[ISN] ATM hack lets criminals take ‘wads of cash’

http://www.theweek.co.uk/business/60787/atm-hack-lets-criminals-take-wads-of-cash The Week 9 OCT 2014 A flaw in cash machine software is letting criminals withdraw money without using a bank card. Security firm Kaspersky Labs identified the problem, leading Interpol to mount a widespread investigation across the USA, India, France, Israel, Malaysia and China. ATMs infected with malicious software can be instructed to give out 40 notes at once by entering a series of digits on the keypad. Fraudsters do not require a credit or debit card to carry out the scam. The hack, known as Tyupkin, requires criminals to enter a unique code into a machine that has already been compromised by the malware. A second Pin code – a random sequence of numbers generated at another location – is also needed to unlock the machine before it will dispense the cash. Security analysts say that this double-Pin system ensures that the hacker generating the algorithms maintains control over when and where money can be stolen. […]