Edition ZDNet reports that the FBI and police arrested dozens of suspects this week for hacking into Santander Bank ATMs. The fact is that several groups at once exploited a bug in ATMs and cashed out more money than was actually on the cards.
We have been made aware of an ATM scam in which suspects are using Santander Bank ATM's to fraudulently withdraw cash using fake debit cards. Since we have a branch in town (1765 Ellington Rd), we are asking any citizen using their ATM to use caution when withdrawing money (1/2)
– South Windsor Police Department PIO (@SWPD_PIO) August 18, 2020
According to local media reports, most of the arrests occurred in Hamilton (20 suspects were detained), and arrests were made in constituencies Morris (19 people were detained) and Sayreville (11 people were arrested). In addition, small groups of suspects were found in Bloomfield, Robbinsville and Holmdel, while reports of suspicious payments were also recorded in Woodbridge, cities in Middlesex County, Bouton, Randolph, Montville, South Windsor, Hoboken, Newark and even New York.
Based on information received from representatives of Santander Bank, its own sources in the information security community, as well as information published by police departments in the affected cities, ZDNet journalists conclude that the attackers have found some kind of error in the ATM software. The bug allowed hackers to use counterfeit or real debit cards to withdraw more funds from vulnerable ATMs than were actually stored on those cards. A video with a step-by-step description and demonstration of the problem was published by the New York Post.
Apparently, the attackers tried to keep the details of this problem secret, and for several days information about the bug was mainly transferred or sold between members of hack groups involved in banking fraud. However, you can't hide an sewn in a sack, and this week a detailed description of the error began to spread on Telegram, Instagram and other social networks.
As a result, a wave of attacks hit Santander's ATMs, forcing the bank to urgently investigate what was happening and bring the FBI into the case. To take control of the situation and minimize losses, this week Santander's management was forced to suspend the operation of all ATMs. Currently, the devices are already returning to service, but so far they are available only to the bank's customers.
Santander representatives emphasize that the attacks did not affect the accounts, data and funds of customers, and that the bank employees are fine. The last clarification is due to the fact that members of one of the criminal groups could not decide how exactly to divide the stolen funds, and staged a shootout right next to one of the Santander ATMs.