The Stack Archive

Thai ATMs hacked, 12M baht stolen

Wed 24 Aug 2016

Thailand ATMs

The Government Savings Bank of Thailand shut down 3,000 ATMs today after 21 machines were hacked, resulting in a loss of over 12 million baht ($350,000 US). 200 additional ATMs have been found to be infected with malware.

Hackers targeted the state-owned Government Savings Bank (GSB) in Thailand. They waited until ATM software was infected with malware that disconnected the machine from the bank’s network, then inserted cards into GSB’s ATMs, causing them to dispense cash, some up to one million baht at a time.

Because the ATMs were disconnected from the bank network, the loss was not discovered immediately. Also, the alarms that were triggered were discounted, as the hackers had repeatedly set off false alarms in advance of the attack to mislead bank security personnel.

The money was stolen from the bank itself, not from customer accounts. Investigators have noted similarities between the malware heist in Thailand and previous attacks in Taiwan and Malaysia earlier this year.

Last month, three suspects were arrested in Taiwan using a malware hack to access money from First Bank ATM machines. Several additional suspects fled the country, some now suspected of making their way to Thailand to continue their illegal activities. The Taiwan hackers, believed to be of Eastern European origin, made off with over $2 million US.

Police General Panya Mamen said, “As of now the evidence we have found makes us confident that this group is linked to the gang who committed a similar robbery in Taiwan.” Thai police asked citizens to be on the lookout for strange behavior by foreigners at cash machines, noting that the hackers behind the heist spent a long time at each machine, usually late at night.

The national Bank of Thailand has warned that 10,000 cash machines in the country are still vulnerable to malware attacks. The GSB has closed approximately half of their network of 7,000 ATMs indefinitely until a preventative measure is found. They are currently working with NCR, the manufacturer of the ATM machines, to repair the affected ATMs and prevent a recurrence.

Customers of the Government Savings Bank can still access one of the approximately 600 ATM machines located at bank branches, which are heavily guarded and secure.


Asia cybercrime news security Thailand
Send us a correction about this article Send us a news tip