Slashdot Mirror

← Back to Stories (view on slashdot.org)

ATMs Compromised, $45M Taken

Posted by Soulskill on from the designed-for-redundancy-not-security dept.

An anonymous reader sends this news from the Associated Press: "A worldwide gang of criminals stole a total of $45 million in a matter of hours by hacking their way into a database of prepaid debit cards and then draining cash machines around the globe, federal prosecutors said Thursday. ... Here’s how it worked: Hackers got into bank databases, eliminated withdrawal limits on prepaid-debit cards and created access codes. Others loaded that data onto any plastic card with a magnetic stripe — an old hotel key card or an expired credit card worked fine as long as it carried the account data and correct access codes."

13 of 196 comments (clear)

  1. Re:I wonder how much was skimmed by the bag men by Anonymous Coward · · Score: 5, Informative

    They did "discuss"

      Mr. Lajud-Peña fled the United States just as the authorities were starting to make arrests of members of his crew, the law enforcement official said.

    On April 27, according to news reports from the Dominican Republic, two hooded gunmen stormed a house where he was playing dominoes and began shooting. A manila envelope containing about $100,000 in cash remained untouched.

  2. Re:I wonder how much was skimmed by the bag men by Anonymous Coward · · Score: 5, Insightful

    They had the bank's database, its possible that they could tell pretty easily exactly how much they had withdrawn.

  3. Petty thieves by 140Mandak262Jamuna · · Score: 5, Insightful

    This is not how bank fraud should be done. The right and proper way is to become too big to fail, to big to jail, rig the LIBOR rates, create systematic rigging, award oneself huge salaries and bonuses, threaten worldwide economic collapse, hold governments to ransom and get huge bail out money. The master criminals running the banks are dismayed by petty criminals stealing from them.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
    1. Re:Petty thieves by dkleinsc · · Score: 5, Interesting

      You left out foreclosing on homes without the legal right to do so, laundering drug money, trading with Iran and other enemies of the country you're based on, and of course occasionally paying off regulators to help get away with it all. But then again, banks committing serious crimes is nothing new. As Major General Smedley Butler argued:

      I spent 33 years and four months in active military service and during that period I spent most of my time as a high class muscle man for Big Business, for Wall Street and the bankers. In short, I was a racketeer, a gangster for capitalism. I helped make Mexico and especially Tampico safe for American oil interests in 1914. I helped make Haiti and Cuba a decent place for the National City Bank boys to collect revenues in. I helped in the raping of half a dozen Central American republics for the benefit of Wall Street. I helped purify Nicaragua for the International Banking House of Brown Brothers in 1902-1912. I brought light to the Dominican Republic for the American sugar interests in 1916. I helped make Honduras right for the American fruit companies in 1903. In China in 1927 I helped see to it that Standard Oil went on its way unmolested. Looking back on it, I might have given Al Capone a few hints. The best he could do was to operate his racket in three districts. I operated on three continents.

      --
      I am officially gone from /. Long live http://www.soylentnews.com/
    2. Re:Petty thieves by dkleinsc · · Score: 5, Insightful

      On several documented occasions, they've foreclosed on people who had no mortgage whatsoever. They've foreclosed on people that lived next door to people they were intending to foreclose on due to typos. They've foreclosed on people who have paid their mortgage on time but the paperwork got mixed up by a servicer.

      The victims aren't just victims of their own stupidity.

      --
      I am officially gone from /. Long live http://www.soylentnews.com/
  4. Re:Why wouldn't they work? by Anonymous Coward · · Score: 5, Informative

    Why wouldn't an Old Hotel card with a mag stripe work if it had the info the reader was expecting? I mean it's interesting that it worked, but why is that of note?

    Because a lot of people don't understand that a mag strip is a mag strip, regardless of what piece of plastic it's connected to. There's an opportunity here to talk about how some types of chipped cards can prevent this type of easy duplication, but they missed it.

  5. Not ATMs, the debit card system by RichMan · · Score: 5, Insightful

    ATMs themselves were not compromised. The authentication system for debit cards was. Sure the money came from ATMs but the authentication that came from it was the backend systems.

    It was the backend banking system that was compromised, not ATMs. The ATMs worked perfectly and gave out cash only to authorized cards. There was no problem with the ATMs.

    1. Re:Not ATMs, the debit card system by Anonymous Coward · · Score: 5, Funny

      So to clarify, the ATM's had the problem?

    2. Re:Not ATMs, the debit card system by Anonymous Coward · · Score: 5, Interesting

      As someone who writes banking software, Yes. The ATMs trusted the withdrawal limits in the response from the authorization system. When the authorization system returned a response stating it was OK for the user of this account to withdraw $10K in cash, the ATM should have flagged that amount as suspicious and refused to complete the transaction.

  6. idiots already have been arrested by alen · · Score: 5, Interesting

    one of them was found dead on April 27 in the Dominican Repblic
    eight have already been arrested

    turns out the geniuses went shopping for rolexes and luxury cars with the cash
    cash has serial numbers. everything is video taped. it was only a matter of time before the cops tracked them down

  7. the important part of the story was the last parag by etash · · Score: 5, Interesting

    the leader of the gang flew out of the US, and masked gunmen shot him down in the dominican republic. he had 100.000 usd with him and they were untouched. I wouldn't say that the hacked financial institutions didn't get their revenge.

  8. Re:Why wouldn't they work? by Anonymous Coward · · Score: 5, Funny

    Welcome to Slashdot: Where everything's made up, and the mod points don't matter.

  9. Easy to hack into international banks by ZiggyM · · Score: 5, Interesting

    two years ago I posted here how while waiting on a bank in Peru I played with a terminal that was there to show the bank website. In 5 minutes I was able to get into their WAN just by clicking arround. I could see all the networks inside, and inside that I could see the individual machines which has excel files and such. I inmediatelly reported it to the manager. In the US that could have gotten me arrested. I took a pic as a souvenir, which I still have. A month later I was there again and noticed that they had simply disabled right-click on the browser (it was one of the steps that I reported). After 10 min I was able to get into the network again. Told again the manager. Two years later (last week) I noticed that they still hadnt fixed it. Didnt say anything this time, but left the network screen open.