Gang steals RM3m from ATMs

  • Nation
  • Tuesday, 30 Sep 2014

KUALA LUMPUR: A Latin American gang exploited flaws in the authentication process to hack into at least 14 automated teller machines (ATM) in Selangor, Johor and Malacca and got away with almost RM3mil.

The ATMs hit over the past week were those at the branches of the Affin Bank, Al Rajhi Bank and Bank Islam but individual accounts of the banks were not breached.

The thieves are believed to have cloned bank credentials into Europay-Mastercard-Visa (EMV) chips on subscriber identification module (SIM) cards and reprogrammed them with a malware (malicious software).

It is learnt that the group targeted ATMs using old operating systems.

According to a cyber security expert, the malware “tricks” the ATM into allowing the transaction.

“By bypassing the authentication, they can withdraw any amount of cash,” said the expert.

He said that while the method of programming EMV chips was available online, the equipment needed was hard to come by.

“The gang would also need to know the inner workings of the banks involved,” he said.

Malaysia was the first country in the region to migrate to EMV chip-based cards in response to the widespread counterfeiting of magnetic strip credit cards in early 2000.

A recent paper presented by five Cambridge University professors highlighted weaknesses in the protocol and random number generation of the chips, exposing card users to skimming risks.

After the spate of ATM thefts were reported yesterday, police launched a special operation to track down the culprits.

A special squad comprising officers from Bukit Aman and state contingents have been deployed under Ops Godam ATM.

Federal police Commercial Crimes Investigation Department deputy director (Cyber and Multimedia Crimes) SAC Mohd Kamarudin Md Din said the gang members were still believed to be in the country.

A Selangor Commercial Crime Investigation Department spokesman described the heists as “highly professional” and something the force had never seen before.

He said police have retrieved one of the SIM cards used by the suspects from an ATM in Subang Jaya and have sent it for investigation.

Closed-circuit television (CCTV) footage from the Petaling Jaya and Subang Jaya robberies showed two Latin American men taking turns to enter the banks and withdraw money by inserting the SIM cards into the machines’ slot.

Affin Bank Bhd and Affin Islamic Bank Bhd reassured customers that their accounts had not been compromised.

“We are cooperating with the police and have put in additional control measures for ATMs at branches and off-site locations,” the banks said in a joint statement.

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3
Subscribe now to our Premium Plan for an ad-free and unlimited reading experience!

Courts & Crime , ATM , EMV , Hack , Affin


Next In Nation

Ismail Sabri: 2022 development expenditure performance at 50.35%
Over 60% of Sabahans predict GE15 will be held next year, online poll shows
Two robbery suspects arrested by Cheras police
USM lecturer, brother jailed three years for abuse of power, abetment
Cops bust fake job syndicate that trafficked 238 Malaysians, six arrested
Johor MCA all geared up for GE15, says Dr Wee
Hold off on changes to Employment Act until businesses recover, says builders group
Dr Adeeba Kamarulzaman among six recipients of prestigious Merdeka Award
Final SRC appeal: CJ asks Hisyam, 94 grounds and you're not prepared to submit on even one?
Penang gold, jewellery fair back after two-year hiatus

Others Also Read