazy fees on their ATMs and monthly fees for getting to play in the scheme but in the end like all Ponzi schemes, this one crashed.

So get this, then, they have these other dudes with guns who force people to pay them money so that it can be funneled back into the Ponzi scheme to keep it going.

On second thought, what we have here is far worse than in Russia. Damn Bank of America.

Re:

[guyminuslife]

Oh, give it a rest.

Re:

[Sarten-X]

Except that the loans eventually get paid back. Those that don't are made up in other loans' fees and interest. If all loans were paid back at once, there'd be exactly the same amount of value (cash & investments, adjusted for inflation) on hand to pay out to depositors as they deposited in the first place, more or less.

Economics is mostly a lot of connected zero-sum games. For every loan, a person gets an equal amount of cash and debt. The fact that there's a way to increase the magnitude of the number

Be evil.

[sirrunsalot]

Who the hell wakes up in the morning, looks in the mirror, and says, "I'm going to be evil today"? Of course these hackers aren't as evil as Nobel Laureate Liu Xiaobo [chinadaily.com.cn], but I just don't think I'd want to go on living if I ever found myself robbing ATM's or sending billions of spam emails.

Cybergang...

[orphiuchus]

You know, if you'd asked people in the 1980s what they expect "Cybergangs" in 2010 to be, I bet they would guess something way cooler.

Massive Crime

[Eadwacer]

Hundreds of rubles stolen from residents

Practice

[the eric conspiracy]

For the upcoming World Cup in Russia.

Cybergang?

[dr. chuck bunsen]

want to be in a 'Cybergang'! That sounds fucking awesome...