Slashdot Mirror

← Back to Stories (view on slashdot.org)

ATMs Compromised, $45M Taken

Posted by Soulskill on from the designed-for-redundancy-not-security dept.

An anonymous reader sends this news from the Associated Press: "A worldwide gang of criminals stole a total of $45 million in a matter of hours by hacking their way into a database of prepaid debit cards and then draining cash machines around the globe, federal prosecutors said Thursday. ... Here’s how it worked: Hackers got into bank databases, eliminated withdrawal limits on prepaid-debit cards and created access codes. Others loaded that data onto any plastic card with a magnetic stripe — an old hotel key card or an expired credit card worked fine as long as it carried the account data and correct access codes."

9 of 196 comments (clear)

  1. Re:honeypasswords? by Qzukk · · Score: 4, Interesting

    Since the cards were used to steal directly from the bank and they've got no place to chargeback to like they usually do to cover their losses due to their insecurity, I wonder if we'll finally see a sudden outbreak of security from the banks.

    --
    If I have been able to see further than others, it is because I bought a pair of binoculars.
  2. idiots already have been arrested by alen · · Score: 5, Interesting

    one of them was found dead on April 27 in the Dominican Repblic
    eight have already been arrested

    turns out the geniuses went shopping for rolexes and luxury cars with the cash
    cash has serial numbers. everything is video taped. it was only a matter of time before the cops tracked them down

    1. Re:idiots already have been arrested by GPLDAN · · Score: 3, Interesting

      I also believe that there are databases that trace bill serial numbers to the ATMs that distributed them. The banks probably had a database of every bill issued to the criminals. Once they surfaced anywhere, they were going to be tracked. Also, nobody in underworld finance would dare launder that heist. Those were toxic bills and probably why they got caught quickly.

  3. the important part of the story was the last parag by etash · · Score: 5, Interesting

    the leader of the gang flew out of the US, and masked gunmen shot him down in the dominican republic. he had 100.000 usd with him and they were untouched. I wouldn't say that the hacked financial institutions didn't get their revenge.

  4. Re:honeypasswords? by Pinky's+Brain · · Score: 4, Interesting

    They already have huge losses from skimming to make them care about security, it was probably an inside job ... they usually are.

  5. Re:Petty thieves by dkleinsc · · Score: 5, Interesting

    You left out foreclosing on homes without the legal right to do so, laundering drug money, trading with Iran and other enemies of the country you're based on, and of course occasionally paying off regulators to help get away with it all. But then again, banks committing serious crimes is nothing new. As Major General Smedley Butler argued:

    I spent 33 years and four months in active military service and during that period I spent most of my time as a high class muscle man for Big Business, for Wall Street and the bankers. In short, I was a racketeer, a gangster for capitalism. I helped make Mexico and especially Tampico safe for American oil interests in 1914. I helped make Haiti and Cuba a decent place for the National City Bank boys to collect revenues in. I helped in the raping of half a dozen Central American republics for the benefit of Wall Street. I helped purify Nicaragua for the International Banking House of Brown Brothers in 1902-1912. I brought light to the Dominican Republic for the American sugar interests in 1916. I helped make Honduras right for the American fruit companies in 1903. In China in 1927 I helped see to it that Standard Oil went on its way unmolested. Looking back on it, I might have given Al Capone a few hints. The best he could do was to operate his racket in three districts. I operated on three continents.

    --
    I am officially gone from /. Long live http://www.soylentnews.com/
  6. Re:Not ATMs, the debit card system by Anonymous Coward · · Score: 5, Interesting

    As someone who writes banking software, Yes. The ATMs trusted the withdrawal limits in the response from the authorization system. When the authorization system returned a response stating it was OK for the user of this account to withdraw $10K in cash, the ATM should have flagged that amount as suspicious and refused to complete the transaction.

  7. Easy to hack into international banks by ZiggyM · · Score: 5, Interesting

    two years ago I posted here how while waiting on a bank in Peru I played with a terminal that was there to show the bank website. In 5 minutes I was able to get into their WAN just by clicking arround. I could see all the networks inside, and inside that I could see the individual machines which has excel files and such. I inmediatelly reported it to the manager. In the US that could have gotten me arrested. I took a pic as a souvenir, which I still have. A month later I was there again and noticed that they had simply disabled right-click on the browser (it was one of the steps that I reported). After 10 min I was able to get into the network again. Told again the manager. Two years later (last week) I noticed that they still hadnt fixed it. Didnt say anything this time, but left the network screen open.

  8. Re:Who pays? by FooAtWFU · · Score: 3, Interesting
    No wrong. Listen: We know that banks like money to begin with. They don't generally say "Oh, we're making enough money" and rest on their laurels avoiding some profitable change in policy until they're shocked by an external event. If it were possible for them to profitably raise fees or credit-card interests, they'd have done it already.

    This is a direct hit to the bank's shareholders, or to their insurance.

    --
    The World Wide Web is dying. Soon, we shall have only the Internet.