In one of the biggest ever bank heists, a global cyber crime ring stole $45 million from two Middle Eastern banks by hacking into credit card processing firms and withdrawing money from ATMs in 27 countries, U.S….
The U.S. Justice Department accused eight men of allegedly forming the New York-based cell of the organization, and said seven of them have been arrested. The eighth, allegedly a leader of the cell, was reported to have been murdered in the Dominican Republic on April 27.
The ringleaders are believed to be outside the United States but prosecutors declined to give details, citing the ongoing investigation. What’s clear is the sheer scope and speed of the crimes: in one of the attacks, in just over 10 hours, $40 million was raided from ATMs in 24 countries involving 36,000 transactions…
The case demonstrates the major threat that cyber crime poses to banks around the world. It also shows how increasingly international and sophisticated criminal gangs have become, particularly those using the Internet.
Illustrating the universality of poor practices and incompetent security.
Prosecutors highlighted the “surgical precision” of these hackers, the global nature of their organization, and the speed and coordination with which they executed operations in 27 countries.
According to the complaint, the gang broke into the computers of two credit card processors, one in India in December 2012 and the other in the United States this February. The companies were not identified.
The hackers increased the available balance and withdrawal limits on prepaid MasterCard debit cards issued by Bank of Muscat of Oman, and National Bank of Ras Al Khaimah PSC (RAKBANK) of the United Arab Emirates, according to the complaint. They then distributed counterfeit debit cards to “cashers” around the world, enabling them to siphon millions of dollars from ATMs in a matter of hours.
In New York, for example, members of the cell fanned out into the city on the afternoon of February 19, armed with cards bearing a single Bank of Muscat account number. Ten hours later, they had completed 2,904 withdrawals for $2.4 million in all, the final transaction coming around 1:26 a.m., prosecutors said…
The group may have targeted Middle Eastern banks because they tend to allow customers to put much larger sums on cards and do not monitor them as closely as banks in other regions, said Shane Shook, global vice president of consulting for the security firm Cylance Inc.
The eight defendants – all U.S. citizens and residents of Yonkers, New York – were charged with withdrawing cash from the ATMs and transporting money, not hacking into the credit card processing firms or managing the operation…
Lynch said the New York gang kept roughly 20 percent of their takes, and sent the rest to the organizers. Authorities said they seized hundreds of thousands of dollars in cash and bank accounts, as well as two Rolex watches and a Mercedes SUV, from the defendants.
So much is wrong with banks that avoid regulators, dismiss regulations requiring multi-step confirmation and limits on transaction. Frankly, I’m happy as a clam with the few hoops I get to jump through when I make a transaction out of line with my usual behavior. I’d rather be embarrassed than broke.