Report details FBI warning on possible ATM hacking attack

Updated: Aug. 14, 2018 at 4:21 PM CDT
Email This Link
Share on Pinterest
Share on LinkedIn

CBS/CNN/KSLA - Automated teller machines could be at risk of a major hacking attack, the FBI says.

That's according to a report by Krebs on Security, a cyber crime blog by journalist Brian Krebs.

The FBI reportedly is alerting banks that cyber criminals are preparing a coordinated fraud scheme known as an "ATM cash-out."

The agency warns that millions of dollars could be swiped in a matter of hours from ATMs worldwide, Krebs reports.

Such breaches tend to target small- to medium-size banks that might have less robust security measures in place than larger counterparts.

A confidential alert the FBI sent to banks Friday under the headline "'Unlimited Operation' schemes pose an immediate threat to financial institutions" indicates scammers could strike within days, Krebs reports.

The scam could involve an "unlimited operation." That's when malware is used to access bank customer card information. The hackers then delete fraud controls, such as limits on ATM withdrawal amounts, which allows for large-scale theft, according to Krebs.

Account balances and security measures also can be altered to make an unlimited amount of cash available to the scammers.

"The cyber criminals typically create fraudulent copies of legitimate cards by sending stolen card data to co-conspirators who imprint the data on reusable magnetic strip cards, such as gift cards purchased at retail stores," the FBI warning states, according to Krebs. "At a pre-determined time, the co-conspirators withdraw account funds from ATMs using these cards."

Virtually all ATM cash-out operations take place on weekends, often after banks close for business on Saturday, Krebs said.

The FBI has yet to make a specific comment on the matter.

Wells Fargo and JPMorgan Chase also have declined to make a statement.

The National Bank of Blacksburg reportedly lost $2.4 million to Russian hackers in two separate ATM cash-outs in May 2016 and January 2017. Both attacks involved weekend-long sprees in which hundreds of ATMs were used to plunder accounts.

The regional bank, which has 25 offices in southwest Virginia, is suing two insurers for only offering to reimburse $50,000 of the lost funds, according to a lawsuit filed in June, the Roanoke Times reported.

Copyright 2018 CBS News/CNN/KSLA. All rights reserved.