Slashdot Mirror

← Back to Stories (view on slashdot.org)

$9 Million ATM Hacking Ring Indicted

Posted by kdawson on from the good-luck-with-those-arrests dept.

Trailrunner7 writes "US and international prosecutors have indicted a criminal ring that they allege was responsible for an ATM scam last November that stole about $9 million from RBS WorldPay. The criminals cracked payroll debit cards and withdrew money from ATMs in hundreds of cities around the world. A federal grand jury in Atlanta has indicted eight men in connection with the scheme, including five Estonians, one Russian, one Moldovan, and one unidentified man. Prosecutors allege that the men 'used sophisticated hacking techniques' to defeat the company's encryption system. The scam involved an elaborate plan in which the attackers first bypassed the encryption on the debit cards, which RBS WorldPay issues to customers for employee payroll purposes. They then raised the limits on the accounts attached to the cards, then provided a network of 'cashers' with 44 counterfeit payroll debit cards, which were used to withdraw more than $9 million from more than 2,100 ATMs in at least 280 cities worldwide, including cities in the United States, Russia, Ukraine, Estonia, Italy, Japan and Canada. The $9 million loss occurred within a span of less than 12 hours; 130 different ATMs in 49 cities were hit within one 30-minute period."

5 of 86 comments (clear)

  1. Proper monitoring by ls671 · · Score: 3, Insightful

    Just earlier, we heard about a hole in Bing cash-back program and many people rightfully stated that not enough care is taken when developing and more importantly, designing secure systems.

    This is one more case that proves them right. Bright hackers usually pick the easiest target. Due to the hit and run nature of the theft, I believe that proper real-time monitoring of the system could have prevented most of the attack. Maybe half an hour or less instead of 12 hours time span before it would have been stopped.

    --
    Everything I write is lies, read between the lines.
  2. Re:Laptop with finger print or retina recognition by jandrese · · Score: 2, Insightful

    What is the point of fingerprint recognition if they just pull the drive out and read all of the data off of it? You don't need fancypants biometrics to encrypt the hard drive, which is the only real protection against losing data when your laptop is stolen.

    --

    I read the internet for the articles.
  3. Re:Laptop with finger print or retina recognition by BountyX · · Score: 4, Insightful

    Biometric security is a horrible idea. Not only can you trick a retina scanner with a photograph and easily lift a finger print, but it is also non-disposable. There are much simpler and effective solutions to protecting sensitive information, like TrueCrypt. I bet most fingerprint readers and retina scanners on consumer electronics have manufacturer backdoors.

    --
    Trying to install linux on my microwave, but keep getting a kernel panic...
  4. smarter criminals by Anonymous Coward · · Score: 5, Insightful

    Bank Robber: thousands of dollars stolen, but they go to a maximum security prison
    ATM fraud ring: millions of dollars stolen, but they go to a medium security prison
    Ponzi scheme: billions of dollars stolen, but they go to a minimum security prison.
    Bankers: trillions of dollars stolen, and they're given more by the government with a bonus on top

  5. Bring a dufflebag by buyingtires · · Score: 4, Insightful

    Considering the $9 million was taken from 2,100 ATMs, that's over $4,200 per transaction... Most ATMs only have 20's to dispense, so that would be a pretty big pile of cash to carry out of the store/bank/gas station.