Hacking gang busted after $45m online bank heist
Posted on 10 May 2013 at 09:15
In one of the biggest ever bank heists, a global cyber crime ring has stolen $45 million from two Middle Eastern banks by hacking into credit-card processing firms and withdrawing money from banks in 27 countries including the UK.
The US Justice Department accused eight men of allegedly forming the New York-based cell of the organisation, and said seven of them have been arrested. The eighth, allegedly a leader of the cell, was reported to have been murdered in the Dominican Republic on 27 April.
The ringleaders are believed to be outside the US but prosecutors declined to give details, citing the ongoing investigation. What's clear is the sheer scope and speed of the crimes: in one of the attacks, in just over 10 hours, $40 million was raided from ATMs in 24 countries involving 36,000 transactions.
"In the place of guns and masks, this cyber crime organisation used laptops and the internet," US Attorney for the Eastern District of New York Loretta Lynch said. "Moving as swiftly as data over the internet, the organisation worked its way from the computer systems of international corporations to the streets of New York City."
It's a target-rich environment in terms of soft electronic security
The case demonstrates the major threat that cyber crime poses to banks around the world. It also shows how increasingly international and sophisticated criminal cyber gangs have become.
Prosecutors highlighted the "surgical precision" of these hackers, the global nature of their organisation, and the speed and coordination with which they executed operations in 27 countries.
According to the complaint, the gang broke into the computers of two credit-card processors, one in India in December 2012 and the other in the United States this February. The companies were not identified.
The hackers increased the available balance and withdrawal limits on prepaid MasterCard debit cards issued by Bank of Muscat of Oman, and National Bank of Ras Al Khaimah PSC of the United Arab Emirates, according to the complaint.
They then distributed counterfeit debit cards to "cashers" around the world, enabling them to siphon millions of dollars from ATMs in a matter of hours.
In New York, for example, members of the cell fanned out into the city on the afternoon of 19 February, armed with cards bearing a single Bank of Muscat account number. Ten hours later, they had completed 2,904 withdrawals for $2.4 million in all.
Casher crews in other countries were busy doing the same, pulling some $40 million from Bank of Muscat to add to the $5 million they stole from RAKBANK in December, according to the indictment. In total, cashers made some 40,500 withdrawals in 27 countries during the two coordinated incidents.
Prosecutors said the method of attack was known as "Unlimited Operations" in the online underworld.
Representatives for the two banks could not be reached for comment outside of regular business hours.
In a statement, Mastercard said it had cooperated with law enforcement in the investigation and stressed that its systems were not involved or compromised in the attacks.
Is your business a social business? For helpful info and tips visit our hub.
- CeBit 2014 diary: Cameron comes to town
- The 5 most interesting UK businesses at SXSW
- Quickest way to upload 1GB? Hop on a train
- Move over Delia: IBM Watson is cooking tonight
- Eric Schmidt on the double-edged smartphone: friend and foe
- Getty joins the race to the bottom
- Hour of Code: five steps to learn how to code
- Sony Xperia Z2 Tablet review: first look
- Sony Xperia Z2 review: first look
- Samsung Galaxy Gear 2 review: first look
- Headings vs headers: how to use both in Word
- Windows Server 2012 R2: how the Datacenter edition could change SMBs
- Invoices and VAT: how to set up your documents correctly
- Nexus 5 vs Samsung Galaxy S4 Active: the best phone for avoiding screen burn
- How much is a social user worth?
- The key to choosing a secure password
- Thunderbolt Bridge: a fast Mac migration tool
- Should you advertise on Twitter?
- How to track a lost smartphone
- Self-publishing success: the best way to sell your book