Taiwan seeks 2 Russian suspects in $2 million ATM malware heist
Combining cybercrime with daylight robbery after a typhoon battered greater Taipei, the suspects may have used a cellphone to trigger 41 First Bank ATMs to dispense fat wads of billstech Updated: Jul 13, 2016 16:19 IST
Taiwan investigators suspect two Russian nationals hacked into a major domestic bank’s ATMs last weekend, using malware to withdraw more than $2 million from dozens of machines in the country’s first recorded case of its kind.
Combining cybercrime with daylight robbery after a typhoon battered greater Taipei, the suspects may have used a cellphone to trigger 41 First Bank ATMs to dispense fat wads of bills, investigators said on Wednesday. In each case, the still-at-large suspects took the money and left quickly, filmed on close-circuit TV cameras.
As Taiwan officials continue to piece together how the crime was committed, the theft shows growing boldness in attacks on ATMs in Asia. In May, a gang stole $13 million from Japanese ATMs in a three-hour, 14,000 withdrawal spree.
Since discovering the theft on Monday, a range of Taiwan’s biggest state-run banks have frozen withdrawals from nearly 1,000 ATMs of the kind used in the heist, supplied by Germany’s Wincor Nixdorf. About 4 percent of Taiwan’s national ATM network of 27,200 machines is affected, leaving customers obliged to use other machines.
The Ministry of Justice’s Investigation Bureau on Wednesday said two Russian suspects have been identified, but declined to disclose their names. It said it believed the pair left Taiwan early on Monday, and was still investigating whether a possible third one might have been involved.
“So far we think it could have been done remotely, such as via a cellphone, laptop or hacked First Bank staff PC,” said Lin Cheng-hsien, a spokesperson for the bureau.
First Bank reported $70 million ($2.2 million) was stolen from its ATMs in hits that investigators said took place at various times during both daytime and nightfall.
Investigators have identified three different malware programmes that were used to trigger withdrawals. “After testing the malware, we confirmed hacked ATMs will dispense cash immediately according to the malware,” the bureau said in a statement.
The raid on Wincor machines comes as its agreed 1.7 billion euro ($1.88 billion) acquisition by U.S. peer Diebold moves closer to its expected closure this summer, creating a global leader in ATMs with a market share of about 35 percent.
Wincor said it had been informed about concerted attacks on its ATMs in Taiwan.
“Attacks follow a similar pattern, irrespective of their make or brand, and we as well as the banks are aware of them,” a Wincor official in Germany told Reuters by email. “The details of the attack are being examined by the police, banks as well as experts from Wincor Nixdorf. To support the local teams we have sent security experts.”
Officials of Taiwan’s banking regulator, the Banking Bureau, declined to comment on the details of the incident, beyond saying First Bank will have to take the loss. It said, however, First Bank’s users will not be affected and it will ask local banks to establish monitoring system of their ATMs over the next month.
At least four major state-run financial institutions, including First Bank, Chang Hwa Bank, Taiwan Cooperative Bank and Chunghwa Post Co., suspended cash withdrawals service on their ATMs as a precaution.
They didn’t say when the service would be restored, nor whether the suspension might affect their financial performance.