Slashdot Mirror

← Back to Stories (view on slashdot.org)

ATMs Compromised, $45M Taken

Posted by Soulskill on from the designed-for-redundancy-not-security dept.

An anonymous reader sends this news from the Associated Press: "A worldwide gang of criminals stole a total of $45 million in a matter of hours by hacking their way into a database of prepaid debit cards and then draining cash machines around the globe, federal prosecutors said Thursday. ... Here’s how it worked: Hackers got into bank databases, eliminated withdrawal limits on prepaid-debit cards and created access codes. Others loaded that data onto any plastic card with a magnetic stripe — an old hotel key card or an expired credit card worked fine as long as it carried the account data and correct access codes."

24 of 196 comments (clear)

  1. I wonder how much was skimmed by the bag men by gatkinso · · Score: 4, Insightful

    I mean, can you really trust that some guy half way around the world is going to turn over the cash he just stole for you?

    --
    I am very small, utmostly microscopic.
    1. Re:I wonder how much was skimmed by the bag men by Joce640k · · Score: 4, Funny

      Hey, if some guy around the world stole for me and skimmed a little off the top, would I care too much if I received $30,000,000 instead of the $35,000,000 I was thinking I would receive?

      Don't give up your day job and go into drug dealing, it won't work out for you.

      --
      No sig today...
    2. Re:I wonder how much was skimmed by the bag men by Anonymous Coward · · Score: 5, Informative

      They did "discuss"

        Mr. Lajud-Peña fled the United States just as the authorities were starting to make arrests of members of his crew, the law enforcement official said.

      On April 27, according to news reports from the Dominican Republic, two hooded gunmen stormed a house where he was playing dominoes and began shooting. A manila envelope containing about $100,000 in cash remained untouched.

    3. Re:I wonder how much was skimmed by the bag men by slashdyke · · Score: 4, Funny

      Not to worry. I was not planning to.

    4. Re:I wonder how much was skimmed by the bag men by Anonymous Coward · · Score: 5, Insightful

      They had the bank's database, its possible that they could tell pretty easily exactly how much they had withdrawn.

  2. Afterwards.... by TheCRAIGGERS · · Score: 4, Funny

    And then they all hoped into their Mini Coopers and drove off into the sunset, leaving a stream of bills fluttering in the wind.

  3. Petty thieves by 140Mandak262Jamuna · · Score: 5, Insightful

    This is not how bank fraud should be done. The right and proper way is to become too big to fail, to big to jail, rig the LIBOR rates, create systematic rigging, award oneself huge salaries and bonuses, threaten worldwide economic collapse, hold governments to ransom and get huge bail out money. The master criminals running the banks are dismayed by petty criminals stealing from them.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
    1. Re:Petty thieves by dkleinsc · · Score: 5, Interesting

      You left out foreclosing on homes without the legal right to do so, laundering drug money, trading with Iran and other enemies of the country you're based on, and of course occasionally paying off regulators to help get away with it all. But then again, banks committing serious crimes is nothing new. As Major General Smedley Butler argued:

      I spent 33 years and four months in active military service and during that period I spent most of my time as a high class muscle man for Big Business, for Wall Street and the bankers. In short, I was a racketeer, a gangster for capitalism. I helped make Mexico and especially Tampico safe for American oil interests in 1914. I helped make Haiti and Cuba a decent place for the National City Bank boys to collect revenues in. I helped in the raping of half a dozen Central American republics for the benefit of Wall Street. I helped purify Nicaragua for the International Banking House of Brown Brothers in 1902-1912. I brought light to the Dominican Republic for the American sugar interests in 1916. I helped make Honduras right for the American fruit companies in 1903. In China in 1927 I helped see to it that Standard Oil went on its way unmolested. Looking back on it, I might have given Al Capone a few hints. The best he could do was to operate his racket in three districts. I operated on three continents.

      --
      I am officially gone from /. Long live http://www.soylentnews.com/
    2. Re:Petty thieves by dkleinsc · · Score: 5, Insightful

      On several documented occasions, they've foreclosed on people who had no mortgage whatsoever. They've foreclosed on people that lived next door to people they were intending to foreclose on due to typos. They've foreclosed on people who have paid their mortgage on time but the paperwork got mixed up by a servicer.

      The victims aren't just victims of their own stupidity.

      --
      I am officially gone from /. Long live http://www.soylentnews.com/
  4. Re:Why wouldn't they work? by Anonymous Coward · · Score: 5, Informative

    Why wouldn't an Old Hotel card with a mag stripe work if it had the info the reader was expecting? I mean it's interesting that it worked, but why is that of note?

    Because a lot of people don't understand that a mag strip is a mag strip, regardless of what piece of plastic it's connected to. There's an opportunity here to talk about how some types of chipped cards can prevent this type of easy duplication, but they missed it.

  5. Re:honeypasswords? by Qzukk · · Score: 4, Interesting

    Since the cards were used to steal directly from the bank and they've got no place to chargeback to like they usually do to cover their losses due to their insecurity, I wonder if we'll finally see a sudden outbreak of security from the banks.

    --
    If I have been able to see further than others, it is because I bought a pair of binoculars.
  6. Not ATMs, the debit card system by RichMan · · Score: 5, Insightful

    ATMs themselves were not compromised. The authentication system for debit cards was. Sure the money came from ATMs but the authentication that came from it was the backend systems.

    It was the backend banking system that was compromised, not ATMs. The ATMs worked perfectly and gave out cash only to authorized cards. There was no problem with the ATMs.

    1. Re:Not ATMs, the debit card system by Anonymous Coward · · Score: 5, Funny

      So to clarify, the ATM's had the problem?

    2. Re:Not ATMs, the debit card system by Anonymous Coward · · Score: 5, Interesting

      As someone who writes banking software, Yes. The ATMs trusted the withdrawal limits in the response from the authorization system. When the authorization system returned a response stating it was OK for the user of this account to withdraw $10K in cash, the ATM should have flagged that amount as suspicious and refused to complete the transaction.

  7. idiots already have been arrested by alen · · Score: 5, Interesting

    one of them was found dead on April 27 in the Dominican Repblic
    eight have already been arrested

    turns out the geniuses went shopping for rolexes and luxury cars with the cash
    cash has serial numbers. everything is video taped. it was only a matter of time before the cops tracked them down

  8. the important part of the story was the last parag by etash · · Score: 5, Interesting

    the leader of the gang flew out of the US, and masked gunmen shot him down in the dominican republic. he had 100.000 usd with him and they were untouched. I wouldn't say that the hacked financial institutions didn't get their revenge.

  9. Re:Why wouldn't they work? by Frankie70 · · Score: 4, Funny

    I mean it's interesting that it worked, but why is that of note?

    If it's not of note, then why is it interesting?

  10. Re:honeypasswords? by Pinky's+Brain · · Score: 4, Interesting

    They already have huge losses from skimming to make them care about security, it was probably an inside job ... they usually are.

  11. Re:honeypasswords? by bws111 · · Score: 4, Insightful

    It comes down to which costs more: fixing the security problems, or losses due to security problems. My guess is that fixing the security problems would cost far more, so don't think anything is going to change.

  12. Re:Why wouldn't they work? by Anonymous Coward · · Score: 5, Funny

    Welcome to Slashdot: Where everything's made up, and the mod points don't matter.

  13. Re:Who pays? by alexander_686 · · Score: 4, Insightful

    What I think AC is trying to say is that yes, the banks are on the hook for the funds. Having lost the money the banks will try to make up for it by raising fees and interest, so it all tricks back down to the consumer.

  14. Easy to hack into international banks by ZiggyM · · Score: 5, Interesting

    two years ago I posted here how while waiting on a bank in Peru I played with a terminal that was there to show the bank website. In 5 minutes I was able to get into their WAN just by clicking arround. I could see all the networks inside, and inside that I could see the individual machines which has excel files and such. I inmediatelly reported it to the manager. In the US that could have gotten me arrested. I took a pic as a souvenir, which I still have. A month later I was there again and noticed that they had simply disabled right-click on the browser (it was one of the steps that I reported). After 10 min I was able to get into the network again. Told again the manager. Two years later (last week) I noticed that they still hadnt fixed it. Didnt say anything this time, but left the network screen open.

  15. Doesn't add up by mypalmike · · Score: 4, Insightful

    "In New York alone, eight people hit 2,904 ATMs in 10 hours, withdrawing $2.4 million."

    OK, if they split up and worked individually, that means 363 ATMs per person in 10 hours, which is around 36 ATMs per person per hour. Each of those 8 people would have to average under 2 minutes per ATM over the course of 10 full hours without interruption. Even if you had a really well-planned route, that seems like an impossible pace.

    --
    There are 0x40000000 types of people: those who understand 32-bit IEEE 754 floating point, and those who don't.
  16. That was summarized by an idiot. by denzacar · · Score: 4, Informative

    http://www.justice.gov/usao/nye/pr/2013/2013may09.html

    Over the course of approximately 10 hours, casher cells in 24 countries executed approximately 36,000 transactions worldwide and withdrew about $40 million from ATMs. From 3 p.m. on February 19 through 1:26 a.m. on February 20, the defendants and their co-conspirators withdrew approximately $2.4 million in nearly 3,000 ATM withdrawals in the New York City area.

    2904 withdrawals, not ATMs. About 10 hours, not EXACTLY 10 hours.
    Also, it's 8 persons with 12 accounts per person. All they needed to cover was about 30 ATMs.
    Which comes out to about 20 minutes per ATM, meaning that each TEAM (i.e. at least one to withdraw the money, one to drive the car and keep lookout) had about 8 minutes to get from one ATM to the next.

    Good critical thinking on your part though. Just too much noise in the signal.

    --
    Mit der Dummheit kämpfen Götter selbst vergebens