Two Russian nationals wearing masks cashed out millions from the ATMs operated by Taiwan’s First Bank using malware on Sunday and left the country the following day. It is confirmed that the crooks behind the theft didn’t use bank cards as seen from security camera footage. Instead the cybercriminals appeared to gain control of the machines with a smartphone.
According to the police the crooks stole an estimated T$70m ($2.2m) just using a “connected device”. Authorities in Taiwan are trying to work out on how the crooks managed to hack into the ATMs using a smartphone. Targeted ATMs were made by German manufacturer Wincor Nixdorf, which admits some of its machines in Taiwan were hacked as part of a “premeditated attack”. Also three different (unspecified) strains of malware were found on the compromised machines.
It maybe that attackers have found another ATM jackpotting technique like the ones demonstrated by Barnaby Jack at Black Hat USA 2010. These attacks used malware to reprogram the machine so that a button sequence would dispense cash, according to Craig Young, a security researcher in the Vulnerability and Exposures Research Team at security tools firm Tripwire.
Wincor Nixdorf claims that it has found no evidence that the malware used in the robbery was put on its ATMs via their network. At least four major state-run financial institutions, including First Bank, Chang Hwa Bank, Taiwan Cooperative Bank and Chunghwa Post Co., suspended cash withdrawals service on their ATMs as a precaution.
