Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stealing From Banks One Cent at a Time

Posted by CmdrTaco on from the not-like-atm-fees-steal-from-you dept.

JRHelgeson writes "In a story strangely reminiscent of Superman 3, a 'hacker' allegedly stole over $50,000 from PayPal, Google Checkout as well as several unnamed online brokerage firms. When opening an online brokering account it is common practice for companies such as E-trade and Schwab to send a tiny payment — ranging from only a few cents to a couple of dollars — to verify that the user has access to the bank account listed. According to the story, the attacker wrote a script that opened thousands of accounts at dozens of these providers. He was arrested not for taking the money, but for using false names in order to get it."

24 of 313 comments (clear)

  1. Superman 3? by jandrese · · Score: 5, Informative

    How is this like Superman 3? I thought the point in that movie was to shave off the remainders in interest calculations. This is just a simple case of seeing someone transfer a few cents to your account when you open it and trying to abuse the system. The problem of course is that it's extremely obvious and you'll get caught, just like this guy did.

    --

    I read the internet for the articles.
    1. Re:Superman 3? by lesinator · · Score: 4, Informative

      This kind of attack hardly an invention of the movies. The salami attack has been around for a long time.

    2. Re:Superman 3? by Otter · · Score: 3, Informative

      I believe that the reference to Superman 3 is actually a meta-reference to Office Space. (Or maybe the reference being referenced is the meta-reference -- I'm not a philosopher.) As Office Space itself noted, the method long precedes either movie.

      --
      What I'm listening to now on Pandora...
    3. Re:Superman 3? by fishbowl · · Score: 2, Informative

      This geek didn't miss the fact that the reference to Superman 3 *was* a reference to Office Space.
      The indirect reference shows a bit of finesse, and understanding that the geek will get it.

      --
      -fb Everything not expressly forbidden is now mandatory.
    4. Re:Superman 3? by Blakey+Rat · · Score: 3, Informative

      The point isn't that Superman 3 invented it, the point is that most people first heard of it from watching Superman 3 and so when you're trying to explain to people what you're doing, you can say "you know, like Superman 3" and they know what you mean. Thus the joke in Office Space:

      A:
      B: "Huh?"
      A: "You know, like in Superman 3."
      B: "Oooh, now I get it."

      It's funny, damnit. Made funnier than Superman 3 is actually a pretty awful movie. (But it's an awful movie that most everybody's seen.)

      --
      Comment of the year
    5. Re:Superman 3? by Dachannien · · Score: 4, Informative

      It's been happening in meatspace for thousands of years (though not so much anymore). People would shave bits off of coins made of precious metals and then smelt and sell the shavings to wind up with more money than they started with. Wikipedia notes that some British silver coins would routinely be milled down to half their original weight as nearly everyone took a little bit off the edge.

      Eventually, coins could be made with milled edges, which largely curbed the practice, and today, of course, most coins are made from metals that are worth very little compared to the value of the coin itself.

    6. Re:Superman 3? by rrkap · · Score: 4, Informative

      Actually, it's not just the penny anymore due to high commodities prices.

      Coin                Melt Value
      Penny (current)     $0.005
      Penny (pre 1982)    $0.024
      Nickel (current)    $0.059
      Dime                $0.021
      Quarter             $0.053
      Golden dollar coin  $0.065

      So, the mint is only loosing money on nickels right now, and the pre-1982 pennies are worth melting down.

      --
      I like my beverages with warning labels!
    7. Re:Superman 3? by OrangeTide · · Score: 2, Informative

      There is a difference between how much it costs something to manufacture and how much its metals are worth. Right now the metal value of lincoln cents is around .561 cents. less than the value of a penny. You can use base metal coin calculator which tends to have current prices.

      --
      “Common sense is not so common.” — Voltaire
    8. Re:Superman 3? by statemachine · · Score: 3, Informative

      Those are the "Melt Values" not the cost of manufacturing.

      Today, a penny costs $0.026, and a nickel costs $0.077 to make.

  2. Submitter gets it wrong by nurightshu · · Score: 3, Informative

    As far as I can tell, the article doesn't actually mention that Largent managed to rip off PayPal, only that PayPal, Google Checkout, et al. use the small deposit method for verification. Seriously, reading for comprehension isn't hard, people. Hell, it even mentions the scope right in the lede.

    --
    They that would sacrifice their .sig space for that cliched Franklin quote deserve neither.
    1. Re:Submitter gets it wrong by Wister285 · · Score: 3, Informative

      The third and fourth paragraphs read:

      "According to court documents, Californian Michael Largent used an automated script to open 58,000 such accounts, collecting many thousands of these small payments into a few personal bank accounts.

      Largent also performed the same trick with Google's Checkout service, cashing more than $8,000 alone from the service. " [emphasis added]

      Am I (and the submitter) missing something?

  3. Re:How did he do it? by jandrese · · Score: 2, Informative

    I know Paypal lets you keep the money, I'm guessing the guy chose it and similar services.

    --

    I read the internet for the articles.
  4. Re:How did he do it? by Mark+J+Tilford · · Score: 4, Informative

    By closing the accounts before Paypal / Google Checkout could remove the money.

    --
    -----------
    100% pure freak
  5. Re:Relax by xgr3gx · · Score: 2, Informative

    No - he'll be sentenced to a Federal "pound me in the ass" prison

    --
    Shameless plug alert: Game server control panel
  6. Re:It was over... by maxume · · Score: 2, Informative

    http://www.google.com/search?q=Dick+Trickle

    Real guy.

    --
    Nerd rage is the funniest rage.
  7. Re:Let's by tha_mink · · Score: 5, Informative

    Sign up for a gazillion Paypal accounts, use ONE bank account, and after Paypal deposits the money, withdraw the money and close the account. Tried it. Paypal doesn't allow multiple accounts with the same bank account information.
    --
    You'll have that sometimes...
  8. Re:How did he do it? by Sturdy · · Score: 2, Informative

    PayPal and E*trade both leave the money.

    I seem to remember others...oh wait, those were authorization charges! ("Don't worry, we'll put it back eventually.") Those appear to be the smarter companies in the bunch.

  9. Re:What were the crimes again? by willyhill · · Score: 3, Informative
    No, they're not. That's why PayPal can get away with the shit they do. It's a common misconception that most people fall into, that because PayPal handles money, they must be a bank and subject to the same set of regulations you trust to put the stops on your bank if they get fresh with your money (including insurance. PayPal is not FDIC insured if you use their "high yield" holding option).

    The problem here is that the transactions involved banks. The fact that PayPal was the conduit is irrelevant in this case, I think.

    --
    The twitter monologues. Click on my homepage and be amazed.
  10. Re:how did it get that far? by 0100010001010011 · · Score: 2, Informative

    This is what Botnets are for.

  11. Re:How did he do it? by CheeseTroll · · Score: 3, Informative

    in the US, NOBODY cant take the money out of your bank account without your authorization

    (Assuming you aren't being sly with the double-negative...)

    Then you have some learnin' to do about how ACH transactions work. Authorization for withdrawals is required, but it is certainly not passed along with the transaction itself. The system relies heavily on trust. If someone challenges a transaction, and their bank demands proof of authorization, then yes, you'd better have it. But if the transaction is not challenged or rejected, then it stands.

    --
    A post a day keeps productivity at bay.
  12. Re:oh wait.... by The-Ixian · · Score: 3, Informative

    http://www.snopes.com/business/money/pennies.asp

    --
    My eyes reflect the stars and a smile lights up my face.
  13. Re:$50,000? by Anonymous Coward · · Score: 1, Informative

    You know what I'd do with $50,000? 2 chicks at the same time. You vastly over-estimate the price of pussy.
    You should be able to get two decent-quality chicks at the same time for under $500 in most cities in the USA.

    Unless you literally meant 2 at the same time, in which case you would probably have to pay the remaining $49,500 for the plastic surgery required to give you a second dick.
  14. Re:Comment from said "hacker" by Cramer · · Score: 2, Informative

    Not any bank I've ever used. They don't send a letter; they correct your mistake and go about their day. If you're lucky, they'll note it in the monthly bank statement.

  15. Re:What were the crimes again? by Anonymous Coward · · Score: 1, Informative

    FWIW, Paypal is a bank in Europe. Reference.