hack the bank

Typical attacks on ATMs will be presented during the workshop “ATM: every day trouble”. These attacks include sensitive information disclosure (Track1/2, PAN) and unauthorized money withdrawal. The competition will be divided into two phases. During first phase attendees will be able to intercept and analyze different types of the traffic (network and USB). During second phase competitors will be given access to the USB interfaces to issue commands to ATM devices and network interface to conduct MiTM attack. The goal of the competition is to show different approaches for money withdrawal and card data intercepting.

The goal of the challenge is to obtain sensitive information from the bank card or to withdraw money from the ATM;

To be announced.

Rules of Engagement

  • Each attendee/team that takes part in the contest will be given bank card and means to obtain network and USB traffic;
  • Any attendee is welcome to participate in the competition, just bring yourself and a laptop to our Hack the Bank ATM;
  • Denial of Service is not allowed;
  • Report discovered approach for obtaining sensitive information and money withdrawal to the Competition’s Team Members;
  • Points will be given based on the complexity of the finding;
  • Extra points will be given for attacks over USB;
  • Use tools and scripts of your liking;
  • Any dispute will be resolved on-site by the Competition’s Team Members, who has final decision;
  • Disrespecting any of these rules as well as any offensive action taken against any other participants will result in immediate disqualification;

Prizes

  • WLtoys V950 2.4G 6CH 3D6G System Brushless Flybarless RC Helicopter RTF
  • Scott Gadgets Throwing Star LAN Tap Kit
  • Ledger Nano S Cryptocurrency Hardware Wallet

Organizers in 2017

  • Alexey Osipov, Lead Penetration Testing Specialist at Kaspersky Lab
  • Olga Kochetova, Senior Penetration Testing Specialist at Kaspersky Lab

Sponsors & Partners

They help us make this conference possible.

Stay Updated - Join Our Newsletter