Continued use of obsolete systems led to recent ATM hacks


KUALA LUMPUR: The spate of Automated Teller Machines (ATM) hacks last month were due to financial institutions' continued use of obsolete operating systems and lack of "penetration testing", opined an IT security consultant.

Jacco Van Tuijl, who conducts penetration testing (sanctioned hacking into systems to determine their vulnerability to attacks) for banks in the Netherlands, pointed out that many ATMs still use the now-obsolete, 13-year-old Windows XP operating system.

This leaves systems and ATMs vulnerable to hacking attacks as Microsoft has since stopped providing support and security updates to the operating system.

Van Tuijl said banks and financial institutions should update their operating software to a current, supported version to avoid being victims of hackers.

"It would be tough to protect against any kind of malware. Every day, new vulnerabilities are published," he told The Star Online at the Hack in The Box security conference recently.

"You can't have a machine and leave it without doing proper patching," he said, pointing out that Microsoft, for example, released security patches for its products every Tuesday.

Another IT security consultant, Dr Stefano Zanero, said that the recent ATM hacking cases showed the importance of physical security of the ATMs, as the incidents showed the how easily the machines were tampered with.

He said this sort of defect would have been detected if the banks had hired penetration testers to test out their systems.

"The ATM is basically a computer. We have conducted penetration tests and were able to access USB ports inside of ATMs by cutting through the metal.

"While network security is important, so is physical security," said Dr Zanero.

Last month, a gang exploited flaws in the authentication process to hack into at least 14 ATMs in Selangor, Johor and Malacca, and got away with almost RM3mil.

Police said the suspects hacked the machines by inserting a disc into the ATMs' CD-ROMs that would then infect the machines with a virus or malware.

The ATMs are believed to have been using the Windows XP system.

Van Tuijl said the gang would have had physical access to an ATM to test their malware.

"Software and malware development is about trial and error. It would have taken a lot of testing," he said.

He added that the gang would have been well-organised, comprising people with various skill sets.

Dr Zanero said that the attacks against ATMs was not specific to Malaysia and occurred in other parts of the world as well.

He said that similar cases were recorded in Russia and Middle East recently.

Get 20% OFF The Star Digital Access

Monthly Plan

RM 13.90/month

RM 11.12/month

Billed as RM 11.12 for the 1st month, RM 13.90 thereafter.

Best Value

Annual Plan

RM 12.33/month

RM 9.87/month

Billed as RM 118.40 for the 1st year, RM 148 thereafter.

Follow us on our official WhatsApp channel for breaking news alerts and key updates!
ATM hack , Banking , Security , Operating systems

Next In Nation

Temperatures set to rise
Another old bomb found near Labuan Airport runway
334 crocs captured in Peninsular Malaysia since 2024
Edging closer as habitats shrink
KJ: Ignore personal attacks and campaign prudently
France attack leaves Abbas Saad in awe
Smooth rollout for 10-year passport
Return to cast your ballots, young voters urged
Mah: Look at�track record of candidates
A promise of love and resilience

Others Also Read