It wasn’t a case of bank cards being hijacked, but merely a connected device like a smartphone that a few miscreant hackers used to trick a network of bank ATMs in Taiwan into spitting out $2.2 million. The crooks, who police suspect, were two Russian nationals, cashed out dozens of ATMs operated by Taiwan's First Bank on Sunday and left the country the following day.
Targeted ATMs were made by German manufacturer Wincor Nixdorf, which admits some of its machines in Taiwan were hacked as part of a "premeditated attack." Three different, but unspecified, strains of malware were found on the compromised machines. "Our industry has knowledge of attacks that have been carried out in a similar manner on ATMs of various origins – of which both banks and manufacturers are aware,” the company said in a statement.
First Bank and other Taiwanese banks suspended withdrawals from their ATMs as a precaution following the attack, pending inspections to determine whether any cyber-tampering took place.
“It may be that attackers have found another ATM jackpotting technique like the ones demonstrated by Barnaby Jack at Black Hat USA 2010. These attacks used malware to reprogram the machine so that a button sequence would dispense cash,” Craig Young, a security researcher in the Vulnerability and Exposures Research Team at security tools firm Tripwire, said.
He added that some ATMs have network management systems with well-known default passwords, and in many cases thieves access USB ports to load malware from a flash drive. In this case, the thieves may have installed malware ahead of time, enabling a wireless connection to 'jackpot' the ATMs.