Taiwan is trying to figure out how hackers managed to trick a network of bank ATMs into spitting out millions.

Police said several people wearing masks attacked dozens of ATMs operated by Taiwan’s First Bank on Sunday. They spent a few minutes at each of the machines before making off with the equivalent of $2 million stashed in a backpack.

They didn’t use bank cards but rather appeared to gain control of the machines with a “connected device,” possibly a smartphone, the police said in a statementThursday. Craig Young, Security Researcher at Tripwire commented below.

Craig Young, Security Researcher at Tripwire:

CraigYoung“It may be that attackers have found another ATM jackpotting technique like the ones demonstrated by Barnaby Jack at Black Hat USA 2010.  These attacks used malware to reprogram the machine so that a button sequence would dispense cash.  Some ATMs have network management systems with well-known default passwords and in many cases thieves access USB ports to load malware from a flash drive.  From the description, it sounds like these thieves likely had installed malware ahead of time enabling a wireless connection to “jackpot” the ATMs.  It is also possible that a vulnerable wireless service could allow unauthorized access from hackers.”

Information Security Buzz