Hackers steal 12.29 million baht from GSB’s ATMs

[Thaidream]

The malware must be masking the fact that there is not an awareness that 40K comes out instead of 20 K (20 Bills). You would think that if possible someone would have noticed that this attack was occurring and where. However, even if they were aware what could they have done at the time. The malware was in control. The only way to stop this gang appears to be if their identities and pics are known- a Worldwide hunt at border crossings. Of course, they could lay low for many months before they attack again when the security becomes lax. The banks need to update their firewalls and security protocols.

[halloween]

5 minutes ago, gregk0543 said:

12,290,000 /40000 = 307.25.  Times they withdrew. 

 

307 /21 = 14.61 times from each machine.

 

No cameras?  

I expect they kept withdrawing B40,000 from each machine (the maximum number of notes it can handle in one transaction?) until an error message indicated it no longer held sufficient funds. Then drop back to B20,000 and then B10,000 until it is (near) drained.

[Bangkok Barry]

19 hours ago, gdgbb said:

 

No, it doesn't, it shows how insecure NCR cash dispensers are.

 

Really? How many NCR machines have been hacked around the world? I'm sure the company didn't sell the machines only to this bank. If all the other machines are secure it kind of points the finger only one way, doesn't it. But the Thai way is always to blame foreigners.

[gregk0543]

1 hour ago, drbamboo said:

" the stolen money belong to the bank, not the customers, "

As far as I know,  banks have no money, but collect money from their customers. I find it to really featuring to the mentality of a relatively small group of people when they say your money is my money. If the spent all of our money, they go to the government for a subsidy, which is our money at the end of the day.

 

The money is not being withdrawn from the customers individual accounts but from the cash in the atm so they are robbing the bank.

[Krataiboy]

20 hours ago, NCC1701A said:

" that 21 of the ATMs had been hacked with the use of Malware programme. "

 

which magically appeared on your ATM's ultra secure computers.

 

"He said that the stolen money belong to the bank, not the customers, so GSB would demand compensation from the manufacturer of the machines. "

 

thanks for the heads up on your banks policy.

2

 

Once you deposit money in a bank, you forfeit ownership. http://beforeitsnews.com/police-state/2016/02/who-owns-the-money-in-your-bank-account-hint-it-is-not-you-2850.html

[TSF]

Wouldn't touch an ATM card in LOS with a 40-foot bargepole. I have a large sum in a Thai account that I use to satisfy my annual retirement visa requirements....but no ATM card. If I want some money I need to front up at the counter with my passport. 

[Redline]

Or, the history of ATMs in Thailand might be more accurate.

[gregk0543]

The real story…..

http://www.kaspersky.com/about/news/virus/2016/ATM-is-a-New-Skimmer

 

ATM is a New Skimmer: Crooks Bring ATMs on Their Side

17 May 2016
Virus News

A Russian-speaking Skimer group forces ATMs to assist them in stealing users money. Discovered in 2009, Skimer was the first malicious program to target ATMs. Seven years later, cybercriminals are reusing the malware: but both the crooks and the program have evolved, and this time they pose an even more advanced threat to banks and their customers around the globe.

Imagine this situation: a bank discovers it has been attacked. But, strangely, no money has been stolen, and nothing seems to have been modified in the bank’s system. The criminals have just left. But could this be true?

 

Edited August 27, 2016 by metisdead
Edited as per fair use policy.

[gregk0543]

There is a very good detailed explanation here too.

 

 

https://securelist.com/blog/research/74772/atm-infector/

[Retiredandhappyhere]

How quick the bank is to blame the SCOTTISH NCR manufacturer for being at fault, when it is more likely to be the (possibly Thai) software to blame.  Perhaps, NCR could use the Thai DEFAMATION laws to their advantage?  

[Arandora]

19 hours ago, gandalf12 said:

Surely the software would not have been provided by the manufacturer. I would be more likely to consider the software is or local origin as it has to support the Thai language. 

It depends on the contract between NCR and GSB (and the other banks using NCR ATMs in Thailand) as to who is responsible for the software and maintaining it. NCR is the leading supplier of ATMs worldwide and is an American not Scottish company, although its Financial Industry Centre is in Dundee. As GSB only has 3,000 of the 10,000 NCR machines and if it were an inherent fault of the software in all the machines it seems strange that only GSB machines have been hacked. 

[nikster]

20 hours ago, Chicog said:

Malware of this type almost certainly needs one of two things:

- Physical access to the ATM itself

- Assistance from a bank employee

 

I''d say it's most likely the bank's fault.

 

 

 

Well physical access, sure, how else are you going to take the cash? You have to be there.

 

Other than that, no. 

 

I remember a Defcon demonstration a few years back, showing how easy it is to make ATMs dispense cash. I don't recall the exact details how the hacker got the malware on the machine but I think there was one using a USB stick (meaning you have to get to the USB ports which may be difficult) and one that worked completely remote, over the ATMs phone line. ATM ended up dispensing all its cash in one go.

 

Add to that that these things run Windows XP (I've seen many blue screens)... crappy software on top of a crappy OS. Banks are clueless on security they just take the hit and pass on the fees to the customers, just like the Visa card system and so on. None of this relies on secure technology, it all relies on a certain overhead for theft, plus law enforcement. 

[kannot]

16 hours ago, augustwest said:

After being hacked 3x I now go to branch and use passport and withdraw cash. I won't use an ATM again!

but........did u get your  money back?

[Lord Lucan]

I hope my 349 baht which I have left in my Thai bank account is safe.

I stopped using the ATM's when a message came on the screen asking for 800 baht to continue using this service.

was that correct and is it an annual charge?

wasn't told of this when I opened the account.

Any comments welcomed.  LL

[Hawk]

36 minutes ago, nikster said:

Add to that that these things run Windows XP (I've seen many blue screens)... crappy software on top of a crappy OS.

 

Actually they use Windows CE which is optimized for devices that have minimal memory; a Windows CE kernel may run with one megabyte of memory. 

[Si Thea01]

22 hours ago, Don Mega said:

21 x 40,000 = 12.29 million

 

am I missing something ?

 

You haven't taken into account inflation and interest they will be seeking when looking for compensation or it might just be, given how they have difficulty with maths, that they hit the wrong decimal point when calculating their losses.

[balo]

On 8/23/2016 at 3:00 PM, webfact said:

ATMs which were manufactured by a Scottish company.

 

Sure blame the Scots, I always do when I wake up with an headache after drinking Scotch. 

[Chicog]

4 hours ago, david555 said:

So , nice of you to leave it to the inside job people ......lol

 

Yes, it makes it hard for the bank to try and pin it on an outside job.

 

[Chicog]

1 hour ago, nikster said:

 

Well physical access, sure, how else are you going to take the cash? You have to be there.

 

I'm not talking about taking the cash, I'm talking about installing the malware.

The malware cannot be introduced unless you have physical access to the USB or service ports (or remote access from, usually, the banks network).

Once installed, it can be used to reprogram trays to think they are dispensing smaller amounts, which is what I think happened here.

 

BUT.... there are (or were) other ways to do that without having to install malware on the machine;  If that were the case here then I would be very surprised.

 

https://www.wired.com/2014/11/nashville/

 

[swerver]

On ‎8‎/‎23‎/‎2016 at 3:28 PM, Hawk said:

 

 

Pls get things in the correct prospective.

No NOT the Thai Banks but the equipment they purchase from Exceptionalistan and their lapdogs, in this case NCR which stands for: National Cash Register.

[adhd]

online banking here goes with just a login & password...so 1999

 

[pbeieio]

NCR, a Scottish company???? ......... No!

Yes the ATM was invented by a Scot 

[tukkytuktuk]

There are only 2 ways to gain access to the USB port of an ATM to install malware.
- Having a key to the ATM.
- Cutting a hole into the ATM then patching the hole.

Download the malware off the net
Cut the plastic ATM cover with a cutting tool
Attach mobile phone to USB
Start malware.
Cover hole with adhesive metal and sticker.
Go to next ATM repeat
Next day or two withdraw.
Simple.

[tukkytuktuk]

Attach an old style black box skimmer and you can get what they call in the hacking world double jackpot.

[MyFriend You]

On 8/23/2016 at 11:02 AM, Don Mega said:

21 x 40,000 = 12.29 million

 

am I missing something ?

I think they mean the hackers were able to take 40,000 each time from each of the 21 machines, each machine would be about 15 withdrawals of 40K each.

[Chicog]

15 hours ago, tukkytuktuk said:

Download the malware off the net
Cut the plastic ATM cover with a cutting tool
Attach mobile phone to USB
Start malware.
Cover hole with adhesive metal and sticker.
Go to next ATM repeat
Next day or two withdraw.
Simple.

 

Why bother when you can sit on the Internet, hack their network, take control of the computer they use to reconfigure the ATMs and do it all from the comfort of your own home.

Which it seems is what happened here.

 

 

[rijit]

^^^ and if thats so,, why only 12.5 million ?

[johng]

Seems more likely that they used a USB stick (or some other device) with malware specifically tailored to each individual ATM machine
Which enabled them to bypass all security measures and "talk" directly to the money dispensing mechanism of the hacked ATM...it needed physical access to the ATM and a physical person to withdraw and run away with the jackpot.

[rijit]

^ yeah suppose it was the 'smarter' move as the trail ends when they take the money out, if it was transferred electronically they would be able to trace it.

[hawker9000]

"He said that the stolen money belong to the bank, not the customers, so GSB would demand compensation from the manufacturer of the machines. "

 

A guarantee that customers who've had money taken from their accounts will be reimbursed then...