Krung Thai bank assures ATM customers that GSB woes will not affect their customers

[webfact]

Krung Thai bank assures ATM customers that GSB woes will not affect their customers

 

Image: Thairath

 

BANGKOK: -- Krung Thai bank has moved swiftly to assure worried customers that their ATMs are safe to use.

 

This is despite the fact that they have a quantity of the same NCR machines that were hacked by an eastern European gang who hit the Government Savings Bang or Omsin Bank earlier this month, reported Thairath.

 

The thieves introduced malware into some twenty one machines and got away with 12 million baht before fleeing the country. The attack caused the GSB to shut down much of their nationwide ATMs.

 

Krung Thai deputy tech manager Withet Taechangam assured customers that their machines could not be hit in the same way as they have exceptional security measures to protect their clients. 

 

Though they have a quantity of the NCR machines they are loaded with software impervious to attack from malware, he stressed.

 

Five eastern European gang members known to police are believed to have escaped and fled Thailand. They are thought to be responsible for similar thefts using malware in Malaysia in 2014 and Taiwan in July.

 

Source: Thairath

 

-- © Copyright Thai Visa News 2016-08-25

[BigBadGeordie]

 

"Though they have a quantity of the NCR machines they are loaded with software impervious to attack from malware, he stressed."

 

Tempting fate, famous last words, time will tell.

[NongKhaiKid]

Be an individual,  company,  organisation and especially a government when OTT assurances are given I do worry  !

KT Bank are claiming   '  exceptional  '   security measures,     yes right.      

Ironically the BBC World TV's   '  new crawler  '   is showing a headline,   not expanded upon as yet,   that a study reveals Asian companies have the world's worst cyber security.   ! 

[Pib]

The KrungThai Bank majority owner is the govt....guess you would call them a state-owned enterprise...they are listed as stated owned at the Ministry of Finance website.   Wouldn't surprise me if GSB and KTB have participated in joint buys of ATMs over the years.  

 

http://www2.mof.go.th/state_enterprises.htm

 

[williamgeorgeallen]

well i am in the process of selling up everything in thailand. both houses are gone. half my business is gone. next i am selling my pick up. i dont want to own anything in this country. all my cash and assets are going to be in nz and i will use my ATM card very carefully to withdraw my living expenses. i would rather rent everything. nothing seems safe in thailand. maybe i am being a bit paranoid.

[adhd]

everything is safe, lol, till they also get hacked...

 

2016, still no chip on the card

 

these scams are known since 2007

 

 

[HHTel]

As far as I know.  All cards issued from May of this year are chipped.  Mine certainly is.

[gdgbb]

31 minutes ago, adhd said:

everything is safe, lol, till they also get hacked...

 

2016, still no chip on the card

 

these scams are known since 2007

 

 

How would a chip on customers cards have been beneficial in the GSB case? 

 

Yes, these attacks have been known of since 2007 and so far KTB has been able to protect itself for many years as had GSB until last month and no customers were affected.

[Bangkok Barry]

Funny, isn't it, that the GSB immediately blamed the foreign-made machines for the problem. The fact that other banks such as Krung Thai Bank have had no problems using the same machines shows exactly where the blame lies. And it isn't with the Scottish-made machines.

Edited August 25, 2016 by Bangkok Barry

[jobsworth]

i still don't understand how they did it. they must have had access to the server which makes it an inside job. then planted code on the server to accept their dummy atm cards at a certain time on certain atm machines. then used a gang of 20 to access the named atm machines at that time. this could be done on any atm machine. nothing need to have been done to the atm machines.

 

[sahibji]

2 hours ago, williamgeorgeallen said:

well i am in the process of selling up everything in thailand. both houses are gone. half my business is gone. next i am selling my pick up. i dont want to own anything in this country. all my cash and assets are going to be in nz and i will use my ATM card very carefully to withdraw my living expenses. i would rather rent everything. nothing seems safe in thailand. maybe i am being a bit paranoid.

there is nothing paranoid in your thinking. we compute out needs with the data in our brain and if the results indicate that you would be better off elsewhere, it is your personal choice.

[sahibji]

it is assuring that the bank has come forward to put their clients at ease. you need the confidence of the clients if you want a stable banking system.

[Hawk]

"Though they have a quantity of the NCR machines they are loaded with software impervious to attack from malware, he stressed."

 

 

They are not impervious to attack, new malware is being made by hackers out there that will attack any program as Windows seems to be the weakest of all the operating systems.

 If determined hackers can attack NORAD, Barclays Bank and places like that what hope does a silly Windows CE program have of stopping anyone. 

 

[Hawk]

1 hour ago, jobsworth said:

i still don't understand how they did it. they must have had access to the server which makes it an inside job.

 

 

I suggest that you that you look at Youtube for inspiration and you will then see it was an outside job.

[gandalf12]

1 hour ago, jobsworth said:

i still don't understand how they did it. they must have had access to the server which makes it an inside job. then planted code on the server to accept their dummy atm cards at a certain time on certain atm machines. then used a gang of 20 to access the named atm machines at that time. this could be done on any atm machine. nothing need to have been done to the atm machines.

 

ATM machines communicate over standard wiring to the Internet. There is no special security in the installation, that has to be in the access and confirmation processes which it would appear to be sadly lacking in this case.

The Institution of Engineering and Technology in the UK had a very good article on this very subject of ATM security

[Hawk]

2 hours ago, adhd said:

 

 

2016, still no chip on the card

 

 

 

 

 

Even chips are not safe, they can be purchased in bulk and programmed by whoever.

[Thaidream]

Since this broke- I have been reading extensively on this and am now convinced there are 3 ways this can be done and it has nothing to do with who manufactures the ATM machines.

-The server is attacked and entered and the administrator password compromised and obtained giving the attackers complete access-to insert the malware  the ATMS are targeted- 40K would be the max as too many bills will not fit in the slot and clog the machine.  The perps normally would take out the money after dark because they need to use a special card to insert into the ATM. However before anything is done- the perps send a signal thru the server which causes a warning to flash in the security center of the bank- The warning is a false warning and ignored- Many more false warnings are given- at some point the bank doesn't check anymore due to the false warnings- Now is the time to hit the ATMs.

-An actual ATM is chosen and the ATM cover is entered and the malware inserted directly into the system by placing a device on the ATM that then gives access to the holder of a special card. However, this is riskier because it takes time to open the machine and insert the device. Of course, if you have a local ATM repair person on your payroll it is easy.

-A special  mini computer- called a black box- is inserted directly into the ATM slot and the malware placed directly into the ATM. Again- this is risky as you are standing at an aTM machine with a device in your hand.

The breakdown is because the bank's security is not up to speed and the security people are not following each warning that is being given. Even if there are 50 false warnings- the 51st could be the real one.

Apparently the ATMS chosen were in somewhat remote locations and the ATMS hit in the wee hours of the morning when traffic is light. The Taiwan police have a few of these peerps in custody. I would hope they have extracted information from them and share it. 

[Hawk]

10 minutes ago, Thaidream said:

Since this broke- I have been reading extensively on this and am now convinced there are 3 ways this can be done and it has nothing to do with who manufactures the ATM machines.

-The server is attacked and entered and the administrator password compromised and obtained giving the attackers complete access-to insert the malware  the ATMS are targeted-

 

The ATM's on board computer is similar to a very low quality tablet, so the hacker simply introduces a software update and upgrade, he doesn't need passwords because he is giving the machine a new menu and program which the little ATM accepts and then upgrades to the new program. So press Start and the hackers menu pops up giving him full control on the pay out system.

Go to Youtube and see how software and firmware are updated, see how to override one program with another, a Windows 7 upgraded to a Windows 10, or a Windows replaced by a LInux, or even two programs running side by side.  

[elgordo38]

I would really start to worry when hearing of bank assurances. They are in the same realm and also owned by the government. The government assured us that the sub purchase was shelved wellll it turned out they were lying. The big one that bothers me is that they say they will keep their hands of the government 30 baht card health care system. Look out!!

[swerver]

On ‎8‎/‎25‎/‎2016 at 8:54 AM, williamgeorgeallen said:

well i am in the process of selling up everything in thailand. both houses are gone. half my business is gone. next i am selling my pick up. i dont want to own anything in this country. all my cash and assets are going to be in nz and i will use my ATM card very carefully to withdraw my living expenses. i would rather rent everything. nothing seems safe in thailand. maybe i am being a bit paranoid.

 

 

nz does that mean Nieuw Zeeland as the Poms changed it to New Zealand.

Well my experience with Kiwiland which I based on my years of the first half of the fifties when it was a country with honest people turned out to have drastically changed towards the end of 21st century costing me a fair bundle of NZ$.

Wishing you the best of luck in your change of country.

[williamgeorgeallen]

17 minutes ago, swerver said:

 

 

nz does that mean Nieuw Zeeland as the Poms changed it to New Zealand.

Well my experience with Kiwiland which I based on my years of the first half of the fifties when it was a country with honest people turned out to have drastically changed towards the end of 21st century costing me a fair bundle of NZ$.

Wishing you the best of luck in your change of country.

i lived the firs half of my life in nz. 21 years. hope it is the same as when i left. maybe i am hoping for too much.