Police have sought Interpol's assistance in tracking down an eastern European gang suspected of stealing more than 12 million baht in cash from ATMs while looking into the possibility the gang had local help.
The gang hacked into ATMs using malware to trigger cash withdrawals in early July. The attack came to light on Tuesday when the state-run Government Savings Bank (GSB) shut down half of its ATMs.
GSB has reported that 21 ATMs in six provinces -- Phuket, Surat Thani, Chumphon, Prachuap Khiri Khan, Phetchaburi and Bangkok -- were compromised and reconfigured to release millions of baht in cash.
Pol Gen Panya Mamen, who is supervising the investigation, said Thai authorities have sent alerts to Interpol after finding some members of the gang had fled the country.
He said investigators have evidence implicating five eastern Europeans in the operation and will seek warrants for their arrests. The suspects, who entered Thailand several times, are allegedly linked to a gang found to have cleaned out ATMs in Taiwan, also in July this year.
"We have key information such as the vehicles they used and the places they stayed. Some have fled the country but we believe others remain," he said.
He said authorities are also investigating if Thais had a hand in the cash thefts that, according to GSB, have not targeted customers' deposits.
He said the Central Investigation Bureau, the Immigration Bureau, and the Office of Police Forensic Science are acting as support units in the investigation.
According to Pol Gen Panya, the thefts took place between July 7 and 30 -- the same time as the ATMs in Taiwan were hacked, when the suspects used malware programs to tamper with the ATMs and withdrew almost 100 million baht from several machines.
The GSB found out about the thefts of its ATM machines early this month and lodged a complaint with police. He said the attacks on GSB are also similar to a 2014 cash heist in Malaysia.
Some GSB ATMs dispensed more than one million baht while others dispensed tens of thousands of baht depending on how much was left, Pol Gen Panya said. He said police will discuss the attacks with state agencies tomorrow.
Boonson Jenchaimahakoon, senior executive vice-president of GSB, said ATM manufacturers have updated their security software to guard against hacking but the hacking technique is new.
According to Mr Boonson, the hackers must have understood the inner working of ATMs and to do so they need a machine to study.
However, previously it was impossible to buy an ATM because the makers would not sell to anyone but banks.
He said the curbs on sales changed in some foreign countries where cash dispensers, known as white label ATMs, were sold to independent operators which are not major financial institutions.
Mr Boonson said the GSB's ATMs were singled out partly because they were located in isolated areas as part of the bank's policy to expand banking services.
He said the bank is considering leasing ATMs to minimise risks.
GSB president Chartchai Payuhanaveechai said the manufacturer of the ATMs targeted for the thefts is working on software programs to enhance security. The task will take one or two weeks.
The bank has shut down ATMs made by this firm until they are secure.
He said investigators have not ruled out an inside job even though evidence points to foreign criminal gangs.
Representatives of the GSB met Wednesday with investigators but declined to discuss the meeting.
Somnuek Puangpornpitak, a cyber security specialist at Mahasarakham University, criticised the GSB for having lax security, saying hacking attacks on ATMs which turn them into virtual jackpot machines spewing cash are not new.
He said other commercial banks using this type of ATM adopt proper defence measures.
However, he said this kind of attack does not affect bank customer deposits but is designed to tamper with ATMs and their cash dispensing function.
He suggested the banking industry form a working group to monitor cyber crimes to ensure their systems are not exposed to criminal activity.
Vites Techangam, vice-president of Krungthai Bank, said the bank, which also uses this type of ATM, has invested heavily in security.
He said security software programs are installed to detect and prevent attacks. The banking industry, ATM manufacturers and software developers are working on the problem, he said.