Back in the late 80's, I worked as a programmer with ATMs and other ETF. It is easy for a programmer to put a backdoor into the ATM software. However, once it is discovered, it is equally easy to determine who did it, because software changes (and who was involved with them) are carefully tracked. However, I hope Caverly was indeed the culprit. A smart insider thief would first steal a co-worker's login and frame his co-worker as the culprit. But then he would need to hide his ill-gotten gains very carefully, else he could still be suspect. BofA is well aware of how little they pay their programmers.
Also, it almost has to be an insider. The tech services building will have 10 times the security a branch office has, even though their isn't a penny of cash kept there. Where I worked, you couldn't even get in the parking lot without swiping your ID card and then being buzzed in by security who ID'd you from remote cameras. Then you had to swipe and get buzzed into the building by security. Then you had to swipe to move around inside the building. Your ID card only let you into the hallways you were allowed in. I think you could sneak into the White House easier than into a bank's computer room. The ATMs are not connected to the Internet. It would take some serious Mission Impossible stuff for an outsider to do this.