Three Men Jailed for Taiwan ATM Heist

Written by

Three Eastern European men have been sent to prison for their part in a $2.5 million raid on ATMs in Taiwan back in July.

Latvian Andrejs Peregudovs, Mihail Colibaba from Romania and Niklae Penkov from Moldova were convicted by a Taipei court of causing damage to the public by breaching computer security, according to the BBC.

They were arrested in the capital Taipei and north-east Taiwan in July for their part in what was a major operation apparently targeting 41 First Commercial Bank in three cities on the island.

It’s unclear how long they’ll be spending behind bars, although prosecutors are said to be calling for 12 years.

A total of 19 other suspects, including a French and an Australian national, managed to flee before police could get to them.

CCTV at the time apparently showed the suspects making off with sacks full of cash – although most of the money is said to have been recovered soon after the raids.

The gang is also sought in connection with a similar campaign in July last year to steal 12 million baht ($340,000) from ATMs in Thailand.

Security vendor FireEye believes that gang used Ripper malware to interact with the machines via a specially crafted bank card.

Also last year, criminals managed to steal 1.4 billion yen ($12.7m) from Japanese ATMs in a highly co-ordinated raid on over 1000 convenience store ATMs in May – apparently using fake cards cloned from data stolen from a South African bank.

Alex Mathews, lead security evangelist at Positive Technologies, claimed vulnerable ATM software, often running on outdated operating systems like XP, is increasingly being targeted by criminal gangs around the world.“Such attacks rely on having physical access to the ATM, using anything which can upload a small amount of code,” he explained.

“There are also remote attacks that don’t rely on physical access, and travel via infection of a bank’s core network … In previous successful attacks, the ‘bank robbers’ begin their heist by sending a simple phishing letter, laden with a trojan and eventually work their way across the network until they find the computer system responsible for controlling ATMs. From here, it is possible to ‘jackpot’ many machines at once, causing them to spit out cash.”

Banks need to improve employee awareness training to spot phishing attacks, and identify and patch vulnerable systems to close down exploitable holes, Mathews advised.

A Kaspersky Lab report from April warned that virtually every cash machine in the world can be illegally accessed – either because of physical security shortcomings or software issues.

What’s hot on Infosecurity Magazine?