Hackers Drain $2 Million From Taiwanese ATMs Without A Bank Card, Baffling Authorities

Automatic teller machines offer a lot of convenience to consumers, but their core design also makes them super attractive to criminals. Card scanners secretly installed on ATMs is a major issue in some countries, and it’s no surprise why: it’s such a hands-off attack, requiring mere deployment and retrieval. These attacks can affect anywhere from dozens to hundreds of unsuspecting bankers.

According to CNNMoney, there’s an even more severe variant of this attack that’s just struck Taiwan – and it doesn’t require a scanner to execute, or even a bank card, for that matter.

This past Sunday, hackers managed to trick ATMs into releasing money even though a bank card wasn’t inserted, with authorities immediately believing that it was accomplished entirely through malware. How that malware got in is the big question at this point. When infected, this malware allowed the attackers to siphon funds from the machine in mere minutes. This quickness allowed them to approach numerous machines to walk away with a substantial amount of money. Authorities say that the attackers are likely from Russia and eastern Europe, presumably based on surveillance footage.

While the story doesn’t specifically mention which types of ATMs were affected, the ATM vendor, Wincor Nixdorf, creates “smart” ATMs which would could have a much more robust OS under-the-hood than standard ATMs, and thus could be more prone to this type of attack.

Both Taiwanese authorities and Wincor Nixdorf have their people looking at how this could have happened. At this point, we don’t know if this kind of attack could only affect Wincor Nixdorf ATMs, or others that use similar software. Either way, this is a problem that, quite understandably, needs to be tackled really quickly.