Slashdot Mirror

← Back to Stories (view on slashdot.org)

ATMs Compromised, $45M Taken

Posted by Soulskill on from the designed-for-redundancy-not-security dept.

An anonymous reader sends this news from the Associated Press: "A worldwide gang of criminals stole a total of $45 million in a matter of hours by hacking their way into a database of prepaid debit cards and then draining cash machines around the globe, federal prosecutors said Thursday. ... Here’s how it worked: Hackers got into bank databases, eliminated withdrawal limits on prepaid-debit cards and created access codes. Others loaded that data onto any plastic card with a magnetic stripe — an old hotel key card or an expired credit card worked fine as long as it carried the account data and correct access codes."

8 of 196 comments (clear)

  1. I wonder how much was skimmed by the bag men by gatkinso · · Score: 4, Insightful

    I mean, can you really trust that some guy half way around the world is going to turn over the cash he just stole for you?

    --
    I am very small, utmostly microscopic.
    1. Re:I wonder how much was skimmed by the bag men by Anonymous Coward · · Score: 5, Insightful

      They had the bank's database, its possible that they could tell pretty easily exactly how much they had withdrawn.

  2. Petty thieves by 140Mandak262Jamuna · · Score: 5, Insightful

    This is not how bank fraud should be done. The right and proper way is to become too big to fail, to big to jail, rig the LIBOR rates, create systematic rigging, award oneself huge salaries and bonuses, threaten worldwide economic collapse, hold governments to ransom and get huge bail out money. The master criminals running the banks are dismayed by petty criminals stealing from them.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
    1. Re:Petty thieves by dkleinsc · · Score: 5, Insightful

      On several documented occasions, they've foreclosed on people who had no mortgage whatsoever. They've foreclosed on people that lived next door to people they were intending to foreclose on due to typos. They've foreclosed on people who have paid their mortgage on time but the paperwork got mixed up by a servicer.

      The victims aren't just victims of their own stupidity.

      --
      I am officially gone from /. Long live http://www.soylentnews.com/
  3. Not ATMs, the debit card system by RichMan · · Score: 5, Insightful

    ATMs themselves were not compromised. The authentication system for debit cards was. Sure the money came from ATMs but the authentication that came from it was the backend systems.

    It was the backend banking system that was compromised, not ATMs. The ATMs worked perfectly and gave out cash only to authorized cards. There was no problem with the ATMs.

  4. Re:honeypasswords? by bws111 · · Score: 4, Insightful

    It comes down to which costs more: fixing the security problems, or losses due to security problems. My guess is that fixing the security problems would cost far more, so don't think anything is going to change.

  5. Re:Who pays? by alexander_686 · · Score: 4, Insightful

    What I think AC is trying to say is that yes, the banks are on the hook for the funds. Having lost the money the banks will try to make up for it by raising fees and interest, so it all tricks back down to the consumer.

  6. Doesn't add up by mypalmike · · Score: 4, Insightful

    "In New York alone, eight people hit 2,904 ATMs in 10 hours, withdrawing $2.4 million."

    OK, if they split up and worked individually, that means 363 ATMs per person in 10 hours, which is around 36 ATMs per person per hour. Each of those 8 people would have to average under 2 minutes per ATM over the course of 10 full hours without interruption. Even if you had a really well-planned route, that seems like an impossible pace.

    --
    There are 0x40000000 types of people: those who understand 32-bit IEEE 754 floating point, and those who don't.