Sunday, May 12, 2013

Cybercriminals steal $45 million from ATMs

I hope that most IT security people are taking a look at the recent cybercrime that broke in the last couple of weeks, of an organized group of criminals who stole $45 million from ATMs thru the use of pre-paid debit cards.  This happened in February of this year, and only came to light recently.

From the information so far, they did this by exploiting 2 weaknesses:
  • Broke into bank computers and stole prepaid debt cards, erasing their withdrawal limits.
  • Got the data into the hands of others who cloned the cards and hit numerous ATMs.
And apparently, doing this two things in coordination is what made this successful for this group.  Better oversight could have stopped the first.  And the use of smart chips instead of magnetic strips in cards could have dealt with the second, but this is rare in US credit/debit cards.

We are seeing the rise of such organized cybercrime.  And frankly, the numbers in just this case are staggering:  thieves were in 27 countries, and they made about 36,000 withdrawals over 10 hours to accumulate $45 million.  That works out to about a withdrawal of $1,111 every 10 seconds.

All the cards stolen were MasterCard prepaid debit cards, and only 2 banks were targeted.   In December, it was cards issues by the National Bank of Ras Al-Khaimah PSC (RAKBANK) in the United Arab Emirates.  Then in February it was cards issued by the Bank of Muscat in Oman.  I have to wonder if there was a reason those banks were the target.

What I haven't seen is the size of this overall group, which may not be known at this point.  A small group has been arrested in the US (apparently the "US cell"), and another individual who was apparently the leader of that cell was killed in the Dominican Republic (by who is not clear).   What about the overall ringleaders?  Maybe they killed the guy US ringleader to prevent any links back to them.  (yeah, I guess I read too many thrillers...)

Am sure we will get more info on this case as it moves along.  I wonder how procedures may be changed or improved in light of this.

Here are some of the articles on this matter:

Global Post on the heist.   Business Insider on how it was done.   NPR on it.
Dark Reading on the 8 caught in NY

No comments:

Post a Comment