Typical attacks on ATMs include sensitive information disclosure and unauthorized money withdrawal. The competition will be divided into two phases. During first phase attendees will be able to intercept and analyze different types of the traffic (network and USB). During second phase competitors will be given access to the USB interfaces to issue commands to ATM devices and network interface to conduct MiTM attack. The goal of the competition is to show different approaches to affect ATM.
- Disclosure of sensitive card information.
- Unauthorized cash out.
- Transactions tampering via USB/Network (cash out, cash in, PIN pad).
This competition is proudly organised and sponsored by Kaspersky.
Rules of Engagement
- Each attendee/team that takes part in the contest will be given bank card and means to obtain network and USB traffic;
- Any attendee is welcome to participate in the competition, just bring yourself and a laptop to our Hack the Bank ATM;
- Denial of Service is not allowed;
- Report discovered approach for obtaining sensitive information and money withdrawal to the Competition’s Team Members;
- Points will be given based on the complexity of the finding;
- Extra points will be given for attacks over USB;
- Use tools and scripts of your liking;
- Any dispute will be resolved on-site by the Competition’s Team Members, who has final decision;
- Disrespecting any of these rules as well as any offensive action taken against any other participants will result in immediate disqualification;
- Wifi Pineapple Nano
- Alfa Network AWUS036ACH USB 3.0 WIFi AC long range ,high penetration,Dual band 2.4 / 5ghz Standard’s 802.11a, 802.11b, 802.11g, 802.11N, 802.11ac ,RPSMA antennas x 2
Organizers in 2017
- Alexey Osipov, Head of Penetration Testing at Kaspersky Lab
- Olga Kochetova, Senior Application Security Specialist at Kaspersky Lab