Threat Management, Malware

Malware suspected in ATM heist in Taiwan

ATMs in Taiwan were spewing money over the weekend in what authorities believe were malware-aided thefts, according to Softpedia.

More than $2 million was stolen in a series of heists in the cities of Taipei and Taichung targeting branches of Taiwan's First Commercial Bank and its ATMs. Nearly a thousand ATMs at a number of banks in the country were shuttered while officials examined the equipment, manufactured by Wincor Nixdorf, a German firm that provides banking hardware, software and services. The ATMs were scheduled to go back online on July 13.

Authorities identified two individuals on surveillance video hitting a number of ATMs and a number of individuals are being questioned, including bank clerks, the security personnel responsible for filling the ATMs, as well as maintenance engineers. An insider is suspected of installing the malware.

One of the suspects was identified by Taiwanese officials as a Russian national.

“The world of financial crime has changed dramatically, in large part because today's financial systems are so dependent on software and connectivity," said Mark Gazit, CEO of ThetaRay, in a statement emailed to "This gives criminals the ability to conduct massive crimes very rapidly, before bank security teams are even aware that a breach has taken place."

The only way to stop people who are using smart machines to commit financial crime is by using smart machines to detect and intercept them, he added.

“It may be that attackers have found another ATM jackpotting technique like the ones demonstrated by Barnaby Jack at Black Hat USA 2010," Craig Young, computer security researcher for Tripwire's Vulnerability and Exposures Research Team (VERT), wrote in a statement emailed to "These attacks used malware to reprogram the machine so that a button sequence would dispense cash. Some ATMs have network management systems with well-known default passwords, and in many cases, thieves access USB ports to load malware from a flash drive. From the description, it sounds like these thieves likely had installed malware ahead of time enabling a wireless connection to 'jackpot' the ATMs. It is also possible that a vulnerable wireless service could allow unauthorized access from hackers.”

UPDATED to include statements from Mark Gazit, CEO of ThetaRay and Craig Young at Tripwire.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.