back to article Hackers steal millions from ATMs using 'just their smartphones'

Authorities in Taiwan are trying to work out how hackers managed to trick a network of bank ATMs into spitting out millions. Police suspect that two Russian nationals wearing masks cashed out dozens of ATMs operated by Taiwan's First Bank on Sunday and left the country the following day. The crooks stole an estimated T$70m ($2 …

  1. Anonymous Coward
    Facepalm

    connected devices hack ATMs

    Did these hacked ATMs run on one of: Microsoft Windows, macOS, Android, Linux or none of the above?

    1. robidy

      Re: connected devices hack ATMs

      Aren't they embedded Microsoft Windows (XP)?

  2. fijired2

    ATMs with wifi? Who had that brilliant idea?

    1. Anonymous Coward
      WTF?

      ATMs with wifi? Who had that brilliant idea?

      So basically the ATMs consisted of a metal box with a Windows PC in the back ..

    2. robidy

      Err, erm you are clearly UNDER estimating the technical capabilities of the hackers...remember there are legitimate ways to withdraw cash with a smart phone....Natwest offer a facility if your bank card has been stole, best to think before engaging fingers....

      1. hplasm
        Happy

        Was it a cellphone-

        - or an Atari Portfolio...?

    3. W4YBO

      ATMs with wifi? Who had that brilliant idea?

      First cousin, once removed of the guy that connected Chrysler vehicles to the internet.

      https://www.wired.com/2015/07/jeep-hack-chrysler-recalls-1-4m-vehicles-bug-fix/

    4. Velv
      Boffin

      "ATM's with wifi?"

      At what point in the article does it mention anything about ATMs with wifi?

      The on site thief is probably a mule simply receiving instructions from a remote person telling them which ATM and what buttons to press. Someone remote is commanding the operation, because if you're smart enough to break into the bank you're probably smart enough not to get caught on the CCTV raiding each ATM.

      At best the smartphone is being used over 3G to connect back through the thieves command and control centre into a hacked bank then over the bank network to the ATM, although this is less likely.

      1. Wensleydale Cheese

        "At what point in the article does it mention anything about ATMs with wifi?

        The last sentence in the article.

  3. Version 1.0 Silver badge

    IoT

    Welcome to the Internet of Thieves - this will keep happening until the banks care more about security than profit. This sort of event is just the cost of doing business and is covered by the fees that the banks charge their punters so there's no motive to improve security.

    Cheap, convenient ... and profitable - that's the way we like it.

  4. Slx

    The banks just haven't been taking IT security nearly seriously though.

    When you think about it, your bank accounts are protected by a magstripe and 4 digit pin something what would be considered ludicrous for any other scenario.

    You also largely trust retailers with a 16 digit card number and expiry date (and possibly CCV) that could allow them access to your current (checking) account or tens of thousands of $/€/£ on your credit card.

    I can only conclude that they don't care. The financial losses are probably not yet big enough to warrant investment at least in the eyes of their accountants.

    How much of this is ultimately being charged back to us in interest, transaction fees on retailers and customers, insurance premia, state bailouts and so on.

    My view of it is that given the banks can't seem to manage to not need vast state bailouts due to an inability to manage risk and have pathetic IT security that's offering customers levels of protection you wouldn't accept for a social media accounts, the only conclusion is their incompetent.

  5. This post has been deleted by its author

  6. Aodhhan

    You're all smarter than this

    If banks didn't take IT security seriously, considering the number of ATM machines there are, there would be 10-20 thefts a day. Since in most countries, the bank takes the bite for any ATM hijacking, they do take it seriously.

    Some banks may not take it as seriously as others, but in most larger countries, banks have gone all out to protect ATMs.

    You should also know, there isn't anything which is hacker proof. NOTHING. Especially any system with external customer facing interaction, and a huge box holding a computer which goes through quite a few hands from when it leaves the factory until it gets placed into operations. So, plenty of time for someone to gain access and introduce something. A lot of companies may not take supply chain security seriously, or can be bought. You all can figure it out from there.

  7. Mahhn

    I do IT at a small bank, and I/we take it very seriously. I study hacking/forensics (training and on my own) so I know what to look for. I got my job because the last crew didn't. It's stressful, it's fun, I help protect the hard earned money people trust us with. I'm like the Batman you never see, but I can only dream about beating thieves with my own hands, for now.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like