ATMs hold cash that’s attractive to criminals all over the world and then cyber criminals found a weakness in the cash machine which caused it to spit all of its money out at an allotted time and place, and that got named Jackpotting. Wow. Carbanak was a game changer. Is there anything we can do about this attack? Nothing! They just need to be lucky, one day, one second, and they are in. They’re kind of like ghosts, sneaking in the country and then sneaking out. At that moment we need to find the money. No, no, I’m asking you now. I don’t know. You cannot just take out Don Corleone. It’s very hard to arrest a piece of code. It was 3 o’clock in the night and on the other side of the phone, there was this guy who was kind of stressed out and he said, “Get your ass over here because, you know, some shit is going on.” In 2013, I was the head of the European Cybercrime Center. I was called by Eugene Kaspersky and he said, “Troels, we’ve come across a very, very odd case that seems to be extremely big” an attack on a financial institution that has lost huge amounts of money. ATMs hold cash, that’s attractive to criminals all over world. Suddenly all your ATMs are empty, you know that something…something has happened. Welcome. These are our ATMs, let me show you. The guy, he was just walking around. He didn’t touch anything. He just took his big backpack and started to just grab all the money from the ATM. Wow…Genius, yep, genius. The first time I heard about ATM attacks was like most people was Barnaby Jack. Barnaby Jack. Like who’s called Barnaby Jack? He was really one of the top, top researchers out there raising awareness that, you know, this device just doesn’t work the way the manufacturer says. He was always finding vulnerabilities in places that no one else had looked yet. I think of anybody in the security industry, you know, Barnaby had the most amazing mix of not only the technical chops to back everything up, but he also had this showmanship of being able to deliver it and get people to pay attention. All right… I remember we were at a barbecue and we’re joking about, you know, what would be something super cool to hack and Barnes was like, “Oh man an ATM would be great like, I hate my bar tabs”. The first practical issue for Barnes in doing ATM hacking was just literally figuring out how do you buy a used ATM, how do you get it there, and once he had the ATM then it was just living and breathing, staying up every night, trying to figure out, you know, take it apart reverse-engineer it. The most important attack is the remote attack. You could exploit a cash machine and get it to spit money out and that method got named Jackpotting, ATM Jackpotting. For myself it was about eight months of fairly constant work but I’m not naive enough to think that I’m the only person who could do this. By doing those demonstrations that the machine could be hacked, you can have copycats. At the moment we haven’t seen any of these exploits replicated, but it’s certainly
possible. It’s really a double-edged sword, right. It could be used for good, it could be used for evil. Carbanak was game changer, I think. It was the first time we saw an attempt to remotely access banks’ networks for the purposes of extracting very, very large sums of money. When you think about hackers, you think about maybe your neighbor, your kid, somebody from high school. That’s not the case here, these were really professionals. The sophistication of a number of the groups starts to edge on a nation-state level. It’s just like a fully developed piece of software that can be used to record the active screen of a computer. So, you get an idea of how the bank employees are working and what else you need to do if you want to extract the money from the bank. So, we thought like could it be that these guys are watching what we’re doing? So then we opened up this word document and we wrote in Russian like, “Hello” and then we waited a little bit and we waited a little bit and then somebody else was writing like “Hello” and so at that point we knew that they were watching what we were doing. Cybercrime is global. So the nature of cybercrime is that you cannot border yourself out of this. I said we need to do something in the European Union and I called for a operational meeting. So, we were there in a room, much smaller than this one and it was fully like fully packed with all these important people from all the big banks. And then we presented this Russian expert and he was very Russian and he was very nerdy, what he told us it could be very embarrassing for these banks. During this explanation, I’ve never seen security guys making so many notes. And I was sitting at the back and Golovanov was presenting the story about Carbanak, about how they work. The more technical it got and also the more enthusiastic he got, the more nervous the people in the room became. And at one point one of the guys asked this question like, “Okay, but Sergey, is there anything we can do about this attack?” And then he said like, really happy like, “Nothing!” And then we saw these all people in the bank like, “Oh my god…” like, “What should we do?” In general what happens with cybercrime, things usually start in Russia and after a while they move to other parts of the world. They just need to be lucky one day, one second and they are in. Over 70 million NT dollars was withdrawn illegally. And the report came in about ATM machines churning out money, you know, is this some kind of magic? or a strange thing is happening, and the people starting to realize this is a really big crime.