Jump to content
All visa questions and fresh Immigration updates here ×

GSB hack: ATM malware gang have escaped abroad, say police

webfact

By webfact
in Thailand News

 Share

Recommended Posts

webfact Grand Master Member

webfact

Posted
Posted

GSB hack: ATM malware gang have escaped abroad, say police

 

55.jpg

Image: Thairath

 

BANGKOK: -- Police have announced that the Eastern European gang that hit almost two dozen Omsin Bank ATMs in the south and Bangkok have fled the country.

 

Police know the identity of five gang members and there is CCTV footage of the gang in action, reported Thairath. They introduced malware with electronic cards to Omsin ATMs in several provinces. The machines then spewed out cash and losses are at least 12 million baht.

 

The theft prompted the bank to shut down its 3000 ATMs nationwide.

 

ATMs in Phuket, Surat Thani, Chumporn, Prajuap Khiri Khan, Petchaburi and Bangkok were hit.

 

Police spokesman Panya Mamen said that five suspects are now known to police but they have fled the country. The thefts took place at 21 ATMs from July 7th to 30th but were only discovered later.

 

The malware was clever in concealing that money had been taken until accounts were tallied later.

 

Panya said that the gang was the same as one that had operated in Taiwan in July and Malaysia in 2014. There is also a suggestion that Thai nationals might be complicit in the crime.

 

Also it has been revealed that the five gang members came into and out of Thailand five times in the lead up to the theft.

 

A meeting will be held between the banks, government and police on Friday to discuss what happened and prepare preventative measures for the future.

 

Source: Thairath

 
tvn_logo.jpg
-- © Copyright Thai Visa News 2016-08-24
Link to comment
Share on other sites
KhunBENQ Star Member

KhunBENQ

Posted
Posted

Damage not only for this bank (though no customer directly affected) but for the use of ATMs in general.

 

From the report in other newspaper it is very clear that again ATMs are affected that are freely accessible (not wall mounted) and not under watch like inside bank branches, malls etc.

 

I am really stunned when I sometimes see ATMs standing, cables hanging outside, antennas sitting on top etc. Avoid them whenever possible and do the extra walk to an enclosed location (under watch).

 

Link to comment
Share on other sites
webfact Grand Master Member

webfact

Posted
  • Author
Posted

Eastern European theft gang behind the hacking of GSB’s ATMs

 

884_ATM-wpcf_728x409.jpg

 

BANGKOK: -- Five eastern European hackers were believed to have hacked into the Government Savings Bank’s ATM system with the use of Malware virus and escaped with about 12 million baht in cash, Pol Gen Panya Mamen, a senior advisor of the Royal Thai Police, disclosed on Wednesday.

 

The gang has already left Thailand and the police would seek cooperation from the Interpol to track them down, he said.

 

From the investigation, Pol Gen Panya said the gang released Malware virus to the autometic telling machines in Phuket. Once a machine was infected by the virus and when a fake card was inserted into the machine, all the cash in the machine would flow out, he added.

 

The virus then spread to the other 21 ATMs in Surat Thani, Chumporn, Prachuab Khiri Khan, Petchaburi and Bangkok.

 

The pattern of the hacking by the gang was similar to the one which happened in Taiwan in July, said the police general, adding that the gang had made several trips into Thailand before the thefts which took place on August 8.

 

As for a similar incident in Phang-nga province in April in which thieves escaped with over four million bath in cash stolen from ATMs, Pol Gen Panya said police were yet to determine whether the hackers were the same gang.

 

The Royal Thai Police will hold a meeting on Friday to discuss the issue with parties concerned in order to mete out preventive measures against the electronic thievery.

 

Source: http://englishnews.thaipbs.or.th/eastern-european-theft-gang-behind-hacking-gsbs-atms/

 
thaipbs_logo.jpg
-- © Copyright Thai PBS 2016-08-24
Link to comment
Share on other sites
Alive Rookie Member

Alive

Posted
Posted

I can't explain why but I've always felt this GSB should go out of business. I've always had fear using their ATMs. I wonder what this bank actually does and how it exists. Does it only make money from the government using it? It never seems busy and it has always looked dumpy compared to the other banks in Thailand.

Link to comment
Share on other sites
kiwikeith Gold Member

kiwikeith

Posted
Posted
52 minutes ago, Pib said:

No one needs to worry....I'm sure the current ATM use fee structure takes these kinds of periodic losses into account to ensure ATM remain highly profitable slot machines for the banksters.

 

 

I quite agree, Banks don't seem to bothered by ATM robbery, also there have been a few insiders caught recently which I suspect is quite a rampant thing.

It seems they catch them as fast  as new ones appear.

I personaly have seen them in action twice, once in BK and once in Chiang Mai.

Link to comment
Share on other sites
Briggsy Diamond Member

Briggsy

Posted
Posted
23 minutes ago, Alive said:

I can't explain why but I've always felt this GSB should go out of business. I've always had fear using their ATMs. I wonder what this bank actually does and how it exists. Does it only make money from the government using it? It never seems busy and it has always looked dumpy compared to the other banks in Thailand.

You seem confused.

Most countries around the world have some equivalent to a Government Savings Bank. It won't go out of business because it is backed and owned by the Thai government. It is one of many government-owned banks in Thailand. Its niche is to offer savings products to the mass population. It exists because the government uses it to borrow the money the bank receives from savers. I imagine its profit (nominal or real) is created by the nominal or real amount it charges borrowers less the amount it pays out in interest less administrative expenses. This seems odd as the main customer is also the main shareholder. It never seems busy because it probably is never busy because public sector institutions when competing with the private sector generally don't do it very well. There is no profit or survival incentive.

Perhaps your feeling stems from the fact that it is not really aimed at foreigners with little literature in English, is not competitive in terms of range of services or customer service and is a shocking pink colour.

Link to comment
Share on other sites
Bangkok Barry Diamond Member

Bangkok Barry

Posted
Posted
2 hours ago, KhunBENQ said:

Damage not only for this bank (though no customer directly affected) but for the use of ATMs in general.

 

From the report in other newspaper it is very clear that again ATMs are affected that are freely accessible (not wall mounted) and not under watch like inside bank branches, malls etc.

 

I am really stunned when I sometimes see ATMs standing, cables hanging outside, antennas sitting on top etc. Avoid them whenever possible and do the extra walk to an enclosed location (under watch).

 

 

The antenna thing is interesting. At one time I was trying to get internet from True out in the sticks, and they asked me if there was an ATM nearby as I could have used their wireless signal. Scary.

 

Link to comment
Share on other sites
powerdude Rookie Member

powerdude

Posted
Posted

i guess it works the other way, you can not just enter an atm card and expect it to crack the system just like that.

there must be some reverse engineering. they either had one of these atms or operating system to study...

so it leaks from manufacturer, outsourced subcontractor or from maintenance company...

 

and funny thing is that people you see on the cctv and atm cameras - are "dummy" who just takes the money for a percentage.

Link to comment
Share on other sites
apalink_thailand Advanced Member

apalink_thailand

Posted
Posted

12 THB million in cash, stuffed into a suitcase and then, presumably, flown out with the perps on a commercial airline (also presumably). Wherever they ended up (probably somewhere in Asia), they now have to convert this cash into some other major currency since THB useless outside of Thailand.  Interesting.

Link to comment
Share on other sites
akentryan Senior Member

akentryan

Posted
Posted
10 minutes ago, apalink_thailand said:

12 THB million in cash, stuffed into a suitcase and then, presumably, flown out with the perps on a commercial airline (also presumably). Wherever they ended up (probably somewhere in Asia), they now have to convert this cash into some other major currency since THB useless outside of Thailand.  Interesting.

Or perhaps stored with a local accomplice or laundered by a Thai associate? I doubt they would risk checking a suitcase full of baht but who knows where the foreign laundry might be?

Link to comment
Share on other sites
Muhendis Platinum Member

Muhendis

Posted
Posted

I really don't understand what has happened here. The ATM is, as far as I am aware, just a dumb user interface. The user inserts their card which identifies an account to the bank the user then inputs a pin which confirms the account.

So.

How did the hackers bypass the account system to gain access to the bank's money. Could they have invented a system for opening a new account via the ATM? No, because there is a requirement for the bank to verify the authenticity of prospective account owner at the human level. Also the account needs money in it to withdraw. 

The bank say it was their money and not the customers so how does their (the banks) system manage to give access to corporate funds through an ATM?

Its an inside job.

Link to comment
Share on other sites
roamer Platinum Member

roamer

Posted
Posted
19 minutes ago, Muhendis said:

I really don't understand what has happened here. The ATM is, as far as I am aware, just a dumb user interface. The user inserts their card which identifies an account to the bank the user then inputs a pin which confirms the account.

So.

How did the hackers bypass the account system to gain access to the bank's money. Could they have invented a system for opening a new account via the ATM? No, because there is a requirement for the bank to verify the authenticity of prospective account owner at the human level. Also the account needs money in it to withdraw. 

The bank say it was their money and not the customers so how does their (the banks) system manage to give access to corporate funds through an ATM?

Its an inside job.

 

This operates at a different level. They gain control of the machine and can empty the money cassettes. The key is physical access to an atm (not the money cassettes) in order to insert the malware via a cd. Not as difficult as it sounds if they have been left on manufacturers defaults. Can also be done at a network level. This will give you an idea:

https://securelist.com/blog/research/74772/atm-infector/

 

Simple precautions like changing default BIOS password are effective, as is anti virus software.

Link to comment
Share on other sites
adhd Rookie Member

adhd

Posted
Posted

let me guess, romanians ?

 

and this cannot be other than an inside job

 

otherwise, how did they know about vulnerabilities ?

 

reminds me of the series HEROES, where that one black boy had to power to talk to machines and could also make the ATM spew out money... maybe they were inspired by that

Link to comment
Share on other sites
brianinbangkok Advanced Member

brianinbangkok

Posted
Posted
I really don't understand what has happened here. The ATM is, as far as I am aware, just a dumb user interface. The user inserts their card which identifies an account to the bank the user then inputs a pin which confirms the account.

So.

How did the hackers bypass the account system to gain access to the bank's money. Could they have invented a system for opening a new account via the ATM? No, because there is a requirement for the bank to verify the authenticity of prospective account owner at the human level. Also the account needs money in it to withdraw. 

The bank say it was their money and not the customers so how does their (the banks) system manage to give access to corporate funds through an ATM?

Its an inside job.


They do not need an account.

The ATM has money in it , all thats needed is insert a program into the ATM computer and let that program control the money dispencer part if the ATM so it starts giving out the cash. This bypasses the bank system...
Link to comment
Share on other sites
brianinbangkok Advanced Member

brianinbangkok

Posted
Posted
let me guess, romanians ?

 

and this cannot be other than an inside job

 

otherwise, how did they know about vulnerabilities ?

 

reminds me of the series HEROES, where that one black boy had to power to talk to machines and could also make the ATM spew out money... maybe they were inspired by that



Romanians I agree very likely

http://www.wired.com/2011/01/ff_hackerville_romania/

Its a business for them.


Insider job. Not likely.

The have been hitting a lot if countries.

http://securityaffairs.co/wordpress/49429/cyber-crime/taiwan-atm-hacking.html
Link to comment
Share on other sites
Thaidream Advanced Member

Thaidream

Posted
Posted

According to a report from Taiwan the methodology is to hack the banks main server- then get access to the administrator's pass system and install the malware directly into the server and set the protocols.  Then the perpetrators establish which ATMS they want to hit- in the Thailand case I believe it was  21 ATMS.  They use between 20-30 people spread out at the ATMS and then strike usually around midnight or after. Each person has an access card which directs the malware to allow the ATM to dispense -in the case of Thailand- 40K Baht.  Thn after the theft- the ATM resets to its normal way of dispensing with no notice that anything is wrong until it is time at the end of the day to balance the ATM account. By this time the Perps would have already left the country.

According to the article the  actual hackers go in and out  to the system several times cause a false reading and then eventually at some point the banks security  ignores a warning because they think it is still a false signal- that is when the malware is inserted. An easier way would get ahold of the Administrator's password direct from the administrator who would then be an accomplice. These people are clever and very tech savvy and are going to be difficult to catch although apparently the Taiwan police have 2 or 3 of them  and must have a wealth of information to share.

To me it appears the banks security system is the cause because when malware is installed  there is  a system notice and each one needs to be investigated. The perpetrators defintely have done their homework.. 

Link to comment
Share on other sites
csabo Silver Member

csabo

Posted
Posted
6 hours ago, sahibji said:

that is quick. unless interpol  can help there is pretty little that can be done.

 

serious damage to the credibility of the Bank involved.

 

How is it you think Interpol would help?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.







×
×
  • Create New...