Bank security weaknesses led to cyber looting of $45M from ATMs
Indicted cyber thieves used pre-paid debit cards, maniulated bank accounts to withdraw huge sums from ATMs around the world
Computerworld - Alberto Yusi Lajud Pena, found dead in the Dominican Republic two weeks ago, was the leader of the New York cell of an international gang of cyber thieves that authorities allege stole a staggering $45 million from ATM machines around the world.
One startling aspect of the case, sure to be closely reviewed by banks worldwide, is that Pena and his cohorts pull off the theft quickly using just 17 prepaid debit cards.
Federal prosecutors in New York on Thursday handed down indictments against Pena and seven other individuals on cyber hacking charges related to the theft. The defendants allegedly formed a New York-based cell of an international group that hacked into global financial institutions to access prepaid debit card data that they later used to steal money from ATM machines.
Pena and his co-conspirators are accused of withdrawing about $2.8 million from ATMs in NYC on two separate occasions.
In the first operation last Dec. 22, the gang withdrew $400,000 in 750 fraudulent transactions at 140 ATM locations in the city in just two hours and 25 minutes. In February, the gang withdrew close to $2.4 million in 3,000 ATM transactions in the NYC area over a 10-hour period.
Details of the operation contained in court documents provide a fascinating look both at the sophisticated methods used by the hackers, and the vulnerabilities in the banking system that allowed it to happen.
The thefts began with an extensive intrusion last December into the network of an Indian credit card processing company that handles MasterCard and Visa prepaid debit cards.
Such cards are typically loaded with a finite amount of funds and are often used by employers in lieu of paychecks and by charitable organizations to distribute emergency assistance, according to a statement by the U.S. Department of Justice.
The hackers broke into the card processing company, manipulated account balances and eliminated withdrawal limits on each of five prepaid MasterCard debit cards issued by the National Bank of Ras Al-Khaimah in the United Arab Emirates.
Such manipulation of debit card information is referred to as "unlimited operation" in the cyber underworld and requires a very high degree of technical sophistication, according to the indictment. When successful, even a small number of compromised cards can lead to a "tremendous financial loss the victim financial institution," the indictment said.
The compromised account numbers, together with PINs needed to initiate withdrawals, were distributed to cell 'managers' like Pena in different parts of the world. The stolen account numbers were used to encode magnetic stripes on the back plastic cards such as gift cards and hotel key cards and later used to initiate the fraudulent withdrawals.
The first operation, in Dec. 2012, resulted in close to $5 million being withdrawn from ATM machines around the world in about 5,700 transactions. The hackers who had broken into the card processor network used their access to monitor the withdrawals to ensure they were not shortchanged.
In February, the group pulled off the same caper, but this time by breaking into a U.S.-based credit card processor that handles MasterCard and Visa prepaid debit card transactions.
In this instance, the hackers manipulated account balances and removed withdrawal limits on 12 prepaid debit cards issued by the Bank of Muscat in Oman. The compromised account numbers were distributed to gang members in 24 countries and used to create spoofed debit cards that were used to withdraw $40 million from ATM machines.
- Arrests made after international cyber-ring targets StubHub
- International police operation disrupts Shylock banking Trojan
- Spamhaus pushes for arrests of alleged DDoS participants
- Accused Russian point-of-sale hacker arrested, will face U.S. charges
- No-IP regains control of some domains wrested by Microsoft
- Microsoft legal action cramping other hacking campaigns, Kaspersky says
- Microsoft admits technical error in IP takeover, but No-IP still down
- QuickPoll: Why hasn't Windows XP come under attack from hackers?
- Cybercrime losses top $400 billion worldwide
- U.S., foreign agents disrupt Gamover Zeus botnet
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to... All Cybercrime and Hacking White Papers | Webcasts