this post was submitted on 03 Aug 2025
158 points (98.8% liked)

Technology

73567 readers
3251 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
158
Cybercrooks use Raspberry Pi to steal ATM cash (www.theregister.com)
submitted 11 hours ago by fne8w2ah@lemmy.world to c/technology@lemmy.world
18 comments fedilink hide all child comments
all 20 comments
sorted by: hot top controversial new old
[–] 01189998819991197253@infosec.pub 19 points 5 hours ago

UNC2891 also used Linux bind mounts to hide its backdoor processes, which, at the time, had not been documented in public threat reports, Group-IB said.

The technique is now recognized by MITRE's ATT&CK framework as T1564.013.

Holy crap. They discovered, and successfully implemented a novel technique. That's impressive af

[–] homesweethomeMrL@lemmy.world 30 points 8 hours ago

The backdoor, for example, appeared to be the LightDM display manager often used by Linux systems, demonstrating the group's skillset, which the researchers said spanned Linux, Unix, and Oracle Solaris environments.

The backdoor was the display manager. Well goddamn.

[–] peopleproblems@lemmy.world 29 points 8 hours ago

I saw cybercrooks and had to take the opportunity

[–] Theoriginalthon@lemmy.world 69 points 10 hours ago (1 children)

They hooked a raspberry pi up to the network switch. At this point i think they fucked up security pretty bad

[–] FauxLiving@lemmy.world 18 points 6 hours ago (1 children)

The criminals, or the people they paid to carry out the physical attack, connected a Raspberry Pi to a bank's network switch, the same one hooked up to the ATM that was subsequently raided.

They're kind of skipping over an important detail here.

Sure the technical details are interesting, but it's a bit like discussing the alloys of the tumblers of the safe deposit box after the team has unexplainably bypassed the main safe door...

[–] SoftestSapphic@lemmy.world 8 points 5 hours ago* (last edited 5 hours ago) (1 children)

Yeah that implies physical access.

Like it takes a ceritain security level to even get into rooms that have those switches.

It was probably some IT worker.

Hope they never get caught lol

[–] bjoern_tantau@swg-empire.de 4 points 4 hours ago

Still, you shouldn't be able to get money from having network access. Secure connections are a solved problem.

[–] the_doktor@lemmy.zip 7 points 7 hours ago

Were they going to the Galleria to play Missile Command?

"Easy money..."

[–] Pika@sh.itjust.works 12 points 8 hours ago (1 children)

honestly, pretty poor security here. I can't say much cause I don't have inter-device restrictions either... but I'm also not a bank that handles money.

There's no reason a random device should have been able to interface with any of the other devices tbh, I'm guessing the switch wasn't smart so didn't support Mac filtering or port disabling cause that should have not been a valid attack vector.

[–] ExcessShiv@lemmy.dbzer0.com 5 points 5 hours ago (1 children)

I just work a pretty standard engineering job at a large company (basically regular office work, not a critical industry like power or pharma), and any MAC that isn't approved by IT is simply not a allowed to interface with anything whatsoever. It's insane that a bank has this loose IT security.

[–] Pika@sh.itjust.works 2 points 4 hours ago

, Agreed. Like, I'm not surprised that it was allowed to interface with the ATM because at that layer, I think the jump would have been from the switch to the ATM(although the ATM should habe not accepted the connection imo). So it would have never gone through any security. But it blows my mind that it was allowed to access a mail server as part of the routing, And even more so that it was allowed to go from that mail server to the outside world to establish a second route into the establishment. Like, how did it never hit any type of security or blocker anywhere in that process?

[–] baduhai@sopuli.xyz 41 points 11 hours ago (3 children)

Cybercrooks

I fuckin love these dumbass names they give to hackers.

[–] jbloggs777@discuss.tchncs.de 13 points 9 hours ago

https://www.urbandictionary.com/define.php?term=Hacker

"The media's definition of the real term malicious cracker. A hacker used to be a well respected individual who loved to tinker with gadgets.", plus a few other definitions.

[–] db2@lemmy.world 23 points 10 hours ago

I love how the name "hacker" was successfully vilified by associating it with criminals, something we already had a word for.

[–] AdamEatsAss@lemmy.world 9 points 10 hours ago

They needed a lot of physical interactions to pull off this cybercaper.

[–] Sir_Kevin@lemmy.dbzer0.com 20 points 10 hours ago (1 children)

I'm surprised the article went into so much detail as to how they pulled it off.

[–] takeda@lemmy.dbzer0.com 23 points 10 hours ago (1 children)

It's the Register, it is targeted to people familiar with technology.