It is often said that when Willie Sutton, the famous bank robber, was asked why he robbed banks, he replied, “It's where the money is.” Unfortunately, he never said that, but there is some truth to it.

ATMs hold a lot of money. They are also just computers in big metal boxes. These two facts make them fantastic targets for attackers.

Willie Sutton also said that he used a machine gun because “You can't rob a bank on charm and personality.” I am living proof that Sutton was very wrong on this point.

In the 1995 cult movie classic Hackers, an attack against an ATM caused money to be given out. Skip forward to 2010, when the renowned hacker Barnaby Jack (1977–2013) gave a live demonstration of a similar attack at the BlackHat hacker conference.

These attacks relied on sophisticated techniques. Jack and his teammates worked incredibly hard to attack an ATM from the street side. But there is a much, much easier way to achieve this.

Most ATMs run a version of Windows on a PC hidden inside. But how do you get to it? Barnaby Jack figured out one way, but as with almost every “secure” device, there is always another way in. The bank has to do two things with an ATM: allow the tellers to refill the money (and remove it if the ATM takes deposits) and allow maintenance staff to perform their duties. Both of these tasks occur inside the bank, generally when it is closed to the public. So how can you attack the ATM?

I had been tasked with gaining access to several bank machines ...