Upgrade ATM operating systems to prevent hacking, says software company

There are measures that can be taken by banks to withstand their automated teller machines (ATMs) from cyber attacks, which include upgrading their computer operating systems.

Such pre-emptive measures could be effective following what is believed to be a Latin American syndicate involved in the hacking of at least 17 ATMs in Selangor, Johor and Malacca and carting away almost RM3 million last week.

The group is believed to have hacked into the ATMs' system by using telephone SIM cards and sophisticated telephone technology but individual accounts of the banks were not breached.

An international computer security software company based in the United States, Symantec, suggests that banks upgrade the computers to a supported operating system such as Windows 7 or 8.

On its website at www.symantec.com, the company said banks should provide adequate physical protection and consider closed-circuit television (CCTV) camera monitoring for their ATMs.

Symantec said other measures were by locking down the BIOS (Basic Input/Output System) of the computer to prevent booting from unauthorised media, such as CD ROMs or USB sticks.

It suggested using full-disk encryption to help prevent disk tampering and a system lockdown solution such as Symantec Data Center Security: Server Advanced (previously known as Critical System Protection).

The company said by applying the steps, attackers might find some difficulties in compromising the ATMs without a complicit insider.

According to the company, older ATMs run on Windows XP are vulnerable against cyber attacks by cyber criminals using sophisticated techniques, especially when they are deployed in remote locations.

"The other matter that needs attention is ensuring adequate physical security of the computer inside the ATMs to withstand such attacks," it said.