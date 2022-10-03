As a result of Hyosung's breaches, TransFund suffered damages in excess of $11,483,703, including more than $7.3 million in cash, according to the lawsuit.

BOKF on Monday declined to comment on the federal filing. Nautilus Hyosung America wrote in a late Monday email that it is reviewing the complaint.

"The allegations made regarding the security of its ATMs are false," the company wrote. "The complaint omits BOK Financial’s decision not to acquire the encryption and security software. We will respond in due course."

The two companies entered into an equipment, software and services agreement in August 2019, and delivery and installation of the Hyosung model 5600 ATMs began in June 2020.

In the 5600s, Hyosung located the hard drive inside the ATM underneath what is called, in the trade, a "top hat," which is secured with a mechanical lock and key, the complaint says. The Hyosung top hat was made of plastic.

TransFund requested that the top hats be secured with locks and keys unique to TransFund for each ATM, but Hyosung installed the ATMs with universal locks and keys, according to the lawsuit.

Further, Hyosung installed the ATM routers, with limited exceptions, outside the ATMs, providing an easy target and easy access by criminals to conduct "jackpotting, or "man in the middle attacks" by the installation of malware devices placed between the router and the ATM, records show.

Hyosung, TransFund claims, defectively designed, manufactured and installed its model 5600 ATM with software that failed to provide adequate security against theft.

In each "jackpotting" attempt, the attacker either used a box knife, a pocket knife or scissors to cut a hole in the plastic top hat through which access to the ATM hard drive was easily obtained, or the attacker was able to access the ATM hard drive because Hyosung had failed to use a lock and key unique to TransFund for the ATM, the complaint claims.

In either case, the attacker easily withdrew the hard drive from the ATM and/or attached a small keyboard to the ATM hard drive by which the attacker installed software specifically designed to gain unauthorized access to the ATM computer system (the malware) and withdraw cash from the machine.

In each man-in-the-middle attack, the attacker secretly placed devices that intercepted and relayed messages by means of the exposed router, with the devices connected between the TransFund ATM and the exposed router. These devices then would switch and change the transaction from a denial message to an approval message, which was sent to the ATM to withdraw cash from the machine, the complaint states.