Hackers steal millions from ATMs using 'just their smartphones' Authorities in Taiwan are trying to work out how hackers managed to trick a network of bank ATMs into spitting out millions. Police suspect that two Russian nationals wearing masks cashed out dozens of ATMs operated by Taiwan's First Bank on Sunday and left the country the following day. The crooks stole an estimated T$70m ($2 …
"ATM's with wifi?"
At what point in the article does it mention anything about ATMs with wifi?
The on site thief is probably a mule simply receiving instructions from a remote person telling them which ATM and what buttons to press. Someone remote is commanding the operation, because if you're smart enough to break into the bank you're probably smart enough not to get caught on the CCTV raiding each ATM.
At best the smartphone is being used over 3G to connect back through the thieves command and control centre into a hacked bank then over the bank network to the ATM, although this is less likely.
Welcome to the Internet of Thieves - this will keep happening until the banks care more about security than profit. This sort of event is just the cost of doing business and is covered by the fees that the banks charge their punters so there's no motive to improve security.
Cheap, convenient ... and profitable - that's the way we like it.
The banks just haven't been taking IT security nearly seriously though.
When you think about it, your bank accounts are protected by a magstripe and 4 digit pin something what would be considered ludicrous for any other scenario.
You also largely trust retailers with a 16 digit card number and expiry date (and possibly CCV) that could allow them access to your current (checking) account or tens of thousands of $/€/£ on your credit card.
I can only conclude that they don't care. The financial losses are probably not yet big enough to warrant investment at least in the eyes of their accountants.
How much of this is ultimately being charged back to us in interest, transaction fees on retailers and customers, insurance premia, state bailouts and so on.
My view of it is that given the banks can't seem to manage to not need vast state bailouts due to an inability to manage risk and have pathetic IT security that's offering customers levels of protection you wouldn't accept for a social media accounts, the only conclusion is their incompetent.
This post has been deleted by its author
If banks didn't take IT security seriously, considering the number of ATM machines there are, there would be 10-20 thefts a day. Since in most countries, the bank takes the bite for any ATM hijacking, they do take it seriously.
Some banks may not take it as seriously as others, but in most larger countries, banks have gone all out to protect ATMs.
You should also know, there isn't anything which is hacker proof. NOTHING. Especially any system with external customer facing interaction, and a huge box holding a computer which goes through quite a few hands from when it leaves the factory until it gets placed into operations. So, plenty of time for someone to gain access and introduce something. A lot of companies may not take supply chain security seriously, or can be bought. You all can figure it out from there.
I do IT at a small bank, and I/we take it very seriously. I study hacking/forensics (training and on my own) so I know what to look for. I got my job because the last crew didn't. It's stressful, it's fun, I help protect the hard earned money people trust us with. I'm like the Batman you never see, but I can only dream about beating thieves with my own hands, for now.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
