Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Hackers looted $45 million in global ATM heist

The crew hacked into bank databases, stole prepaid debit card information, eliminated withdrawal limits, created fake cards out of expired credit cards and old hotel keys, and proceeded to trick the cash machines into giving up the goods.

Seven people are under arrest for the crime in the US, accused of stealing $2.8 million in cash in less than a day. Apparently, they were working in cells and were well-organized, Brooklyn U.S. Attorney Loretta Lynch told FOX News, calling it a “massive 21st-century bank heist."

They weren’t completely savvy, however: “One of the suspects was caught on surveillance cameras, his backpack increasingly loaded down with cash,” FOX reported. “Others took photos of themselves with giant wads of bills as they made their way up and down Manhattan.”

There were two separate attacks, one in December that netted $5 million worldwide and one in February that garnered $40 million in 10 hours with about 36,000 transactions. The scheme involved attacks on two banks, Rakbank in the United Arab Emirates and the Bank of Muscat in Oman, prosecutors said. The heist hit the banks, not individuals: the money was captured from funds used to back up prepaid credit cards.

“The plundered ATMs were in Japan, Russia, Romania, Egypt, Colombia, Britain, Sri Lanka, Canada and several other countries, and law enforcement agencies from more than a dozen nations were involved in the investigation,” FOX reported.

The money was laundered it through expensive purchases or simply sent on to the masterminds behind the operation (prosecutors have not released the details). The head of the US cell was Alberto Yusi Lajud-Pena, who authorities say was killed in the Dominican Republic in April.

Of course, chip-and-pin technology would have thwarted the theft. EMV chip-based payment cards, also known as smart cards, contain an embedded microprocessor. That microprocessor chip contains the information needed to use the card for payment, and is protected by various security features, so they’re a more secure alternative to traditional magnetic stripe payment cards. Many countries have already adopted them: as of the second quarter of 2012, there were 1.55 billion EMV-compliant chip-based payment cards in use worldwide. The US banking industry is mulling a migration to the architecture within the next few years.

What’s Hot on Infosecurity Magazine?