webfact Posted August 24, 2016 Share Posted August 24, 2016 Krung Thai bank assures ATM customers that GSB woes will not affect their customers Image: Thairath BANGKOK: -- Krung Thai bank has moved swiftly to assure worried customers that their ATMs are safe to use. This is despite the fact that they have a quantity of the same NCR machines that were hacked by an eastern European gang who hit the Government Savings Bang or Omsin Bank earlier this month, reported Thairath. The thieves introduced malware into some twenty one machines and got away with 12 million baht before fleeing the country. The attack caused the GSB to shut down much of their nationwide ATMs. Krung Thai deputy tech manager Withet Taechangam assured customers that their machines could not be hit in the same way as they have exceptional security measures to protect their clients. Though they have a quantity of the NCR machines they are loaded with software impervious to attack from malware, he stressed. Five eastern European gang members known to police are believed to have escaped and fled Thailand. They are thought to be responsible for similar thefts using malware in Malaysia in 2014 and Taiwan in July. Source: Thairath -- © Copyright Thai Visa News 2016-08-25 Link to comment Share on other sites More sharing options...
BigBadGeordie Posted August 25, 2016 Share Posted August 25, 2016 "Though they have a quantity of the NCR machines they are loaded with software impervious to attack from malware, he stressed." Tempting fate, famous last words, time will tell. Link to comment Share on other sites More sharing options...
NongKhaiKid Posted August 25, 2016 Share Posted August 25, 2016 Be an individual, company, organisation and especially a government when OTT assurances are given I do worry ! KT Bank are claiming ' exceptional ' security measures, yes right. Ironically the BBC World TV's ' new crawler ' is showing a headline, not expanded upon as yet, that a study reveals Asian companies have the world's worst cyber security. ! Link to comment Share on other sites More sharing options...
Pib Posted August 25, 2016 Share Posted August 25, 2016 The KrungThai Bank majority owner is the govt....guess you would call them a state-owned enterprise...they are listed as stated owned at the Ministry of Finance website. Wouldn't surprise me if GSB and KTB have participated in joint buys of ATMs over the years. http://www2.mof.go.th/state_enterprises.htm Link to comment Share on other sites More sharing options...
williamgeorgeallen Posted August 25, 2016 Share Posted August 25, 2016 well i am in the process of selling up everything in thailand. both houses are gone. half my business is gone. next i am selling my pick up. i dont want to own anything in this country. all my cash and assets are going to be in nz and i will use my ATM card very carefully to withdraw my living expenses. i would rather rent everything. nothing seems safe in thailand. maybe i am being a bit paranoid. Link to comment Share on other sites More sharing options...
adhd Posted August 25, 2016 Share Posted August 25, 2016 everything is safe, lol, till they also get hacked... 2016, still no chip on the card these scams are known since 2007 Link to comment Share on other sites More sharing options...
HHTel Posted August 25, 2016 Share Posted August 25, 2016 As far as I know. All cards issued from May of this year are chipped. Mine certainly is. Link to comment Share on other sites More sharing options...
gdgbb Posted August 25, 2016 Share Posted August 25, 2016 31 minutes ago, adhd said: everything is safe, lol, till they also get hacked... 2016, still no chip on the card these scams are known since 2007 How would a chip on customers cards have been beneficial in the GSB case? Yes, these attacks have been known of since 2007 and so far KTB has been able to protect itself for many years as had GSB until last month and no customers were affected. Link to comment Share on other sites More sharing options...
Bangkok Barry Posted August 25, 2016 Share Posted August 25, 2016 (edited) Funny, isn't it, that the GSB immediately blamed the foreign-made machines for the problem. The fact that other banks such as Krung Thai Bank have had no problems using the same machines shows exactly where the blame lies. And it isn't with the Scottish-made machines. Edited August 25, 2016 by Bangkok Barry Link to comment Share on other sites More sharing options...
jobsworth Posted August 25, 2016 Share Posted August 25, 2016 i still don't understand how they did it. they must have had access to the server which makes it an inside job. then planted code on the server to accept their dummy atm cards at a certain time on certain atm machines. then used a gang of 20 to access the named atm machines at that time. this could be done on any atm machine. nothing need to have been done to the atm machines. Link to comment Share on other sites More sharing options...
sahibji Posted August 25, 2016 Share Posted August 25, 2016 2 hours ago, williamgeorgeallen said: well i am in the process of selling up everything in thailand. both houses are gone. half my business is gone. next i am selling my pick up. i dont want to own anything in this country. all my cash and assets are going to be in nz and i will use my ATM card very carefully to withdraw my living expenses. i would rather rent everything. nothing seems safe in thailand. maybe i am being a bit paranoid. there is nothing paranoid in your thinking. we compute out needs with the data in our brain and if the results indicate that you would be better off elsewhere, it is your personal choice. Link to comment Share on other sites More sharing options...
sahibji Posted August 25, 2016 Share Posted August 25, 2016 it is assuring that the bank has come forward to put their clients at ease. you need the confidence of the clients if you want a stable banking system. Link to comment Share on other sites More sharing options...
Hawk Posted August 25, 2016 Share Posted August 25, 2016 "Though they have a quantity of the NCR machines they are loaded with software impervious to attack from malware, he stressed." They are not impervious to attack, new malware is being made by hackers out there that will attack any program as Windows seems to be the weakest of all the operating systems. If determined hackers can attack NORAD, Barclays Bank and places like that what hope does a silly Windows CE program have of stopping anyone. Link to comment Share on other sites More sharing options...
Hawk Posted August 25, 2016 Share Posted August 25, 2016 1 hour ago, jobsworth said: i still don't understand how they did it. they must have had access to the server which makes it an inside job. I suggest that you that you look at Youtube for inspiration and you will then see it was an outside job. Link to comment Share on other sites More sharing options...
gandalf12 Posted August 25, 2016 Share Posted August 25, 2016 1 hour ago, jobsworth said: i still don't understand how they did it. they must have had access to the server which makes it an inside job. then planted code on the server to accept their dummy atm cards at a certain time on certain atm machines. then used a gang of 20 to access the named atm machines at that time. this could be done on any atm machine. nothing need to have been done to the atm machines. ATM machines communicate over standard wiring to the Internet. There is no special security in the installation, that has to be in the access and confirmation processes which it would appear to be sadly lacking in this case. The Institution of Engineering and Technology in the UK had a very good article on this very subject of ATM security Link to comment Share on other sites More sharing options...
Hawk Posted August 25, 2016 Share Posted August 25, 2016 2 hours ago, adhd said: 2016, still no chip on the card Even chips are not safe, they can be purchased in bulk and programmed by whoever. Link to comment Share on other sites More sharing options...
Thaidream Posted August 25, 2016 Share Posted August 25, 2016 Since this broke- I have been reading extensively on this and am now convinced there are 3 ways this can be done and it has nothing to do with who manufactures the ATM machines. -The server is attacked and entered and the administrator password compromised and obtained giving the attackers complete access-to insert the malware the ATMS are targeted- 40K would be the max as too many bills will not fit in the slot and clog the machine. The perps normally would take out the money after dark because they need to use a special card to insert into the ATM. However before anything is done- the perps send a signal thru the server which causes a warning to flash in the security center of the bank- The warning is a false warning and ignored- Many more false warnings are given- at some point the bank doesn't check anymore due to the false warnings- Now is the time to hit the ATMs. -An actual ATM is chosen and the ATM cover is entered and the malware inserted directly into the system by placing a device on the ATM that then gives access to the holder of a special card. However, this is riskier because it takes time to open the machine and insert the device. Of course, if you have a local ATM repair person on your payroll it is easy. -A special mini computer- called a black box- is inserted directly into the ATM slot and the malware placed directly into the ATM. Again- this is risky as you are standing at an aTM machine with a device in your hand. The breakdown is because the bank's security is not up to speed and the security people are not following each warning that is being given. Even if there are 50 false warnings- the 51st could be the real one. Apparently the ATMS chosen were in somewhat remote locations and the ATMS hit in the wee hours of the morning when traffic is light. The Taiwan police have a few of these peerps in custody. I would hope they have extracted information from them and share it. Link to comment Share on other sites More sharing options...
Hawk Posted August 25, 2016 Share Posted August 25, 2016 10 minutes ago, Thaidream said: Since this broke- I have been reading extensively on this and am now convinced there are 3 ways this can be done and it has nothing to do with who manufactures the ATM machines. -The server is attacked and entered and the administrator password compromised and obtained giving the attackers complete access-to insert the malware the ATMS are targeted- The ATM's on board computer is similar to a very low quality tablet, so the hacker simply introduces a software update and upgrade, he doesn't need passwords because he is giving the machine a new menu and program which the little ATM accepts and then upgrades to the new program. So press Start and the hackers menu pops up giving him full control on the pay out system. Go to Youtube and see how software and firmware are updated, see how to override one program with another, a Windows 7 upgraded to a Windows 10, or a Windows replaced by a LInux, or even two programs running side by side. Link to comment Share on other sites More sharing options...
elgordo38 Posted August 25, 2016 Share Posted August 25, 2016 I would really start to worry when hearing of bank assurances. They are in the same realm and also owned by the government. The government assured us that the sub purchase was shelved wellll it turned out they were lying. The big one that bothers me is that they say they will keep their hands of the government 30 baht card health care system. Look out!! Link to comment Share on other sites More sharing options...
swerver Posted August 26, 2016 Share Posted August 26, 2016 On 8/25/2016 at 8:54 AM, williamgeorgeallen said: well i am in the process of selling up everything in thailand. both houses are gone. half my business is gone. next i am selling my pick up. i dont want to own anything in this country. all my cash and assets are going to be in nz and i will use my ATM card very carefully to withdraw my living expenses. i would rather rent everything. nothing seems safe in thailand. maybe i am being a bit paranoid. nz does that mean Nieuw Zeeland as the Poms changed it to New Zealand. Well my experience with Kiwiland which I based on my years of the first half of the fifties when it was a country with honest people turned out to have drastically changed towards the end of 21st century costing me a fair bundle of NZ$. Wishing you the best of luck in your change of country. Link to comment Share on other sites More sharing options...
williamgeorgeallen Posted August 26, 2016 Share Posted August 26, 2016 17 minutes ago, swerver said: nz does that mean Nieuw Zeeland as the Poms changed it to New Zealand. Well my experience with Kiwiland which I based on my years of the first half of the fifties when it was a country with honest people turned out to have drastically changed towards the end of 21st century costing me a fair bundle of NZ$. Wishing you the best of luck in your change of country. i lived the firs half of my life in nz. 21 years. hope it is the same as when i left. maybe i am hoping for too much. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now