10,000 ATMs nationwide hack-prone
published : 23 Aug 2016 at 20:42
The Bank of Thailand (BoT) has warned commercial banks that about 10,000 NCR-brand ATMs nationwide are prone to hacking after a group made off with 12 million baht from a state bank's machines.
The Government Savings Bank (GSB) partially shut down its system on Tuesday after finding out about the hack. The machines in question are of the Scotland-based NCR brand, which are used by other banks as well.
The central bank also warned banks about possible hits after reports of a heist in Taiwan last month, which also involved malware and NCR-brand machines.
The attack in Thailand forced GSB to shut down 47%, or around 3,300, of its 7,000 ATMs nationwide as they are of the NCR brand.
The move followed GSB's finding that 21 of its ATMs in Bangkok, Chumphon, Prachuap Khiri Khan, Phetchaburi, Phuket and Surat Thani provinces lost 12 million baht from Aug 1 to 8.
GSB president Chartchai Payuhanaveechai said malware had been installed in the ATMs, which subsequently disconnected themselves from the bank's network. Hackers then used cards and press the "cancel" button to force the machines to dispense cash.
The hackers stole from the bank, not from customers' accounts, he said.
The bank's ATM shutdown is indefinite until an effective preventive measure is found. About 600 NCR-brand ATMs of the bank continued to operate as they were at GSB's branches and well guarded, Mr Chartchai said. GSB would demand compensation from the ATM supplier.
Police sources said that the malware-related hack had first happened at GSB's ATM in Phangnga province about six months ago. A suspect used a keyboard and an electronic device to transmit malware to the bank's system through the ATM.
Local police and bank staff did not react to an alarm which normally went off when the system is tampered with because the gang had previously triggered false alarms repeatedly to deceive them.
Then the gang waited for the malware to infect the GSB system and operate. Programmed chip cards were then inserted into GSB's ATMs from Phuket to Bangkok, forcing them to dispense 40 banknotes automatically. Normally, ATMs would release up to 20 notes.
Infected hard disks were already sent to the ATM supplier to identify the malware and find a cure.
Police sources also said ATM camera footage showed the suspects could be westerners. Three suspects were earlier arrested for a similar crime in Taiwan where the equivalent of 100 million baht had been stolen.
The arrested suspects said their gang consisted of about 30 eastern Europeans who were working on ATMs in many areas.