AN Eastern European gang of cyber thieves recently made off with over 12 million baht (US$350,000) stolen from ATMs across Thailand owned by Government Savings Bank (GSB).
According to authorities, the perpetrators allegedly exploited vulnerabilities in the ATMs’ software using malware, enabling them to withdraw the cash held by the machines.
The thefts occurred between Aug 1 and 8, hitting 21 ATMs in six provinces, but were only revealed by bank officials this week. The bank has since shut down half of its 7,000 ATMs across the country.
However, GSB officials have reassured its customers that the theft had not affected any bank accounts.
“The robbery of the GSB’s ATMs was to steal the money that belonged to the bank, not the customers,” said the bank’s chief executive Chatchai Payuhanaveechai, as reported by Khaosod English.
“We will seek the damage from the manufacturer of the ATM machines,” he added.
The ATMs which were targeted by the gang were made by a company called NCR.
In light of the cyber heist, Thailand’s Central Bank has warned all commercial banks in the country that ATMs produced by NCR were susceptible to such attacks. There are an estimated 10,000 cash machines produced by the company.
Police have identified five members of the gang through CCTV footage, but some have reportedly fled the country.
The suspects are also believed to have been involved in similar attacks on ATMs in Taiwan earlier this year, which saw banks losing up to US$2.2 million.
According to cyber security experts, hacking an ATM machine is easy these days, thanks to the Internet.
Thailand Information Security Association’s vice president Prinya Hom-Anek told the Bangkok Post: “It’s now terribly easy to hack an ATM machine. You can find instructions on YouTube.”
He suggested that banks increase security presence around ATMs, as the perpetrator must be physically present at the machine in order to install the malware and get the money.