ATM / POS Fraud , Fraud Management & Cybercrime

Taiwan Sentences Money Mules in ATM Attacks

2 Other Arrests Made, But Authorities Still Seeking 19 More Suspects in Alleged Crime Ring
Taiwan Sentences Money Mules in ATM Attacks
ATMs in Taiwan. Source: Wikimedia

Three Eastern European men have been sentenced to five years in prison for their roles in helping a criminal gang steal $2.7 million from First Commercial Bank ATMs in Taiwan. Europol says two others involved in the thefts have been arrested in cooperation with Belarus and Romanian authorities.

See Also: Retail Threat Landscape Overview

The three men, who came from Latvia, Moldova and Romania, were dispatched by the crime ring to Taiwan for the risky operation of withdrawing the money from the infected ATMs, authorities say. Such people are referred to as money mules.

The men will be deported after serving their sentences, according to the Taipei Times. The Taipei District Prosecutors' Office, which sought 12-year sentences, has the right to appeal. Authorities are still seeking 19 other suspected money mules who fled the country after the thefts.

The banking industry has seen an uptick in attacks against ATMs. Shortly after the Taiwan attacks, three groups of men working in six provinces in Thailand commanded 21 ATMs to disgorge around $350,000 (see 'Ripper' ATM Malware: Where Will Cybercriminals Strike Next?).

The Russian security firm Group-IB said in November a criminal group nicknamed Cobalt had struck ATMs in Russia, the U.K., the Netherlands, Spain, Romania, Belarus, Poland, Estonia, Bulgaria, Georgia, Moldova, Kyrgyzstan, Armenia and Malaysia (see Report: European Banks Struck by ATM Jackpotting Attacks).

The Taiwan heists, which occurred in July 2016, struck that nation's First Commercial Bank. More than 41 ATMs made by Wincor-Nixdorf were remotely commanded to disgorge their cash in a weekend strike, Reuters reported.

ATMs are fortified to withstand physical attempts to access their internal computers. Such access, combined with security weaknesses such as open USB ports, could be used to install malware.

But the Taipei Times reported that the hackers attacked First Commercial Bank's network in London. Compromising the bank's network that way would account for the high number of ATMs affected. All but $183,500, which was taken out of the country shortly after the thefts, has been recovered.

Two Others Arrested

Europol says two other men who were allegedly part of the same organized crime ring have been arrested. The agency says it has been investigating the ring since early 2016. The Romanian National Police made one arrest and Belarusian authorities made another.

"The members of the OCG [organized crime gang] were recruited online, most of them with multiple citizenships, which allowed them to easily travel and commit crimes all over the world," Europol says.

The gang used complex methods for their attacks, Europol says. They compromised banks' internal networks after first sending spear-phishing emails with malicious attachments. If the attachments are run, a computer becomes infected with malware. Other special programs were used to delete traces of the group's activity, Europol says.

Network Weaknesses

The ATM industry has taken steps to advise banks as to how to secure their ATMs. But most of the world's cash machines still run Microsoft's Windows operating system, which experts say is a longstanding weakness.

Although ATM manufacturers issue detailed guidance about how to harden cash machines, there are many avenues for attack. Taiwan's incident stands out because the attackers compromised the bank's network from London, showing how poor security in other places has knock-on consequences.

The network attack has many more benefits for criminals. It means an on-site visit to an ATM that involves accessing or breaking into its locked cabinet is unnecessary. But it doesn't eliminate the problem of getting the cash out, and closed-circuit cameras often monitor the machines.


About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.