| Recurring |
one_organization, multiple_organization |
(a) The software failure incident related to the "botín sin contacto" (touchless jackpotting) attack on ATMs in Europe has happened before within the same organization. The group Russian IB mentioned in the article has seen similar coordinated attacks in Russia since 2013 [49775].
(b) The software failure incident of touchless jackpotting has also happened at multiple organizations in different countries. The attack affected ATMs in 14 countries across Europe, including Armenia, Estonia, the Netherlands, Spain, Poland, and the UK [49775]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase is evident in the article as it describes how hackers remotely accessed bank information systems to install malware on ATMs, allowing them to configure the machines to dispense cash without the need for a card or PIN input. This design flaw in the ATM software enabled the coordinated attack across multiple ATMs in different countries, leading to significant financial losses [49775].
(b) The software failure incident related to the operation phase is highlighted in the article by explaining how the hackers executed the attack by remotely accessing the internal networks of banks, gaining access to confidential information and enabling them to steal money from the ATMs without physical manipulation. This operation flaw allowed the attackers to carry out the theft with precision before the banks could respond or shut down the compromised systems [49775]. |
| Boundary (Internal/External) |
within_system |
(a) within_system: The software failure incident described in the articles is within the system. The incident involved a coordinated attack on ATMs in Europe using malware or malicious software to make the ATMs dispense money without the need for a card or PIN input. The attackers remotely accessed the banks' information centers to install the program that manipulated multiple ATMs to dispense cash simultaneously at predetermined times. This attack did not involve any physical manipulation of the ATMs but rather exploited vulnerabilities within the ATM software systems to carry out the theft [49775]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident occurring due to non-human actions:
The software failure incident described in the article is related to a malware attack on ATMs in Europe. The attack involved the use of a malicious software or malware that allowed cybercriminals to remotely access bank information systems and manipulate ATMs to dispense cash without the need for a card or PIN input. This type of attack, known as "touchless jackpotting," did not involve any physical manipulation of the ATMs but rather exploited vulnerabilities in the software to make the machines dispense money at predetermined times [49775].
(b) The software failure incident occurring due to human actions:
The software failure incident in the article was facilitated by human actions, specifically by cybercriminals who remotely accessed bank information systems and installed the malware on ATMs to carry out the coordinated attack. Additionally, individuals within the criminal organization acted as "money mules" to collect the cash dispensed by the compromised ATMs. The attack required a level of precision and coordination by the human actors to execute the theft before the banks could respond and block the transactions [49775]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident occurring due to hardware:
- The article discusses a software failure incident related to a coordinated attack on ATMs in Europe using malware to make them dispense money without the need for a card or PIN entry [49775].
- The attack involved accessing the banks' information centers remotely and installing a program to manipulate multiple ATMs to dispense cash simultaneously at predetermined times, without any physical manipulation of the ATMs themselves [49775].
- The attackers exploited vulnerabilities in the hardware and software systems of the ATMs to carry out the coordinated theft of cash [49775].
(b) The software failure incident occurring due to software:
- The incident involved the use of malware or malicious software to manipulate the ATMs and make them dispense money without authorization [49775].
- The malware used in the attack allowed the hackers to remotely control the ATMs and orchestrate the cash dispensing process without the need for physical access or card information [49775].
- The software failure was a result of the successful deployment of the malicious software by the hackers to exploit vulnerabilities in the ATM systems and carry out the coordinated theft across multiple countries in Europe [49775]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident described in the articles is malicious in nature. It involves the use of malware or malicious software to remotely access bank information systems and manipulate ATMs to dispense cash without the need for a card or PIN input. The attack, known as "touchless jackpotting," is coordinated and executed by hackers with the intent to steal money from ATMs across multiple countries in Europe [49775]. The attackers exploit vulnerabilities in the ATM software to carry out the coordinated theft, demonstrating a deliberate and malicious intent to harm the banking system and steal funds. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The software failure incident described in the articles is related to poor_decisions. The incident involved a coordinated attack on ATMs in Europe using malware to make them dispense cash without the need for a card or PIN entry. The attackers remotely accessed bank information systems to install the program that manipulated multiple ATMs to dispense cash simultaneously at predetermined times. This incident highlights the vulnerability of ATMs to cyberattacks due to poor decisions in cybersecurity measures and system access control [49775].
(b) The software failure incident is not related to accidental_decisions. |
| Capability (Incompetence/Accidental) |
accidental |
(a) The software failure incident occurring due to development incompetence is not explicitly mentioned in the provided article. Therefore, it is unknown if the incident was caused by factors introduced due to lack of professional competence by humans or the development organization.
(b) The software failure incident related to the "botín sin contacto" (touchless jackpotting) attack on ATMs in Europe can be considered as a failure due to contributing factors introduced accidentally. The incident involved hackers remotely accessing bank information systems and installing malware to manipulate ATMs to dispense cash without the need for a card or PIN entry. This accidental introduction of malicious software led to the coordinated attack on multiple ATMs across different countries, resulting in significant financial losses [49775]. |
| Duration |
temporary |
The software failure incident described in the articles is temporary. The incident involved a coordinated attack on ATMs in Europe using malware to make them dispense cash without the need for a card or PIN. The attackers remotely accessed bank information systems to install the program that manipulated multiple ATMs to dispense cash simultaneously at predetermined times. This incident was a specific event caused by the introduction of malicious software by the attackers, affecting a certain group of ATMs in multiple countries [49775]. |
| Behaviour |
other |
(a) crash: The software failure incident described in the article is not a crash where the system loses state and does not perform any of its intended functions. Instead, the incident involves a coordinated attack on ATMs using malware to make them dispense money without the need for a card or PIN input [49775].
(b) omission: The incident does not involve the system omitting to perform its intended functions at an instance(s). The malware used in the attack allows the hackers to remotely access the bank's information systems and install a program to configure multiple ATMs to dispense cash simultaneously at predetermined times, which is an intentional action by the attackers [49775].
(c) timing: The failure is not related to the system performing its intended functions correctly but too late or too early. The attackers in this incident are able to control the timing of the cash dispensing from the ATMs by remotely configuring the machines to dispense money at specific times [49775].
(d) value: The software failure incident does not involve the system performing its intended functions incorrectly in terms of the value. The attackers successfully make the ATMs dispense cash, which is the intended outcome of their malicious activity [49775].
(e) byzantine: The incident does not exhibit the characteristics of a byzantine failure where the system behaves erroneously with inconsistent responses and interactions. The attack on the ATMs is coordinated and executed with precision, allowing the hackers to withdraw large sums of money without physical manipulation of the machines [49775].
(f) other: The behavior of the software failure incident can be categorized as a deliberate exploitation of vulnerabilities in the ATM software through the use of malware. The attackers gain remote access to the bank's systems, install malicious software on the ATMs, and orchestrate a synchronized cash withdrawal operation, demonstrating a sophisticated and targeted cybercrime strategy [49775]. |