THIS STORY TOPS WHATEVER YOU HAVE HEARD SO FAR WHEN IT COMES TO CYBERCRIMES - AND WHY YOUR BANK CAN'T BE TRUSTED WITH YOUR MONEY.
Cyberthieves Looted A.T.M.’s of $45 Million in Just Hours
By MARC SANTORA
Published: May 9, 2013
It was a huge bank heist – but a 21st-century version in which the robbers never wore ski masks, threatened a teller or set foot in a vault.
Multimedia
Yet, in two precision operations that involved people in more than two dozen countries acting in close coordination and with surgical precision, the organization was able to steal $45 million from thousands of A.T.M.'s in a matter of hours.
In New York City alone, the thieves responsible for A.T.M. withdrawals struck 2,904 machines over 10 hours on Feb. 19, withdrawing $2.4 million.
On Thursday, federal prosecutors in Brooklyn unsealed an indictment charging eight members of the New York crew – including their suspected ringleader who was found dead in the Dominican Republic on April 27 — offering a glimpse into what the authorities said was one of the most sophisticated and effective cybercrime attacks ever uncovered.
“In the place of guns and masks, this cybercrime organization used laptops and the Internet,” said Loretta E. Lynch, the United States attorney in Brooklyn. “Moving as swiftly as data over the Internet, the organization worked its way from the computer systems of international corporations to the streets of New York City, with the defendants fanning out across Manhattan to steal millions of dollars from hundreds of A.T.M.'s in a matter of hours.”
The indictment outlined how they were able to steal data from banks, relay that information to a far-flung network of “cashing crews,” and then launder the stolen money by buying high-end luxury items like Rolex watches and expensive cars.
In the first robbery, hackers were able to infiltrate the system of an unnamed Indian credit-card processing company that handles Visa and MasterCard prepaid debit cards.
The hackers – who are not named in the indictment – proceeded to raise the withdrawal limits on prepaid MasterCard debit accounts issued by the National Bank of Ras Al-Khaimah, also known as RAKBANK, which is in United Arab Emirates.
By eliminating the withdrawal limits, “even a few compromised bank account numbers can result in tremendous financial loss to the victim financial institution,” the indictment states.
With five account numbers in hand, the hackers distributed the information to individuals in 20 countries who then encoded the information on magnetic stripe cards.
On Dec. 21, the “cashing crews” made 4,500 A.T.M. transactions worldwide, stealing $5 million, according to the indictment.
But that robbery was just a prelude for what prosecutors said was a more brazen crime that took place two months later.
On Feb. 19, “cashing crews” stood at A.T.M.'s across Manhattan and in two dozen other countries waiting for word to spring into action.
This time, the hackers infiltrated a credit-card processing company based in the United States that also handles Visa and MasterCard prepaid debit cards. The company’s name was not revealed in the indictment.
After securing 12 account numbers for cards issued by the Bank of Muscat in Oman and raising the withdrawal limits, the cashing crews were set in motion. Starting at 3 p.m., the crews made 36,000 transactions and withdrew about $40 million from machines in the various countries in about 10 hours. In New York City alone, a team of eight people made 2,904 withdrawals, stealing $2.4 million.
Surveillance photos of one suspect hitting various A.T.M.'s showed the man’s backpack getting heavier and heavier, Ms. Lynch said, comparing the robbery to the caper at the center of the movie “Ocean’s 11.”
“New technologies and the rapid growth of the Internet have eliminated the traditional borders of financial crimes and provided new opportunities for the criminal element to threaten the world’s financial systems,” said Steven Hughes, a Secret Service special agent, who participated in the investigation. “However, as demonstrated by the charges and arrests announced today, the Secret Service and its law enforcement partners have adapted to these technological advancements and utilized cutting edge investigative techniques to thwart this cybercriminal activity.”
The authorities did not immediately provide details about how they became aware of the operation or whether any other arrests have been made in connection with the case.
While the indictment suggests a far-reaching operation, there are no details about the people responsible for conducting the computer hacking or who might be leading the global operation. Law enforcement agencies in more than a dozen countries, including Japan, Canada, Germany and Romania, have been involved in the investigation, prosecutors said.
The authorities said the leader of the New York cashing crew was Alberto Lajud-Peña, 23, who also went by the name Prime. His body was found in the Dominican Republic on April 27 and prosecutors said they believe he was killed.
Seven other people were charged with conspiracy to commit “access device fraud” and money laundering. The prosecutors said they were all American citizens and were based in Yonkers.
The indictment says that the defendants “invested the criminal proceeds in portable luxury good, such as expensive watches and cars.”
The authorities have already seized hundreds of thousands of dollars from bank accounts, two Rolex watches and a Mercedes S.U.V., and are in the process of seizing a Porsche Panamera.
No comments:
Post a Comment