Gap in software – hackers steal at least 70,000 francs from Swiss ATMs

Published

The alarm bells are ringing at Credit Suisse: bank robbers have cleared an ATM with manipulated codes. The ZKB also fell victim to the hackers.

1 / 8

Credit Suisse fell victim to hackers.

AFP

Robbers outwitted a major bank machine in Zurich and stole 70,000 francs.

Robbers outwitted a major bank machine in Zurich and stole 70,000 francs.

Getty Images/Wavebreak Media

To do this, they used a manipulated code.

To do this, they used a manipulated code.

Tamedia AG / Thomas Egli

  • Robbers emptied a CS ATM.

  • They used a manipulated code for this.

  • The perpetrators spent years preparing or were insiders.

Bank robbers have outwitted a Credit Suisse (CS) ATM in Zurich and emptied it. They stole around 70,000 francs, as reported by the finance blog “Inside Paradeplatz”. According to one source, a manipulated code is said to have been used. As soon as the perpetrators were given access to the inside of the ATM with the software, they would have opened the gates.

A spokesman for the bank confirmed the act, which took place over a week ago. “Devices from various banks were affected, including those from Credit Suisse,” he said to 20 Minuten.

ZKB also affected

Obviously, the problem was with the third-party ATM software that other banks use. The hackers were also at work on the machines of the Zürcher Kantonalbank (ZKB). Two ATMs were affected, as a ZKB spokesman confirmed.

However, it is not clear whether and how much money was stolen. The spokesman did not want to reveal any further details. The bank immediately installed a service and security update on all machines, the spokesman said.

At CS, too, it is said that the problem has now been solved. The measures taken could have prevented another attack. It is unclear whether the perpetrators are already known and have been caught. For CS customers, the measures mean that some ATMs will be temporarily switched off from midnight. According to a spokeswoman, the ATMs of the second major Swiss bank, UBS, were spared.

Damage to the image of those affected

For IT expert Marc Ruef from Scip AG, the ATM hack is no surprise. After all, these are only PCs. However, the effort is very great. Regular security checks require long preparation or insider knowledge. “A single professional attacker would have to deal with an ATM in detail for several years in order to be able to compromise it,” says Ruef.

Such attacks on companies are often associated with reputational damage, as Melanie Aeberhard, member of the management team at the cyber security specialist Avantec, told 20 Minuten. “Especially brands in the financial sector that are supposed to radiate security and stability are hit hard by such negative headlines,” says Aeberhard. Customers and investors might wonder how secure their data really is.

As a member, you become part of the 20-minute community and benefit from great benefits and exclusive competitions every day!