PETALING JAYA: A cybercrime expert said all you need is a RM100 chip, some technical knowledge and free malware obtained over the Internet to hack Automated Teller Machines (ATMs).
Speaking exclusively to FMT in regard to the recent hacking of 17 ATMs, he said, “What you need is a mastermind, a RM100 computer chip and possibly a bank ‘insider’ to execute the attacks.”
Explaining the intricacies of the hacking, he said, “He (the hacker) will know where the locks and connections are, the model of the machine, the level of security and the version of the operating system.”
He added that the mastermind would then employ someone else to do the work.
He pointed out, “The guys caught on the CCTV are not the actual criminals.
“It’s like the ‘monkey see, monkey do’ situation. They can be shown what is supposed to be done without the need for any technical knowledge. They probably do not even know what they are doing.”
Explaining just how easy it was to launch such an attack, the expert further explained, “It is a simple attack as there are many free malware available online. And it is definitely something that the bank has to seriously think about.”
Saying the recent hackings have revealed the many loopholes that exist in our banking security systems, he also said it proved that if one was an ICT mastermind with technical knowledge in banking and ATM machines, one could easily wreak havoc on our banking system.
While acknowledging that the lack of technology upgrades could be a contributing factor to the security systems breach, the expert also believed the lackadaisical attitude of banks was the underlying reason for the spate of ATMs hackings.
Having worked with a local bank himself, the cybercrime expert said most banks were too laid back in their approach to security systems.
“The bank I worked for was not happy that we breached the system after doing a hacking test,” he said.
The expert was referring to a set of tests that were carried out to try to breach into the system in any way possible.
He added, “It’s either they wanted to ensure that we couldn’t find anything, or, they will hire incompetent people who will not find anything.”
Saying the 17 ATM hackings were a lesson to be learnt, he added, “Banks should look into their security seriously, and not just for the sake of compliance.
“This mentality has to be changed to build security in the DNA of the bank.”
The expert also highlighted several other weaknesses that surfaced. Among them were the use of outdated ATM operating systems like Windows XP.
He explained, “Banks have been taking things for granted because nothing like this has ever happened before.
“They depended heavily on the CCTV and in some locations, they do not even have security guards.
He also attributed the hackings to a lack of sophisticated encryption technology, explaining, “It is also because of the lack of encryption technology such as the Public Key Infrastructure (PKI).
“If the PKI was implemented, it wouldn’t have happened.”