Hackers Stole $45 Million in ATM Card Breach
An alleged international gang of cyber thieves managed to steal $45 million from thousands of ATMs in carefully coordinated attacks conducted in a matter of hours.
Afour-count indictment unsealed in Brooklyn charged that eight members of the alleged gang's New York City crew stole approximately $2.4 million from nearly 3,000 ATMs across the metropolitan area in secret strikes carried out on two days in February, said USA Today.
"In the place of guns and masks, this cybercrime organization used laptops and the Internet," said Brooklyn U.S. Attorney Loretta Lynch. "Moving as swiftly as data over the Internet, the organization worked its way from the computer systems of international corporations to the streets of New York City, with the defendants fanning out across Manhattan to steal millions of dollars from hundreds of ATMS."
Federal prosecutors and investigators said the alleged attacks are known in the cyber underworld as "Unlimited Operations" — because using sophisticated computer hacking techniques enable those involved to gain access to virtually unlimited criminal proceeds, said USA Today.
The schemes involve hacking into the computer systems of credit card processors, stealing information involving prepaid debit card accounts and eliminating the withdrawal limits and balances of those accounts, said USA Today. The moves enable international organized crime cells that work in swift, surgically-coordinated attacks to withdraw unlimited amounts of cash from ATMs before the operations are shut down.
According to the indictment, the alleged gang carried out two lucrative unlimited operations between October 2012 and last month. In the initial attack, hackers working with the gang on Dec. 22 allegedly targeted a credit card processor that handled prepaid MasterCard debit cards issued by the National Bank of Ras Al-Khaimah PSC, a United Arab Emirates bank also known as RAKBANK.
After penetrating the processor's computer network, the hackers fraudulently manipulated the balances and withdrawal limits on RAKBANK prepaid debit card accounts. Then, teams of so-called cashers allegedly launched carefully timed attacks that caused more than $5 million in criminal losses from more than 4,500 ATMs in about 20 countries.
In just two hours and 25 minutes, the thieves allegedly conducted 750 fraudulent transactions that withdrew nearly $400,000 from approximately 140 New York City ATM locations, according to prosecutors and the indictment.
The alleged second unlimited operation unfolded between the afternoon of Feb. 19 and the pre-dawn hours of the following day. This time, the gang's hackers allegedly compromised computers of the processor of prepaid debit cards for the Bank of Muscat, located in Oman.
In approximately 10 hours, casher cells in 24 countries conducted approximately 36,000 ATM transactions worldwide, withdrawing an estimated $40 million, the indictment charged. The haul included $2.4 million withdrawn by the alleged New York crew.
In all, seven of the eight suspected members of the gang's New York crew have been arrested and indicted on charges of conspiracy to commit access device fraud, money laundering conspiracy and money laundering.