Security 500 conference     

 Don’t miss the networking event of the year for security executives!
Register today for the Security 500 Conference.

Cyber Security News / Retail/Restaurants/Convenience

Hackers Stole $45 Million in ATM Card Breach

May 9, 2013
/ Print / Reprints /
ShareMore
/ Text Size+

An alleged international gang of cyber thieves managed to steal $45 million from thousands of ATMs in carefully coordinated attacks conducted in a matter of hours.

 Afour-count indictment unsealed in Brooklyn charged that eight members of the alleged gang's New York City crew stole approximately $2.4 million from nearly 3,000 ATMs across the metropolitan area in secret strikes carried out on two days in February, said USA Today.

"In the place of guns and masks, this cybercrime organization used laptops and the Internet," said Brooklyn U.S. Attorney Loretta Lynch. "Moving as swiftly as data over the Internet, the organization worked its way from the computer systems of international corporations to the streets of New York City, with the defendants fanning out across Manhattan to steal millions of dollars from hundreds of ATMS."

Federal prosecutors and investigators said the alleged attacks are known in the cyber underworld as "Unlimited Operations" — because using sophisticated computer hacking techniques enable those involved to gain access to virtually unlimited criminal proceeds, said USA Today.

The schemes involve hacking into the computer systems of credit card processors, stealing information involving prepaid debit card accounts and eliminating the withdrawal limits and balances of those accounts, said USA Today. The moves enable international organized crime cells that work in swift, surgically-coordinated attacks to withdraw unlimited amounts of cash from ATMs before the operations are shut down.

According to the indictment, the alleged gang carried out two lucrative unlimited operations between October 2012 and last month. In the initial attack, hackers working with the gang on Dec. 22 allegedly targeted a credit card processor that handled prepaid MasterCard debit cards issued by the National Bank of Ras Al-Khaimah PSC, a United Arab Emirates bank also known as RAKBANK.

After penetrating the processor's computer network, the hackers fraudulently manipulated the balances and withdrawal limits on RAKBANK prepaid debit card accounts. Then, teams of so-called cashers allegedly launched carefully timed attacks that caused more than $5 million in criminal losses from more than 4,500 ATMs in about 20 countries.

In just two hours and 25 minutes, the thieves allegedly conducted 750 fraudulent transactions that withdrew nearly $400,000 from approximately 140 New York City ATM locations, according to prosecutors and the indictment.

The alleged second unlimited operation unfolded between the afternoon of Feb. 19 and the pre-dawn hours of the following day. This time, the gang's hackers allegedly compromised computers of the processor of prepaid debit cards for the Bank of Muscat, located in Oman.

In approximately 10 hours, casher cells in 24 countries conducted approximately 36,000 ATM transactions worldwide, withdrawing an estimated $40 million, the indictment charged. The haul included $2.4 million withdrawn by the alleged New York crew.

In all, seven of the eight suspected members of the gang's New York crew have been arrested and indicted on charges of conspiracy to commit access device fraud, money laundering conspiracy and money laundering.

Did you enjoy this article? Click here to subscribe to Security Magazine. 

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

Security Magazine 2014 September cover

2014 October

Security takes a look at safety and preparedness for the harshest of weather phenomena in this October 2014 edition of the magazine. Also, we investigate supply chain security and the many benefits of PSIM. 

Table Of Contents Subscribe

Travel & the Ebola Risk

Are you and your enterprise restricting travel due to Ebola risks?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.