Slashdot Mirror
ATMs Compromised, $45M Taken
An anonymous reader sends this news from the Associated Press:
"A worldwide gang of criminals stole a total of $45 million in a matter of hours by hacking their way into a database of prepaid debit cards and then draining cash machines around the globe, federal prosecutors said Thursday. ... Here’s how it worked: Hackers got into bank databases, eliminated withdrawal limits on prepaid-debit cards and created access codes. Others loaded that data onto any plastic card with a magnetic stripe — an old hotel key card or an expired credit card worked fine as long as it carried the account data and correct access codes."
I mean, can you really trust that some guy half way around the world is going to turn over the cash he just stole for you?
I am very small, utmostly microscopic.
And then they all hoped into their Mini Coopers and drove off into the sunset, leaving a stream of bills fluttering in the wind.
Media all around the world are comparing this heist to Ocean's Eleven. Funny, but prolly not the first time that a movie yields the cultural background material for understanding viz. interpreting a crime...
Religous speak to God. Insane are spoken to by God. When all shut up, one can finally hear Shostakovich in peace
This is not how bank fraud should be done. The right and proper way is to become too big to fail, to big to jail, rig the LIBOR rates, create systematic rigging, award oneself huge salaries and bonuses, threaten worldwide economic collapse, hold governments to ransom and get huge bail out money. The master criminals running the banks are dismayed by petty criminals stealing from them.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Welcome to Slashdot Summaries, where the grammar is bad and the content mostly random.
Why wouldn't an Old Hotel card with a mag stripe work if it had the info the reader was expecting? I mean it's interesting that it worked, but why is that of note?
Because a lot of people don't understand that a mag strip is a mag strip, regardless of what piece of plastic it's connected to. There's an opportunity here to talk about how some types of chipped cards can prevent this type of easy duplication, but they missed it.
Since the cards were used to steal directly from the bank and they've got no place to chargeback to like they usually do to cover their losses due to their insecurity, I wonder if we'll finally see a sudden outbreak of security from the banks.
If I have been able to see further than others, it is because I bought a pair of binoculars.
ATMs themselves were not compromised. The authentication system for debit cards was. Sure the money came from ATMs but the authentication that came from it was the backend systems.
It was the backend banking system that was compromised, not ATMs. The ATMs worked perfectly and gave out cash only to authorized cards. There was no problem with the ATMs.
I guess US banks will re-evaluate the use the more secure smart carts. They have been reluctant to use them because the cost of adoption was greater than their projected losses due to theft. So much for that theory. Another failure to predict the risk.
one of them was found dead on April 27 in the Dominican Repblic
eight have already been arrested
turns out the geniuses went shopping for rolexes and luxury cars with the cash
cash has serial numbers. everything is video taped. it was only a matter of time before the cops tracked them down
the leader of the gang flew out of the US, and masked gunmen shot him down in the dominican republic. he had 100.000 usd with him and they were untouched. I wouldn't say that the hacked financial institutions didn't get their revenge.
Now all the bank has to do is ask the Fed for a zero interest $50 million loan and it's all good, like nothing happened. Because too big to fail means we reinforce failures and give them all the support they need so they can keep failing. Seriously, what kind of bank lets people into their database? Do they have happy hour in the vault, too?
Seven puppies were harmed during the making of this post.
If it's not of note, then why is it interesting?
They already have huge losses from skimming to make them care about security, it was probably an inside job ... they usually are.
It comes down to which costs more: fixing the security problems, or losses due to security problems. My guess is that fixing the security problems would cost far more, so don't think anything is going to change.
Welcome to Slashdot: Where everything's made up, and the mod points don't matter.
Except that you don't need a bank just to keep your money in with bitcoin.
The money is stored in the transactions that are in the block chain and replicated everywhere.
You just need to store the private key that signed those transactions to be able to "spend" that money.
You don't need a bank, you just need to be able to store a few hundred bytes of data to prove the bitcoins are yours.
I only wish these hoods got away with about $4.5B instead of a paltry $45M.
In that case they'd be playing golf with the president instead of being prosecuted. Their problem was thinking small.
What I think AC is trying to say is that yes, the banks are on the hook for the funds. Having lost the money the banks will try to make up for it by raising fees and interest, so it all tricks back down to the consumer.
two years ago I posted here how while waiting on a bank in Peru I played with a terminal that was there to show the bank website. In 5 minutes I was able to get into their WAN just by clicking arround. I could see all the networks inside, and inside that I could see the individual machines which has excel files and such. I inmediatelly reported it to the manager. In the US that could have gotten me arrested. I took a pic as a souvenir, which I still have. A month later I was there again and noticed that they had simply disabled right-click on the browser (it was one of the steps that I reported). After 10 min I was able to get into the network again. Told again the manager. Two years later (last week) I noticed that they still hadnt fixed it. Didnt say anything this time, but left the network screen open.
Could you please explain how this is impossible with Bitcoin?
The banks were doing it back in the days of gold. They held a vault full of gold and kept an account of who owned what gold on a ledger. Then they lent out some of that gold, or rather, they lent out notes for gold which they still kept in the vault, in fact, they lent out more gold than they actually had in the vault. This works fine as long as the number of people withdrawing real gold from the vaults doesn't exceed deposits.
There is no reason they can't run a fractional reserve system with bitcoin. Of course the bank's bitcoin holdings will be stored in the bitcoin transaction log, but their customer accounts valued in bitcoins will be stored in an entirely different log altogether, a log held by the bank.
Do you think that bitcoins traded on MtGox are recorded in the bitcoin transaction log too? Then you do not understand either bitcoin or finance. No, the only transactions in the bitcoin log are for deposits or withdrawals too and from MtGox... MtGox tracks your holdings completely separately.
While I think bitcoin is a great idea, not being able to run a fractional reserve lending system based on them is not one of its advantages. Infact, when they go mainstream, I think this is inevitable. The virtual supply of bitcoins (held by depositors in bank accounts) will then be far greater than the actual supply limit of 21M bitcoins recorded in the bitcoin log.
This is no different to the fact that the amount of money sitting in bank accounts now far exceeds the amount of money that exists in actual currency. You've just come to think of them as being the same thing. They are not.
"In New York alone, eight people hit 2,904 ATMs in 10 hours, withdrawing $2.4 million."
OK, if they split up and worked individually, that means 363 ATMs per person in 10 hours, which is around 36 ATMs per person per hour. Each of those 8 people would have to average under 2 minutes per ATM over the course of 10 full hours without interruption. Even if you had a really well-planned route, that seems like an impossible pace.
There are 0x40000000 types of people: those who understand 32-bit IEEE 754 floating point, and those who don't.
This is a direct hit to the bank's shareholders, or to their insurance.
The World Wide Web is dying. Soon, we shall have only the Internet.
http://www.justice.gov/usao/nye/pr/2013/2013may09.html
Over the course of approximately 10 hours, casher cells in 24 countries executed approximately 36,000 transactions worldwide and withdrew about $40 million from ATMs. From 3 p.m. on February 19 through 1:26 a.m. on February 20, the defendants and their co-conspirators withdrew approximately $2.4 million in nearly 3,000 ATM withdrawals in the New York City area.
2904 withdrawals, not ATMs. About 10 hours, not EXACTLY 10 hours.
Also, it's 8 persons with 12 accounts per person. All they needed to cover was about 30 ATMs.
Which comes out to about 20 minutes per ATM, meaning that each TEAM (i.e. at least one to withdraw the money, one to drive the car and keep lookout) had about 8 minutes to get from one ATM to the next.
Good critical thinking on your part though. Just too much noise in the signal.
Mit der Dummheit kämpfen Götter selbst vergebens
Mostly true. It does change the calculus some. The risk of future events like this/mitigating those risk increase the cost of issuing the cards. Therefore, they may be willing to increase prices (slightly) and issue fewer cards (slightly) to re-maximize profits.
But yeah, this particular event is a one-time cost, so not going to change their pricing structure/desire for profit.
Although there's 3 other veins where the effect may be felt.
Your ad here. Ask me how!
They don't generally say "Oh, we're making enough money"
Enter the concept of a credit union, stage left :)
A successful API design takes a mixture of software design and pedagogy.