Slashdot Mirror
ATMs Compromised, $45M Taken
An anonymous reader sends this news from the Associated Press:
"A worldwide gang of criminals stole a total of $45 million in a matter of hours by hacking their way into a database of prepaid debit cards and then draining cash machines around the globe, federal prosecutors said Thursday. ... Here’s how it worked: Hackers got into bank databases, eliminated withdrawal limits on prepaid-debit cards and created access codes. Others loaded that data onto any plastic card with a magnetic stripe — an old hotel key card or an expired credit card worked fine as long as it carried the account data and correct access codes."
I mean, can you really trust that some guy half way around the world is going to turn over the cash he just stole for you?
I am very small, utmostly microscopic.
Why wouldn't an Old Hotel card with a mag stripe work if it had the info the reader was expecting? I mean it's interesting that it worked, but why is that of note?
"Hack The Paynet!"
And then they all hoped into their Mini Coopers and drove off into the sunset, leaving a stream of bills fluttering in the wind.
I do. And you. Who is at fault? The banks and CC companies. How happy am I with banks? Not very.
Media all around the world are comparing this heist to Ocean's Eleven. Funny, but prolly not the first time that a movie yields the cultural background material for understanding viz. interpreting a crime...
Religous speak to God. Insane are spoken to by God. When all shut up, one can finally hear Shostakovich in peace
now think again about the article a couple days back about false accounts that just flag intrusion warnings.
They got into the banks computer somehow and were undetected. Those accounts are just another way to possibly detect intrusion.
This is not how bank fraud should be done. The right and proper way is to become too big to fail, to big to jail, rig the LIBOR rates, create systematic rigging, award oneself huge salaries and bonuses, threaten worldwide economic collapse, hold governments to ransom and get huge bail out money. The master criminals running the banks are dismayed by petty criminals stealing from them.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
ATMs themselves were not compromised. The authentication system for debit cards was. Sure the money came from ATMs but the authentication that came from it was the backend systems.
It was the backend banking system that was compromised, not ATMs. The ATMs worked perfectly and gave out cash only to authorized cards. There was no problem with the ATMs.
The problem is that if Bitcoin takes off, banks will still treat it like regular currency. Once you make a deposit, the bank will add it to a pool, and withdrawals will come from that pool. Your account holdings will still be a decimal formatted number in a database somewhere.
Banks and creditors need a new transaction system built on cryptography, single use keys, and enhanced by Internet connectivity, to protect their customers. And they needed it yesterday.
All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
I guess US banks will re-evaluate the use the more secure smart carts. They have been reluctant to use them because the cost of adoption was greater than their projected losses due to theft. So much for that theory. Another failure to predict the risk.
one of them was found dead on April 27 in the Dominican Repblic
eight have already been arrested
turns out the geniuses went shopping for rolexes and luxury cars with the cash
cash has serial numbers. everything is video taped. it was only a matter of time before the cops tracked them down
Now the banks have an inkling of how we feel about them stealing us blind in the mortgage fiasco! I only wish these hoods got away with about $4.5B instead of a paltry $45M. Then, the results would have been more equitable... :-(
Sometimes, real fast is almost as good as real-time.
the leader of the gang flew out of the US, and masked gunmen shot him down in the dominican republic. he had 100.000 usd with him and they were untouched. I wouldn't say that the hacked financial institutions didn't get their revenge.
Now all the bank has to do is ask the Fed for a zero interest $50 million loan and it's all good, like nothing happened. Because too big to fail means we reinforce failures and give them all the support they need so they can keep failing. Seriously, what kind of bank lets people into their database? Do they have happy hour in the vault, too?
Seven puppies were harmed during the making of this post.
Consider the total economic impact. For the measly expenditure of $45 million, how many newspapers are sold that wouldn't have, how much ad revenue is generated that wouldn't have, how many Rolexes and Benzes are sold that wouldn't have, how many more insurance policies are sold, etc. Cops get some fun and exercise, trial lawyers get to send their kids to exclusive schools in limos, and so on.
Meanwhile there's this guy at the Fed passing $1 TRILLION or so in worthless paper per year. You tell me who's the bigger criminal.
LOL, nobody is hacking, you noob. It's called "skills". You just suck.
If I read that story right, it sounds like the $40 million was taken from just 12 total accounts out of the UAE.
The ATM's themselves were not compromised.
The bank's computers were compromised and the limits on ATM withdrawals was removed from certain accounts.
Except that you don't need a bank just to keep your money in with bitcoin.
The money is stored in the transactions that are in the block chain and replicated everywhere.
You just need to store the private key that signed those transactions to be able to "spend" that money.
You don't need a bank, you just need to be able to store a few hundred bytes of data to prove the bitcoins are yours.
This was one of those rare times when reading the news was actually informative. First time in about a year or so... :) Thanks!
Finally, an excuse for coming here
A lousy $45M and a bunch of them were caught and will be prosecuted. Amateurs. The Best Way to Rob a Bank Is to Own One. If these petty crooks had any brains, they'd at least have read the book.
Update: the book is a little dated because it's about the S&L crisis. Back then people were prosecuted for control fraud. Nowadays doing it on a big enough scale means you get to play golf with the president. $45M is skimming the petty cash.
Nearly correct.
We the people need a new transaction system built on cryptography, single use keys, and enhanced by Internet connectivity that does not involve banksters having any part of !
Banks were a good idea when they needed fortified properties and guards to protect the actual gold. Now that money is simply a set of 1's and 0's in a comuter they are no longer required.
The problem is that if Bitcoin takes off, banks will still treat it like regular currency. Once you make a deposit, the bank will add it to a pool, and withdrawals will come from that pool. Your account holdings will still be a decimal formatted number in a database somewhere.
Not with Bitcoin. Sure, they could use a pool, but that wouldn't do them any good.
The reason for the pool is called Fractional reserve banking, and that's impossible to do with Bitcoin.
two years ago I posted here how while waiting on a bank in Peru I played with a terminal that was there to show the bank website. In 5 minutes I was able to get into their WAN just by clicking arround. I could see all the networks inside, and inside that I could see the individual machines which has excel files and such. I inmediatelly reported it to the manager. In the US that could have gotten me arrested. I took a pic as a souvenir, which I still have. A month later I was there again and noticed that they had simply disabled right-click on the browser (it was one of the steps that I reported). After 10 min I was able to get into the network again. Told again the manager. Two years later (last week) I noticed that they still hadnt fixed it. Didnt say anything this time, but left the network screen open.
The banks have been ripping people off with their bailouts and illegal forclosures and being too big to fail that they don't get prossecuted for any of it. The Law makers, Courts and Enforcement are all accesories to those acts.
As far as I am concerned, I hope they guys get away with it.
Another Felix Leiter job well done.
Could you please explain how this is impossible with Bitcoin?
The banks were doing it back in the days of gold. They held a vault full of gold and kept an account of who owned what gold on a ledger. Then they lent out some of that gold, or rather, they lent out notes for gold which they still kept in the vault, in fact, they lent out more gold than they actually had in the vault. This works fine as long as the number of people withdrawing real gold from the vaults doesn't exceed deposits.
There is no reason they can't run a fractional reserve system with bitcoin. Of course the bank's bitcoin holdings will be stored in the bitcoin transaction log, but their customer accounts valued in bitcoins will be stored in an entirely different log altogether, a log held by the bank.
Do you think that bitcoins traded on MtGox are recorded in the bitcoin transaction log too? Then you do not understand either bitcoin or finance. No, the only transactions in the bitcoin log are for deposits or withdrawals too and from MtGox... MtGox tracks your holdings completely separately.
While I think bitcoin is a great idea, not being able to run a fractional reserve lending system based on them is not one of its advantages. Infact, when they go mainstream, I think this is inevitable. The virtual supply of bitcoins (held by depositors in bank accounts) will then be far greater than the actual supply limit of 21M bitcoins recorded in the bitcoin log.
This is no different to the fact that the amount of money sitting in bank accounts now far exceeds the amount of money that exists in actual currency. You've just come to think of them as being the same thing. They are not.
Bush wasted 1.4 trillion on wars over seas and is responsible for the deaths of thousands due to these wars.
See, both sides can make intentionally misleading claims.
Grow up.
That is an interesting one. As far as I understand it, they did not steal from individuals, but from the bank. Off course this is the same as grabbing from someone else's savings, but so is fractional reserve banking. So in a way, if your bank does it, it is normal, if someone else does it, all of a sudden it is criminal.
Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
"In New York alone, eight people hit 2,904 ATMs in 10 hours, withdrawing $2.4 million."
OK, if they split up and worked individually, that means 363 ATMs per person in 10 hours, which is around 36 ATMs per person per hour. Each of those 8 people would have to average under 2 minutes per ATM over the course of 10 full hours without interruption. Even if you had a really well-planned route, that seems like an impossible pace.
There are 0x40000000 types of people: those who understand 32-bit IEEE 754 floating point, and those who don't.
Others loaded that data onto any plastic card with a magnetic stripe — an old hotel key card or an expired credit card worked fine as long as it carried the account data and correct access codes
Magnets!
Is there anything they can't do?
But seriously, why is of this of note? I'm pretty sure any magstrip carrying the right codes would work.
I'm glad all my wealth is stored in Bitcoins.
http://www.justice.gov/usao/nye/pr/2013/2013may09.html
Over the course of approximately 10 hours, casher cells in 24 countries executed approximately 36,000 transactions worldwide and withdrew about $40 million from ATMs. From 3 p.m. on February 19 through 1:26 a.m. on February 20, the defendants and their co-conspirators withdrew approximately $2.4 million in nearly 3,000 ATM withdrawals in the New York City area.
2904 withdrawals, not ATMs. About 10 hours, not EXACTLY 10 hours.
Also, it's 8 persons with 12 accounts per person. All they needed to cover was about 30 ATMs.
Which comes out to about 20 minutes per ATM, meaning that each TEAM (i.e. at least one to withdraw the money, one to drive the car and keep lookout) had about 8 minutes to get from one ATM to the next.
Good critical thinking on your part though. Just too much noise in the signal.
Mit der Dummheit kämpfen Götter selbst vergebens
There is absolutely no reason at all for banks to "store" the bitcoins. The block chain does the storage, and it's not only distributed storage, but also quite secure storage. Whoever holds bitcoins holds a part of what would be considered a bitcoin bank. If bitcoins were ubiquitous, there'd be no need for banks at all. Yeah, you could have lenders, but they wouldn't need to be banks at all.
A successful API design takes a mixture of software design and pedagogy.
You don't need a bank, you just need to be able to store a few hundred bytes of data to prove the bitcoins are yours.
In many (most?) places, your home or person is more likely to be robbed than the bank, so it will be safer to keep your bitcoins in the bank - especially if the bank provides insurance against robbery. But that's really about checking account analogs.
People might well still choose to deposit bitcoins in a savings account that paid interest, and that's where fractional reserve banking comes from. Even if you don't need a checking account with bitcoins, checking account deposits are small in the scheme of things.
Socialism: a lie told by totalitarians and believed by fools.
Thieves can break into my house, or hack into my computer, and steal my Bitcoin wallet. Hell, I'll email it to you, if you want.
However, it is encrypted, and good luck with that.
Prove anything by multiplying Huge Number times Tiny Number
How nice for you. If bitcoin were ever widely used, most people using it would be normal people. Thus, banks.
Socialism: a lie told by totalitarians and believed by fools.
Yeah, because the is no way to break encryption.
No, you misunderstand.
The bank will have their own bitcoin wallet. When you deposit bitcoin with the bank, you transfer your coins through the normal bitcoin mechanism to the bank's bitcoin address.
The bank won't have an actual vault of bitcoins, their bitcoins will be stored on the distributed secure log like anyone else's bitcoins... but they will hold the private keys to their own wallet.
They will hold an account for you valued in bitcoins, but not actual bitcoins in the bitcoin log.
They will do this if they have to buy bitcoins themselves off of the exchanges... but they will offer incentives to you to store your bitcoins with them rather than in your own wallet, such as interest, security, having your employer pay them rather than you directly... stuff like that.
You can withdraw bitcoins to your own wallet if you want to spend them... they will transfer virtual bitcoins from your bank account, and the corresponding real bitcoins from their private wallet, to your private bitcoin address.
But from their own pool of bitcoins they can make loans that you will pay back in bitcoins with interest using fractional reserve lending methods.
Then the supply of virtual bitcoins can easily exceed the supply of real bitcoins, but their value will be almost exactly equal.
You think just because you can hold bitcoin yourself that there would be no use for banks... well, the same could be said about gold and currency too. You don't have to store your currency in a bank... but most people do... when bitcoin becomes mainstream don't expect the banks to just sit back and ignore it... there's bitcoins to be made for them too, just as they always have done with everything else.
The only difference is the government won't be able to print them new bitcoins if they run out. This was never possible when they held gold either. The technology changes, but the old methods will reamin.
The amount involved was far too low for any bank to take it _that_ seriously.
Much more likely that the actual masterminds organising this got pissed off because some local idiots jumped the gun and went after peanuts instead of waiting for a proper kickoff (since to be honest - $45m? Sure, it sounds like 'lots' of money, but is laughably little once you account for the laundering cost and split it up across the heads of people involved).
I'm sure the banks have made way over hundred times that amount on ATM fees and such. Don't feel sorry for the banks.... Just remember 2008