Criminals managed to steal money from cash machines earlier this year, using USB sticks and exploits of Windows XP.
Researchers speaking at the Chaos Communication Congress, organised by the Chaos Computing Club in Germany, said attackers hit an undisclosed number of cash machines, cutting away at the chassis to reveal the USB slot.
They then uploaded malware to the machine that meant they could draw out cash via their own hidden menu, according to various reports.
The malware had been created to target one bank, but the researchers, who wished to remain unnamed, warned about a large number of financial institutions which still use vulnerable software in their ATMs.
It appeared the crooks were well-funded and sophisticated. One researcher suggested they had an insider working for them. The malware had the capability to steal customer information but didn’t do so.
“I’m not sure this is the end attack, or the end game,” said one of the researchers, according to Wired. “We’ll probably see this kind of malware on another bank, in another city, on another continent.”
Elsewhere at the Chaos Communication Congress, digital activist and security researcher Jacob Appelbaum claimed he had seen documents indicating the US National Security Agency (NSA) could hack into Wi-Fi connections from 8 miles away. That was back in 2007 too.
In Der Spiegel, Appelbaum had disclosed information on the NSA’s Tailored Access Operations unit, but went further at CCC. The NSA has use drones to carry out such long-range attacks, he said, but he could not produce any evidence to substantiate that claim.
“It tells us that they understand that common wireless cards are probably running Microsoft Windows, which is an American company, that they know about vulnerabilities and they keep them a secret to use them,” Appelbaum added.
“This is part of a constant theme of sabotaging and undermining American companies and American ingenuity.”
Are you a security pro? Try our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…
