Earlier we have seen hackers stealing money from ATM using infected USBs in Malaysia. But this time, it went even bigger. Lately, a Latin American gang of cyber criminals just hacked 17 ATM machines in Malaysia with new methods and stole $1.2 million!
So how did this happen? Well, according to Comm Mortadza Nazarene, chief of Malaysian Bukit Aman Commercial Crime Investigation Department, the hackers targeted multiple Automated Teller Machines (ATMs) placed at different places in Malaysia. The suspects used a computer malware known as “ulssm.exe” to hack into the ATMs.
They opened the top panel of the machine without using a key and inserted a compact disc into the machine’s processing center which caused the ATM’s system to reboot. The sophisticated gang then used a keyboard to hack into the system and take out money. Needless to say, the absence of security guard ease the gang’s task.
According to systems engineer of a bank, up to 40 notes could be taken out in a single transaction using this method. On the other hand, the investigation department has identified the suspects, thanks to CC camera, but the twist is “the guys caught on the CCTV are not the actual criminals.” Another cybercrime expert said that the hackers knew on what operating systems the ATM machines were running, the model of the machine, where the locks and connections were, the level of security of the ATM machines.
It is to be noted here that the ATM Machines were still running on Windows XP which Microsoft had stopped supporting after 8th April, 2014. In other words, even if the ATM trojan horse was discovered one day after the end-of-support date, Microsoft would not release any security patches to plug the threat.
So far, 14 bank branches belonging to Affin Bank, Al Rajhi Bank and Bank Islam have reportedly been hacked into. A total of RM303,000 was missing from the affected ATMs. Police are now searching the suspects who are responsible for the thefts across the country. The government as well as the Banks should learn a bitter lesson from it and should bring change into the systems in no time.