Hacking gang steals US$45m in ATM breach
Source: Agencies |
May 11, 2013, Saturday
|
Print Edition
Print Edition
THE sophistication of a global network of thieves who drained cash machines around the globe of an astonishing US$45 million in mere hours sent ripples through the security world, not merely for the size of the operation and ease with which it was carried out, but also for the threat that more such thefts may be in store.
Seven people were arrested in the US, accused of operating the New York cell of what prosecutors said was a network that carried out thefts at ATMs in 27 countries from Canada to Russia. Law enforcement agencies from more than a dozen nations were involved in the investigation, US prosecutors in New York said on Thursday.
"Unfortunately these types of cybercrimes involving ATMs, where you've got a flash mob going out across the globe, are becoming more and more common," said Rose Romero, a former federal prosecutor and regional director for the US Securities and Exchange Commission.
"I expect there will be many more" of these types of crimes, she said.
Brooklyn US Attorney Loretta Lynch, who called the theft "a massive 21st-century bank heist," announced the case on Thursday.
How it worked
Hackers got into bank databases, eliminated withdrawal limits on pre-paid debit cards and created access codes. Others loaded that data onto any plastic card with a magnetic stripe - an old hotel key card or an expired credit card worked fine as long as it carried the account data and correct access codes.
A network of operatives then fanned out to rapidly withdraw money in multiple cities, authorities said. The cells would take a cut of the money, then launder it through expensive purchases or ship it wholesale to the global ringleaders. Lynch didn't say where they were located.
It appears no individuals lost money. The thieves plundered funds held by the banks that back up prepaid credit cards, not individual or business accounts, Lynch said.
There were two separate attacks in this case, one in December that reaped US$5 million worldwide and one in February that snared about US$40 million in 10 hours with about 36,000 transactions. The scheme involved attacks on two banks, Rakbank in the United Arab Emirates and the Bank of Muscat in Oman, prosecutors said.
Double the amount
Such ATM fraud schemes are not uncommon, but the US$45 million stolen in this one was at least double the amount involved in previously known cases, said Avivah Litan, an analyst who covers security issues for Gartner Inc.
Middle East banks and payment processors are "a bit behind" on security and screening technologies that are supposed to prevent this kind of fraud, but it happens around the world, she said.
"It's a really easy way to turn digits into cash," Litan said.
Some of the fault lies with the ubiquitous magnetic strips on the back of the cards. The rest of the world has largely abandoned cards with magnetic strips in favor of ones with built-in chips that are nearly impossible to copy. But because US banks and merchants have stuck to cards with magnetic strips, they are still accepted around the world.
Lynch would not say who masterminded the attacks globally, who the hackers are or where they were located, citing an ongoing investigation.
The New York suspects were US citizens originally from the Dominican Republic who lived in the New York City suburb of Yonkers. They were charged with conspiracy and money laundering. If convicted, they each face 10 years in prison.
Seven people were arrested in the US, accused of operating the New York cell of what prosecutors said was a network that carried out thefts at ATMs in 27 countries from Canada to Russia. Law enforcement agencies from more than a dozen nations were involved in the investigation, US prosecutors in New York said on Thursday.
"Unfortunately these types of cybercrimes involving ATMs, where you've got a flash mob going out across the globe, are becoming more and more common," said Rose Romero, a former federal prosecutor and regional director for the US Securities and Exchange Commission.
"I expect there will be many more" of these types of crimes, she said.
Brooklyn US Attorney Loretta Lynch, who called the theft "a massive 21st-century bank heist," announced the case on Thursday.
How it worked
Hackers got into bank databases, eliminated withdrawal limits on pre-paid debit cards and created access codes. Others loaded that data onto any plastic card with a magnetic stripe - an old hotel key card or an expired credit card worked fine as long as it carried the account data and correct access codes.
A network of operatives then fanned out to rapidly withdraw money in multiple cities, authorities said. The cells would take a cut of the money, then launder it through expensive purchases or ship it wholesale to the global ringleaders. Lynch didn't say where they were located.
It appears no individuals lost money. The thieves plundered funds held by the banks that back up prepaid credit cards, not individual or business accounts, Lynch said.
There were two separate attacks in this case, one in December that reaped US$5 million worldwide and one in February that snared about US$40 million in 10 hours with about 36,000 transactions. The scheme involved attacks on two banks, Rakbank in the United Arab Emirates and the Bank of Muscat in Oman, prosecutors said.
Double the amount
Such ATM fraud schemes are not uncommon, but the US$45 million stolen in this one was at least double the amount involved in previously known cases, said Avivah Litan, an analyst who covers security issues for Gartner Inc.
Middle East banks and payment processors are "a bit behind" on security and screening technologies that are supposed to prevent this kind of fraud, but it happens around the world, she said.
"It's a really easy way to turn digits into cash," Litan said.
Some of the fault lies with the ubiquitous magnetic strips on the back of the cards. The rest of the world has largely abandoned cards with magnetic strips in favor of ones with built-in chips that are nearly impossible to copy. But because US banks and merchants have stuck to cards with magnetic strips, they are still accepted around the world.
Lynch would not say who masterminded the attacks globally, who the hackers are or where they were located, citing an ongoing investigation.
The New York suspects were US citizens originally from the Dominican Republic who lived in the New York City suburb of Yonkers. They were charged with conspiracy and money laundering. If convicted, they each face 10 years in prison.
- About Us
- |
- Terms of Use
- |
-
RSS - |
- Privacy Policy
- |
- Contact Us
- |
- Shanghai Call Center: 962288
- |
- Tip-off hotline: 52920043
- 沪ICP证:沪ICP备05050403号-1
- |
- 互联网新闻信息服务许可证:31120180004
- |
- 网络视听许可证:0909346
- |
- 广播电视节目制作许可证:沪字第354号
- |
- 增值电信业务经营许可证:沪B2-20120012
Copyright © 1999- Shanghai Daily. All rights reserved.Preferably viewed with Internet Explorer 8 or newer browsers.
