webfact Posted August 24, 2016 Share Posted August 24, 2016 GSB hack: ATM malware gang have escaped abroad, say police Image: Thairath BANGKOK: -- Police have announced that the Eastern European gang that hit almost two dozen Omsin Bank ATMs in the south and Bangkok have fled the country. Police know the identity of five gang members and there is CCTV footage of the gang in action, reported Thairath. They introduced malware with electronic cards to Omsin ATMs in several provinces. The machines then spewed out cash and losses are at least 12 million baht. The theft prompted the bank to shut down its 3000 ATMs nationwide. ATMs in Phuket, Surat Thani, Chumporn, Prajuap Khiri Khan, Petchaburi and Bangkok were hit. Police spokesman Panya Mamen said that five suspects are now known to police but they have fled the country. The thefts took place at 21 ATMs from July 7th to 30th but were only discovered later. The malware was clever in concealing that money had been taken until accounts were tallied later. Panya said that the gang was the same as one that had operated in Taiwan in July and Malaysia in 2014. There is also a suggestion that Thai nationals might be complicit in the crime. Also it has been revealed that the five gang members came into and out of Thailand five times in the lead up to the theft. A meeting will be held between the banks, government and police on Friday to discuss what happened and prepare preventative measures for the future. Source: Thairath -- © Copyright Thai Visa News 2016-08-24 Link to comment Share on other sites More sharing options...
sahibji Posted August 24, 2016 Share Posted August 24, 2016 that is quick. unless interpol can help there is pretty little that can be done. serious damage to the credibility of the Bank involved. Link to comment Share on other sites More sharing options...
KhunBENQ Posted August 24, 2016 Share Posted August 24, 2016 Damage not only for this bank (though no customer directly affected) but for the use of ATMs in general. From the report in other newspaper it is very clear that again ATMs are affected that are freely accessible (not wall mounted) and not under watch like inside bank branches, malls etc. I am really stunned when I sometimes see ATMs standing, cables hanging outside, antennas sitting on top etc. Avoid them whenever possible and do the extra walk to an enclosed location (under watch). Link to comment Share on other sites More sharing options...
webfact Posted August 24, 2016 Author Share Posted August 24, 2016 Eastern European theft gang behind the hacking of GSB’s ATMs BANGKOK: -- Five eastern European hackers were believed to have hacked into the Government Savings Bank’s ATM system with the use of Malware virus and escaped with about 12 million baht in cash, Pol Gen Panya Mamen, a senior advisor of the Royal Thai Police, disclosed on Wednesday. The gang has already left Thailand and the police would seek cooperation from the Interpol to track them down, he said. From the investigation, Pol Gen Panya said the gang released Malware virus to the autometic telling machines in Phuket. Once a machine was infected by the virus and when a fake card was inserted into the machine, all the cash in the machine would flow out, he added. The virus then spread to the other 21 ATMs in Surat Thani, Chumporn, Prachuab Khiri Khan, Petchaburi and Bangkok. The pattern of the hacking by the gang was similar to the one which happened in Taiwan in July, said the police general, adding that the gang had made several trips into Thailand before the thefts which took place on August 8. As for a similar incident in Phang-nga province in April in which thieves escaped with over four million bath in cash stolen from ATMs, Pol Gen Panya said police were yet to determine whether the hackers were the same gang. The Royal Thai Police will hold a meeting on Friday to discuss the issue with parties concerned in order to mete out preventive measures against the electronic thievery. Source: http://englishnews.thaipbs.or.th/eastern-european-theft-gang-behind-hacking-gsbs-atms/ -- © Copyright Thai PBS 2016-08-24 Link to comment Share on other sites More sharing options...
Pib Posted August 24, 2016 Share Posted August 24, 2016 No one needs to worry....I'm sure the current ATM use fee structure takes these kinds of periodic losses into account to ensure ATM remain highly profitable slot machines for the banksters. Link to comment Share on other sites More sharing options...
ezzra Posted August 24, 2016 Share Posted August 24, 2016 Just as well they didn't run to Singapore fat chance the Thai police would have been able to get them extradited back to Thailand. .. .. Link to comment Share on other sites More sharing options...
louse1953 Posted August 24, 2016 Share Posted August 24, 2016 Smart boys,hit and run.Only the greedy ones get caught.Do it again in a years time. Link to comment Share on other sites More sharing options...
Alive Posted August 24, 2016 Share Posted August 24, 2016 I can't explain why but I've always felt this GSB should go out of business. I've always had fear using their ATMs. I wonder what this bank actually does and how it exists. Does it only make money from the government using it? It never seems busy and it has always looked dumpy compared to the other banks in Thailand. Link to comment Share on other sites More sharing options...
kiwikeith Posted August 24, 2016 Share Posted August 24, 2016 52 minutes ago, Pib said: No one needs to worry....I'm sure the current ATM use fee structure takes these kinds of periodic losses into account to ensure ATM remain highly profitable slot machines for the banksters. I quite agree, Banks don't seem to bothered by ATM robbery, also there have been a few insiders caught recently which I suspect is quite a rampant thing. It seems they catch them as fast as new ones appear. I personaly have seen them in action twice, once in BK and once in Chiang Mai. Link to comment Share on other sites More sharing options...
Briggsy Posted August 24, 2016 Share Posted August 24, 2016 23 minutes ago, Alive said: I can't explain why but I've always felt this GSB should go out of business. I've always had fear using their ATMs. I wonder what this bank actually does and how it exists. Does it only make money from the government using it? It never seems busy and it has always looked dumpy compared to the other banks in Thailand. You seem confused. Most countries around the world have some equivalent to a Government Savings Bank. It won't go out of business because it is backed and owned by the Thai government. It is one of many government-owned banks in Thailand. Its niche is to offer savings products to the mass population. It exists because the government uses it to borrow the money the bank receives from savers. I imagine its profit (nominal or real) is created by the nominal or real amount it charges borrowers less the amount it pays out in interest less administrative expenses. This seems odd as the main customer is also the main shareholder. It never seems busy because it probably is never busy because public sector institutions when competing with the private sector generally don't do it very well. There is no profit or survival incentive. Perhaps your feeling stems from the fact that it is not really aimed at foreigners with little literature in English, is not competitive in terms of range of services or customer service and is a shocking pink colour. Link to comment Share on other sites More sharing options...
Pib Posted August 24, 2016 Share Posted August 24, 2016 Crooks seem to like GSB's range of ATM services. Link to comment Share on other sites More sharing options...
fish monger Posted August 24, 2016 Share Posted August 24, 2016 Happy holidays fellas....! Link to comment Share on other sites More sharing options...
Bangkok Barry Posted August 24, 2016 Share Posted August 24, 2016 2 hours ago, KhunBENQ said: Damage not only for this bank (though no customer directly affected) but for the use of ATMs in general. From the report in other newspaper it is very clear that again ATMs are affected that are freely accessible (not wall mounted) and not under watch like inside bank branches, malls etc. I am really stunned when I sometimes see ATMs standing, cables hanging outside, antennas sitting on top etc. Avoid them whenever possible and do the extra walk to an enclosed location (under watch). The antenna thing is interesting. At one time I was trying to get internet from True out in the sticks, and they asked me if there was an ATM nearby as I could have used their wireless signal. Scary. Link to comment Share on other sites More sharing options...
powerdude Posted August 24, 2016 Share Posted August 24, 2016 i guess it works the other way, you can not just enter an atm card and expect it to crack the system just like that. there must be some reverse engineering. they either had one of these atms or operating system to study... so it leaks from manufacturer, outsourced subcontractor or from maintenance company... and funny thing is that people you see on the cctv and atm cameras - are "dummy" who just takes the money for a percentage. Link to comment Share on other sites More sharing options...
apalink_thailand Posted August 24, 2016 Share Posted August 24, 2016 12 THB million in cash, stuffed into a suitcase and then, presumably, flown out with the perps on a commercial airline (also presumably). Wherever they ended up (probably somewhere in Asia), they now have to convert this cash into some other major currency since THB useless outside of Thailand. Interesting. Link to comment Share on other sites More sharing options...
chainarong Posted August 24, 2016 Share Posted August 24, 2016 2 hours ago, louse1953 said: Smart boys,hit and run.Only the greedy ones get caught.Do it again in a years time. Or go some place else. Link to comment Share on other sites More sharing options...
Somtamnication Posted August 24, 2016 Share Posted August 24, 2016 Some still use Win XP. That OS has more holes than some ladyboys in Thailand! Link to comment Share on other sites More sharing options...
akentryan Posted August 24, 2016 Share Posted August 24, 2016 10 minutes ago, apalink_thailand said: 12 THB million in cash, stuffed into a suitcase and then, presumably, flown out with the perps on a commercial airline (also presumably). Wherever they ended up (probably somewhere in Asia), they now have to convert this cash into some other major currency since THB useless outside of Thailand. Interesting. Or perhaps stored with a local accomplice or laundered by a Thai associate? I doubt they would risk checking a suitcase full of baht but who knows where the foreign laundry might be? Link to comment Share on other sites More sharing options...
Muhendis Posted August 24, 2016 Share Posted August 24, 2016 I really don't understand what has happened here. The ATM is, as far as I am aware, just a dumb user interface. The user inserts their card which identifies an account to the bank the user then inputs a pin which confirms the account. So. How did the hackers bypass the account system to gain access to the bank's money. Could they have invented a system for opening a new account via the ATM? No, because there is a requirement for the bank to verify the authenticity of prospective account owner at the human level. Also the account needs money in it to withdraw. The bank say it was their money and not the customers so how does their (the banks) system manage to give access to corporate funds through an ATM? Its an inside job. Link to comment Share on other sites More sharing options...
roamer Posted August 24, 2016 Share Posted August 24, 2016 19 minutes ago, Muhendis said: I really don't understand what has happened here. The ATM is, as far as I am aware, just a dumb user interface. The user inserts their card which identifies an account to the bank the user then inputs a pin which confirms the account. So. How did the hackers bypass the account system to gain access to the bank's money. Could they have invented a system for opening a new account via the ATM? No, because there is a requirement for the bank to verify the authenticity of prospective account owner at the human level. Also the account needs money in it to withdraw. The bank say it was their money and not the customers so how does their (the banks) system manage to give access to corporate funds through an ATM? Its an inside job. This operates at a different level. They gain control of the machine and can empty the money cassettes. The key is physical access to an atm (not the money cassettes) in order to insert the malware via a cd. Not as difficult as it sounds if they have been left on manufacturers defaults. Can also be done at a network level. This will give you an idea: https://securelist.com/blog/research/74772/atm-infector/ Simple precautions like changing default BIOS password are effective, as is anti virus software. Link to comment Share on other sites More sharing options...
adhd Posted August 24, 2016 Share Posted August 24, 2016 let me guess, romanians ? and this cannot be other than an inside job otherwise, how did they know about vulnerabilities ? reminds me of the series HEROES, where that one black boy had to power to talk to machines and could also make the ATM spew out money... maybe they were inspired by that Link to comment Share on other sites More sharing options...
brianinbangkok Posted August 24, 2016 Share Posted August 24, 2016 I really don't understand what has happened here. The ATM is, as far as I am aware, just a dumb user interface. The user inserts their card which identifies an account to the bank the user then inputs a pin which confirms the account. So. How did the hackers bypass the account system to gain access to the bank's money. Could they have invented a system for opening a new account via the ATM? No, because there is a requirement for the bank to verify the authenticity of prospective account owner at the human level. Also the account needs money in it to withdraw. The bank say it was their money and not the customers so how does their (the banks) system manage to give access to corporate funds through an ATM? Its an inside job.They do not need an account.The ATM has money in it , all thats needed is insert a program into the ATM computer and let that program control the money dispencer part if the ATM so it starts giving out the cash. This bypasses the bank system... Link to comment Share on other sites More sharing options...
SOTIRIOS Posted August 24, 2016 Share Posted August 24, 2016 ....'Thais may be implicated'....duhh... Link to comment Share on other sites More sharing options...
brianinbangkok Posted August 24, 2016 Share Posted August 24, 2016 let me guess, romanians ? and this cannot be other than an inside job otherwise, how did they know about vulnerabilities ? reminds me of the series HEROES, where that one black boy had to power to talk to machines and could also make the ATM spew out money... maybe they were inspired by thatRomanians I agree very likely http://www.wired.com/2011/01/ff_hackerville_romania/Its a business for them.Insider job. Not likely.The have been hitting a lot if countries.http://securityaffairs.co/wordpress/49429/cyber-crime/taiwan-atm-hacking.html Link to comment Share on other sites More sharing options...
Thaidream Posted August 24, 2016 Share Posted August 24, 2016 According to a report from Taiwan the methodology is to hack the banks main server- then get access to the administrator's pass system and install the malware directly into the server and set the protocols. Then the perpetrators establish which ATMS they want to hit- in the Thailand case I believe it was 21 ATMS. They use between 20-30 people spread out at the ATMS and then strike usually around midnight or after. Each person has an access card which directs the malware to allow the ATM to dispense -in the case of Thailand- 40K Baht. Thn after the theft- the ATM resets to its normal way of dispensing with no notice that anything is wrong until it is time at the end of the day to balance the ATM account. By this time the Perps would have already left the country. According to the article the actual hackers go in and out to the system several times cause a false reading and then eventually at some point the banks security ignores a warning because they think it is still a false signal- that is when the malware is inserted. An easier way would get ahold of the Administrator's password direct from the administrator who would then be an accomplice. These people are clever and very tech savvy and are going to be difficult to catch although apparently the Taiwan police have 2 or 3 of them and must have a wealth of information to share. To me it appears the banks security system is the cause because when malware is installed there is a system notice and each one needs to be investigated. The perpetrators defintely have done their homework.. Link to comment Share on other sites More sharing options...
csabo Posted August 24, 2016 Share Posted August 24, 2016 6 hours ago, sahibji said: that is quick. unless interpol can help there is pretty little that can be done. serious damage to the credibility of the Bank involved. How is it you think Interpol would help? Link to comment Share on other sites More sharing options...
jobsworth Posted August 24, 2016 Share Posted August 24, 2016 i am reminded of a visit to the bangkok bank in pattaya the one with he atm downstairs. all that i could get on the screen was a black background with the ms dos prompt C:\>. i did not lose any money. Link to comment Share on other sites More sharing options...
wvavin Posted August 24, 2016 Share Posted August 24, 2016 Quality visitors with quality methods! Link to comment Share on other sites More sharing options...
bluebluewater Posted August 24, 2016 Share Posted August 24, 2016 " The malware was clever in concealing that money had been taken until accounts were tallied later. " ere There is your answer. Sorted. We were not, nor have ever been, able to figure this stuff out even most/many countries have. Link to comment Share on other sites More sharing options...
Redline Posted August 24, 2016 Share Posted August 24, 2016 Surprise, surprise. These guys were pros. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now