Hack the Bank
Typical attacks on ATMs include sensitive information disclosure and unauthorized money withdrawal.
The competition will be divided into two phases.
During first phase attendees will be able to intercept and analyze different types of the traffic (network and USB).
During second phase competitors will be given access to the USB interfaces to issue commands to ATM devices and network interface to conduct MiTM attack.
The goal of the competition is to show different approaches to affect ATM.
Goal of the Competition
/ Disclosure of sensitive card information.
/ Unauthorized cash out.
Transactions tampering via
/ USB/Network (cash out, cash in, PIN pad).
/ Each attendee/team that takes part in the contest will be given bank card and means to obtain network and USB traffic;
/ Any attendee is welcome to participate in the competition, just bring yourself and a laptop to our Hack the Bank ATM;
/ Denial of Service is not allowed;
Report discovered approach for obtaining sensitive information and money withdrawal to the Competition’s Team Members;
/ Points will be given based on the complexity of the finding;
Extra points will be given for attacks over USB;
/ Use tools and scripts of your liking;
/ Any dispute will be resolved on-site by the Competition’s Team Members, who has final decision;
/ Disrespecting any of these rules as well as any offensive action taken against any other participants will result in immediate disqualification;
/ Wifi Pineapple Nano
/ Alfa Network AWUS036ACH USB 3.0 WIFi AC long range ,high penetration,Dual band 2.4 / 5ghz Standard’s 802.11a, 802.11b, 802.11g, 802.11N, 802.11ac ,RPSMA antennas x 2
/ Alexey Osipov, Head of Penetration Testing at Kaspersky Lab
/ Olga Kochetova, Senior Application Security Specialist at Kaspersky Lab
Sponsors & Partners
They help us make this conference possible.
As an infrastructure operator, technology integrator and IT&C services provider, Orange Business Services supports businesses and public entities in their digital transformation. Collect, transport, protect, store and process and analyze: they orchestrate every phase of the data journey, for your business to create even more value.