"Today we will teach you to crack an ATM," say the two hackers.

I nod satisfied.
I must admit that when I joined the course I thought, "put that can serve one day or the other."
I imagined scenes from the film The type-robbery-the-millennium, however, not chebastasse obtain a key and a cd-rom.
Yes, in the era of 'all-digital, to hack an ATM and force it to erogarti all the money they want, they serve a metal key - not a USB key, but just one of those that could open your mailbox - and a compact disc, a physical medium that many would call obsolete.
Moreover, obsolete is the right word to define what is inside the ATM.
Thomas Siebert are explaining it to me and Marc Ester, the System Security Research Team G Data: their course is part of a summit on security organized for the 30th anniversary.
Behind the screen of the ATM (or ATM, in English) is a PC than we had at home a decade ago.
With much of the Windows XP operating system, floppy disk, and - in fact - cd rom.
Once ATMs sabotaged them with creative and craft mode.
Type plug with tape compartment dispensing banknotes, wait for you, after waiting in vain, you walk away, remove the tape and recover the money.
Then a decade ago came skimming: installing a camouflaged plastic contraption just where to stick the card and reads the magnetic stripe of the card.
It procures the pin code (perhaps by installing a camera above the keypad, or simply watching you sneak up) and your card is cloned.
Today we moved to malware.
The principle is simple: to inject a virus into your computer behind the screen.
Its protection system, some sort of virus, allows him to only perform operations approved by the bank, contained in a white list.
The malware (the most common one today is called Tyupkin or Aptrasst and Russian origin), restart the computer, temporarily install a new operating system based on Linux, reset the antivirus making it ineffective and restart again.
In this way, the computer will not even notice that he was infected.
Passed ten minutes, simply enter a PIN to drop it at your feet.
"Then you can ask him to erogarti money, or pass you customer data," says Siebert students of the course.
But first things first.
How do I infect your PC?
There are many ways.
You can use a smartphone Samsung Galaxy S4, as happened in England last year, or a Raspberry Pi chip (a band that made him was arrested in Spain).
But the easiest method is to use a cd-rom.
If in the first two cases you must physically connect the gadget to the old serial ports on your PC, and play around with some computer commands, the third just insert the disc and wait for the malware face itself.
So easy that I can do it myself, I explain researchers from G Data.
But I must find a way to access the computer behind the screen of the ATM, not easy.
I already imagine some kind of sophisticated break-ins or having to bribe a maintenance worker.
Instead, as I mentioned before, just a simple key.
Even obtain it is not difficult - try doing a search on Ali Baba, the Chinese e-commerce site Amazon style.
It is universal: open all ATMs "island" (those in shopping centers, for example) and part of the normal banks.
I'm not talking about the safe with the money, that is armored and well protected.
But with this magical key that slips usually beside or below the monitor, leads the obsolete PC.
But there are surveillance cameras, it objects to teachers.
Someone will notice that I am tampering with the ATM and within minutes dozens of police cars have surrounded me.
"Nothing could be further from reality," says Siebert: "There are too many ATM machines to control and few employees.
Nobody looks at those shots. "
At best, they are kept only as analytical tools retrospectively if a problem is detected on a distribution point, opening an investigation and you go to see the records.
Ok, heedless of being recorded by the cameras, all I have to do is enter my cd-rom in the drive and let Tyupkin do its job.
But how do I get my CD with malware?
Here the question becomes a bit 'more complicated.
"You must contact with organized crime," says Esther.
Ah, if only I had a friend racketeer.
Or I can look in the darknet, the Internet "shadow" of so much talked about, but usually those who manage these kinds of crimes want to have control of the situation: sell the virus (which can cost up to 4000) and demands a percentage of "revenue".
Oh yes, because the money involved are many.
After infecting the ATM, rebooted and waited a while ', I enter the secret code - which is charged separately and changes frequently - I access to a screen that shows me the contents of all drawers with banknotes.
Two clicks, and in 30 seconds I withdraw 2 thousand euro, in minutes, for each ATM, you get up to 200 thousand.
This type of attack, which robs the banks and not their customers, was detected for the first time in Spain, but in the past year has also appeared in Germany, Russia and Britain say the two experts at G Data.
Their company, which in 1987 sold the world's first anti-virus software, is dedicated to computer security for 30 years.
Often banks, to run for cover, they must pay them.
The real purpose of this "sabotage progress" is really to sensitize institutions to a criminal system that is now restricted to a few cases in some countries, but that could soon become a problem.
Against these attacks G Data has prepared a series of countermeasures, ranging from the mundane - changed the lock, gosh!
- the software and hardware intervention.
"You can turn off the power if you record an access to the PC out of the planned maintenance schedules, encrypt your hard drive contained data, request an access key to any device will try to connect to the computer," he explains.
Even replace those old PC would not be a bad idea.
So the things that I learned in this course would remain pure theory.

From Wired