Slashdot Mirror

← Back to Stories (view on slashdot.org)

Flash Mob Steals $9 Million From ATMs

Posted by Soulskill on from the viral-ad-for-ocean's-one-hundred-thirty dept.

Mike writes "A global flash mob of ATM thieves netted $9 million in fraud against ATMs in 49 cities around the world. The computer system for a company called RBS WorldPay was hacked. One service of the company is the ability for employers to pay employees with the money going directly to a debit card that can be used in any ATM. The hacker was able to infiltrate the supposedly secure system and steal the information necessary to duplicate or clone people's ATM cards. Shortly after midnight Eastern Time on November 8, the FBI believes that dozens of the so-called cashers were used in a coordinated attack on ATMs around the world. Over 130 different ATMs in 49 cities worldwide were accessed in a 30-minute period on November 8. 'We've never seen one this well coordinated,' the FBI said. So far, the FBI has no suspects and has made no arrests (PDF) in this scam."

19 of 232 comments (clear)

  1. cough by easyTree · · Score: 5, Funny

    in other news a flash mob recovered all the rights that have been stolen from the people by their governments over the last few years

    --
    Requiem for the American Dream
    1. Re:cough by Anonymous Coward · · Score: 5, Funny

      Obama is in office, you can stop saying things like that. He's going to fix everything, the internet told me so. ;)

  2. And the money went where? by Hieronymus.N · · Score: 5, Insightful

    So, were they on the honor system to funnel the cash back to the 'hacker'? Or was this like winning the lottery?

    --
    Would you, could you, in a car? http://v25media.com
    1. Re:And the money went where? by Gorobei · · Score: 5, Interesting

      It was probably structured like a lot of the stolen credit-card number sites: a high-reputation user announces an opportunity, then many other users pay up-front to participate. At the given time, the critical info is released to all, and it's then every man for himself trying to grab as much money as possible.

    2. Re:And the money went where? by Gorobei · · Score: 5, Informative

      I went and RTFA. Given 130+ ATMs in 50 cities, definitely looks like the sell-it model, not a massive criminal organization: very high fan-out (50 cities) and low leaf count (about 3 ATMs per second level node.) That shape is never seen in ongoing organized businesses - they should have a much more uniform hierarchical structure (e.g. 50 cities = 2500 ATMs.)

    3. Re:And the money went where? by Gorobei · · Score: 5, Interesting

      Two excellent analogies. I've been looking at corporations (in the broad sense) for 30 years, and it took me a long time to realize that you might as well ignore what people say about how they organize, and just look at what the organization actually is. That tells you almost everything you need to know.

  3. Re:How's this a flash mob? by bluesatin · · Score: 5, Interesting

    I thought flash mobs are groups of people in the same place at the same time. Not all over the world?

    By the name, I suppose a flash mob suggests a mob of people doing something 'in a flash' (in a short period of time).

    A mob doesn't necessarily have to be in the same spot, at least it doesn't have to be the way I understand it.

    Perhaps in the past a mob would have to be in the same location, but due to the way the world is all interlinked nowadays someone can affect something on the otherside of the world, meaning the world has gotten a lot 'smaller' as such.

  4. Re:This doesn't sound right by caspper69 · · Score: 5, Insightful

    The article says over $9,000,000 was stolen using only 100 cards in 49 cities in a 30 minute period. That, boys and girls, is $90,000 per card. The article says the limits on the cards were overridden, using them to make withdrawals in multiple increments of $500 or so. $90,000 / $500 is 180 withdrawals in a 30 minute period, or 6 withdrawals per minute.

    This article doesn't pass the basic sniff test. It reeks of either disinformation or seriously bad math.

    Yes, but it doesn't say how many copies of each card they made.

  5. Re:$9 Million? by Samschnooks · · Score: 5, Insightful

    $9 Million stolen from a bank? Peanuts compared to the next $900 Billion the banks are stealing back again - a hundred thousand times more.... I can't even get to grips with that scale of money....

    There's a BIG difference. One group was a bunch of unimaginative, unethical, thieving liars and cowards. The other group had the imagination to do something and take advantage of a weak poorly designed system that gets the guys with the badges and guns after you.

    It takes a REAL criminal mind to lobby the regulatory agencies and Congress with dirty money to make your thieving legal. And it's really a piece of work when those lying thieves walk away with tens of millions of dollars in bonuses for cheating.

  6. Holy Bonus Batman! by Overzeetop · · Score: 5, Funny

    That's almost as much as John Thain (of Merrill Lynch) thought he should get for securing the bailout funds!

    --
    Is it just my observation, or are there way too many stupid people in the world?
    1. Re:Holy Bonus Batman! by tres · · Score: 5, Insightful

      This is such an insightful comment.

      I believe that banking institutions are more dangerous to our liberties than standing armies. — Thomas Jefferson

      and I still had mod points just yesterday...

      --
      Notes From Under *nix: blas.phemo.us
  7. Re:This doesn't sound right by NotQuiteReal · · Score: 5, Funny

    Maybe it is like the "street value" quoted in a drug bust, or like an RIAA accounting for music "theft".

    Here we have $9,000,000 listed as the retail value of the loss, the actual paper money they got is nearly worthless, because ATMs only issue "bank notes", nothing more.

    --
    This issue is a bit more complicated than you think.
  8. Re:This doesn't sound right by Anonymous Coward · · Score: 5, Insightful

    Let's look at it another way.

    $9MM / ($500 / transaction) / 130 ATMs / 30 min = ~4.6 transactions/ATM/min

    Still seems rather high. I suppose I've never timed it, but it always feels like it takes more than 13 seconds to get my money at an ATM...

  9. Looking at their photos... by denzacar · · Score: 5, Funny

    They don't look like someone who just won a lottery to me.

    They look more like homeless people.
    Which brings up the question - why aren't there more homeless people robbing banks out there?

    I mean... they are in a clear advantage.
    They are invisible AND they have nothing to lose.
    Worst case scenario - they get sent to a jail. HA!
    3 meals a day, clothing, housing and health-care at the cost of the society.

    --
    Mit der Dummheit kämpfen Götter selbst vergebens
  10. Re:How is it a mob at all? by Anonymous Coward · · Score: 5, Insightful

    I don't see a crowd here.

    zoom out.

  11. Re:This doesn't sound right by Anonymous Coward · · Score: 5, Funny

    About five Euro.

  12. Re:How's this a flash mob? by timeOday · · Score: 5, Funny

    $9M in 49 cities around the world without a trace, but the joke's on them, because we know it wasn't a real flash mob. And isn't that really what matters?

  13. And his sidekick. . . by tuna_wasabi · · Score: 5, Funny

    Redundant Boy!

    Also, since the N in PIN stands for Number, saying PIN number is redundant. TFA didn't make this mistake, but since they go together so often I though I'd point it out for completeness.

    One time I heard a friend say "I want to get some cash out of the ATM Machine, but I can't remember my PIN Number."

    He's dead now.

  14. How about... Hacking the ATM from the ATM? by denzacar · · Score: 5, Interesting

    May I be so bold to suggest that there was no actual "hacking" taking place at all?
    By "hacking" I mean the stuff that movies and TV tells us that hacking looks like.
    A bespectacled nerd in his teens or early twenties, furiously typing something at his green and black screen filled with lines upon lines of scrolling text, uttering "Come on... come on..." until he suddenly "hacks the Gibson" and a welcome screen appears, upon which he jumps up yelling "YES! I AM INVINCIBLE!".

     

    TFA tells us the following:

    Here is the amazing part: With these cashers ready to do their dirty work around the world, the hacker somehow had the ability to lift those limits we all have on our ATM cards. For example, I'm only allowed to take out $500 a day, but the cashers were able to cash once, twice, three times over and over again. When it was all over, they only used 100 cards but they ripped off $9 million.

    - known limit - $500
    - 100 ATMcards used
    - $9 million gone

    That comes out to about 90k per card, right?

     
    Does anyone remember that little issue with Tranax ATMs from couple of years ago?
    It smells to me that something similar happened here. Someone leaving the ADMIN pass at 55555555 or 12345678.
    There was probably no need for hacking cards - they probably left the same limit.
    Instead, he/she/or it - just changed the codes for banknotes inside the machine.

    So... you just tell the ATM that its 100s are 5s - and then repeatedly ask for 5s.
    $500 limit coughs up ~$100.000 +/- couple of earlier withdrawals that already left the machine a few 100s short.

    In other words - about $90.000 per card.

     

     
    The beauty of it?

    Those suspects in the photos may be regular Joes and Janes who came later, found the machine giving 100s for 5s - and got caught on camera.

    --
    Mit der Dummheit kämpfen Götter selbst vergebens