Cyber-robbers flee Taiwan with swag swiped from ‘malware-infected machines’
Authorities in Taiwan are trying to work out how hackers managed to trick a network of bank ATMs into spitting out millions.
Police suspect that two Russian nationals wearing masks cashed out dozens of ATMs operated by Taiwan’s First Bank on Sunday and left the country the following day.

The crooks stole an estimated T$70m ($2.2m) hours after a typhoon battered the region around Taipei, the Taiwanese capital.

The two (or perhaps at least three) crooks behind the theft didn’t use bank cards, judging from security camera footage.
Instead, the cybercriminals appeared to gain control of the machines with a “connected device,” possibly a smartphone, according to police.
Targeted ATMs were made by German manufacturer Wincor Nixdorf, which admits some of its machines in Taiwan were hacked as part of a “premeditated attack.” Three different (unspecified) strains of malware were found on the compromised machines.
First Bank and other Taiwanese banks suspended withdrawals from their ATMs as a precaution following the attack, pending inspections to determine whether any cyber-tampering took place.
Security experts have already come up with some theories to explain how the systematic hack might have been pulled off.
Craig Young, a security researcher in the Vulnerability and Exposures Research Team at security tools firm Tripwire, said: “It may be that attackers have found another ATM jackpotting technique like the ones demonstrated by Barnaby Jack at Black Hat USA 2010.

These attacks used malware to reprogram the machine so that a button sequence would dispense cash.
“Some ATMs have network management systems with well-known default passwords, and in many cases thieves access USB ports to load malware from a flash drive.

From the description, it sounds like these thieves likely had installed malware ahead of time, enabling a wireless connection to ‘jackpot’ the ATMs.
It is also possible that a vulnerable wireless service could allow unauthorized access from hackers.” ®
Sponsored: 2016 Cyberthreat defense report

Leave a Reply