Believed to be the work of an international syndicate, computer systems of a few automated teller machines (ATM) were hacked using phone SIM card and sophisticated technology and stacks of cash were drained out. The incident shocked the banking industry, as well as the police.According to the police, the ATM machines belong to three banks in the country, namely Affin Bank, Al Rajhi Bank and Islamic Bank. The suspects are believed to be from Latin America and West Asia. In several groups, they hacked the ATM machines in Johor, Malacca and Selangor in three days, from Aug 26-28. Fifteen ATM machines were hacked, draining out RM3 million in total.
The incident has again sounded the alarm for bank security in the country, while hitting the reputation and image of banks. Bank operators are now feeling extremely nervous and have stepped up security measures. Meanwhile, bank account holders are worried that their personal information might have been leaked, leading to the worry that their bank account balances might also have been compromised.
Fortunately, the Association of Banks Malaysia (ABM) has issued a statement, saying that no customer account balance of the affected banks was compromised and the money that was drained out was cash in the machines. Therefore, only the banks are facing losses.
In fact, it is not the first time for ATM machines to become the target of theft. However, those involved in the crime were mostly locals in the past, who violently damaged the machines to take cash or used fake card readers or hidden cameras to steal STM card numbers and passwords. This time, the group of suspects have used advanced technology to open the top panels of the machines without using a key and inserted a compact disc into the machines' processing centres which caused the ATM’s system to reboot before using a keyboard to hack into the system and take out money. They are able to break the banks' computer systems or change the ATM machines' decoders, and easily take away the money without creating any disturbance.
It showed that criminals are ubiquitous and they have been "internationalised", "educated" and "high-technologicalised", making it very hard to prevent. Banks and ATM machine manufacturers should take this issue more seriously, as well as take appropriate measures to strengthen the security systems of banks and ATM machines, while patching up existing loopholes. They must find ways to minimise the opportunities for criminals to commit crimes, if not being able to completely prevent the criminal acts.
We noted that the crimes were committed either after office hours or on weekends. It showed that how to strengthen security during non-office hours is the focus that must be seriously studied by banks and the police.
We also found that in one of the cases, two suspects had spent two hours to withdraw a total of RM260,000 cash from an ATM machine for 137 times from 8.35am to 10.44 am before fleeing away. In addition to showing how brazen the suspects were, didn't it expose the existence of a serious loophole in the bank's security system? Isn't it necessary for the bank to seriously review and try to rectify its weaknesses to prevent recurrence of similar incidents?
The situation needs to be remedied and we hope that the banks can closely cooperate with the police by providing useful clues. The criminals need to be brought to justice to safeguard the reputation of our banking industry and restore public confidence in them.
Translated by SOONG PHUI JEE Sin Chew Daily
-----------------------------------------------------------more-----------
The Spate of ATM hacks continues ..... RM450,000 stolen from machines at three bank branches
KUALA LUMPUR - ATMs at three more bank branches have been hacked and almost RM450,000 stolen as police launched a nationwide hunt for the Latin American suspects responsible for the thefts.
The spate of ATM hacks continued with the United Overseas Bank (UOB) branch in Jalan Imbi yesterday reporting a RM92,900 theft by one of the hackers.
Kuala Lumpur police said CCTV footage showed the suspect going in and out of the bank four times, changing his outfit each time.
“At the ATM, the man took out a handphone and was able to withdraw money without touching any buttons on the machine. We received a report after the bank discovered the hacking while doing an audit on Monday,” a source said.
In Malacca, bank managers of the Affin Bank and Al Rajhi Bank branches in Taman Melaka Raya lodged police reports saying that their ATMs were missing a total of RM355,570 in cash.
Malacca police chief Senior Asst Comm Datuk Chuah Ghee Lye said both managers lodged reports after discovering from CCTV footage that groups of two to three suspects used the same modus operandi and withdrew money from their ATMs.
The Al Rajhi Bank branch reportedly lost RM232,770, which was withdrawn by two suspects, while the Affin Bank branch lost RM122,800 to three suspects.
“It was the same thing that happened in other states,” SAC Chuah said.
So far, there have been 18 reported cases of ATMs being hacked into, with about RM3.1mil in cash drained out of the machines.
Federal police have launched Ops Albatross, a nationwide hunt to track down the suspects and released pictures of five Latin American men caught on CCTV as they were hacking into and withdrawing money out of the ATMs.
Bukit Aman Commercial Crime Investigation Department (CCID) Director Comm Datuk Seri Mortadza Nazarene revealed that the suspects opened the top panel of the ATM and inserted a disc into the machine’s CD-ROM drive to infect it with a virus.
After taking out the CD, they closed the panel and syndicate members would then withdraw all the money out of the ATM by keying in codes, which they received via telephone from an accomplice.
The suspects would also jam the ATM slots with objects like SIM cards, paper or cigarette butts to stop other bank customers from withdrawing cash.
Bukit Aman CCID deputy director Comm Datuk Hamzah Taib said that all the ATMs targeted could be opened by a master key.
“Every kiosk should have a different key but that’s not the case here,” Comm Hamzah said, refuting possibilities that the suspects had inside help from the banks targeted.
“From the looks of it, they really didn’t need help to do what they did,” he said.
The public with information can assist police in investigations by contacting SAC Kamaruddin at 019-600-0135 or 03-261-6839.
No comments:
Post a Comment