1. You can find both pictures of the machines and the ATMs themselves on the internet.
2. Most likely it's (and old) windows. You don't need to write special code for any old ATM software. They could even just use autoplay once to test the grounds and copy anything they could back to the USB for analysis.
3. Ok, I'm not saying the profound knowledge / inside job was not involved... but people have done much more crazy and advanced attacks on black boxes with next to no knowledge. Once they knew they have access to software inside with auto-play they could do anything. Even connect the box to wifi via usb and do everything else remotely.
2. Most likely it's (and old) windows. You don't need to write special code for any old ATM software. They could even just use autoplay once to test the grounds and copy anything they could back to the USB for analysis.
3. Ok, I'm not saying the profound knowledge / inside job was not involved... but people have done much more crazy and advanced attacks on black boxes with next to no knowledge. Once they knew they have access to software inside with auto-play they could do anything. Even connect the box to wifi via usb and do everything else remotely.