Upgrade ATM Operating Systems To Prevent Hacking

KUALA LUMPUR, Oct 1 (Bernama) -- There are measures that can be taken by banks to withstand their automated teller machines (ATMs) from cyber attacks, which include upgrading their computer operating systems. Such pre-emptive measures could be effective following what is believed to be a Latin American syndicate involved in the hacking of at least 17 ATMs in Malaysian states of Selangor, Johor and Malacca and carting away almost US$914,153 (RM3 million) last week. The group is believed to have hacked into the ATMs' system by using telephone SIM cards and sophisticated telephone technology but individual accounts of the banks were not breached. An international computer security software company based in the United States, Symantec, suggests that banks upgrade the computers to a supported operating system such as Windows 7 or 8. On its website at www.symantec.com, the company said banks should provide adequate physical protection and consider closed-circuit television (CCTV) camera monitoring for their ATMs. Symantec said other measures were by locking down the BIOS of the computer to prevent booting from unauthorised media, such as CD ROMs or USB sticks. It suggested using full-disk encryption to help prevent disk tampering and using a system lockdown solution such as Symantec Data Center Security: Server Advanced (previously known as Critical System Protection). It said by applying the steps, attackers might find some difficulties in compromising the ATMs without a complicit insider. According to the company, older ATMs run on Windows XP are vulnerable against cyber attacks by cyber criminals using sophisticated techniques, especially when they are deployed in remote locations. "The other matter that needs attention is ensuring adequate physical security of the computer inside the ATMs to withstand such attacks," it said. Meanwhile, former Malaysian Inspector-General of Police, Musa Hassan said financial institutions in the country should take the initiative to frequently update their automated teller machine (ATM) computerisation system to prevent cyber criminals from hacking into them. He said banks should be aware of the need to update fast changing technology to prevent their systems from being easily hacked. "There are too many smart people in IT now, we should have a strong security system to ensure hacking incidents are not repeated," said Musa, who is also the president of the Malaysian Community Crime Concern Organisation (MCCC), when contacted by Bernama, Tuesday. Musa said readiness to upgrade computerisation systems is a serious matter which cannot be taken lightly. He said the banks should monitor their officers as they may be involved in colluding with the syndicate. "Banks should also check the background of potential candidates before recruiting them," he said. Crime analyst Akhbar Satar proposed the need for a new software which can detect suspicious items in the existing software. "As an example, if a certain transaction was repeatedly made in large amounts, the bank will be alerted," he said. He also proposed that banks set up closed circuit television (CCTV) system at the places where ATMs are located, to monitor the situation directly. --BERNAMA