The sophistication of a global network of thieves who drained cash machines around the globe of an astonishing $45 million in mere hours sent ripples through the security world, not merely for the size of the operation and ease with which it was carried out, but also for the threat that more such thefts may be in store.
Seven people were arrested in the U.S., accused of operating the New York cell of what prosecutors said was a network that carried out thefts at ATMs in 27 countries from Canada to Russia. Law enforcement agencies from more than a dozen nations were involved in the investigation, U.S. prosecutors in New York said Thursday.
"Unfortunately these types of cybercrimes involving ATMs, where you've got a flash mob going out across the globe, are becoming more and more common," said Rose Romero, a former federal prosecutor and regional director for the U.S. Securities and Exchange Commission.
Hackers got into bank databases, eliminated withdrawal limits on pre-paid debit cards and created access codes. Others loaded that data onto any plastic card with a magnetic stripe -- an old hotel key card or an expired credit card worked fine as long as it carried the account data and personalized bobbleheads
A network of operatives then fanned out to rapidly withdraw money in multiple cities, authorities said. The cells would take a cut of the money, then launder it through expensive purchases or ship it wholesale to the global ringleaders. Lynch didn't say where they were located.
It appears no individuals lost money. The thieves plundered funds held by the banks that back up prepaid credit cards, not individual or business accounts, Lynch said.
Ori Eisen, a cybercrime expert and founder of 41st Parameter, a fraud detection and prevention firm, said the $45 million heist was on the "high-end" of what can be done by cybercriminals who exploit banking systems connected to the Internet.
"Given the scale of the global credit card networks, it is almost impossible to detect every kind of attack," he said. "This attack is not the last one, and if the modus operandi proves to be successful crooks will exploit it time and again.”
There were two separate attacks in this case, one in December that reaped $5 million worldwide and one in February that snared about $40 million in 10 hours with about 36,000 transactions. The scheme involved attacks on two banks, Rakbank in the United Arab Emirates and the Bank of Muscat in Oman, prosecutors said.
The New York suspects were U.S. citizens originally from the Dominican Republic who lived in the New York City suburb of Yonkers. They were mostly in their 20s. Lynch said they all knew one another and were recruited together, as were cells in other countries. They were charged with conspiracy and money laundering. If convicted, they each face 10 years in prison.
The accused ringleader in the U.S. cell, Alberto Yusi Lajud-Pena, was reportedly killed in the Dominican Republic late last month, prosecutors said. More investigations continue and other arrests have been made in other countries, but prosecutors did not have details.
An indictment unsealed Thursday accused Lajud-Pena and the other seven New York suspects of withdrawing $2.8 million in cash from hacked accounts in less than a day.
Lajud-Pena was found dead with a suitcase full of about $100,000 in cash, and the investigation into his death is continuing separately. Dominican officials said they arrested a man in the killing who said it was a botched robbery, and two other suspects were on the lam.
The first federal study of ATM fraud was 30 years ago, when the use of computers in the financial community was growing rapidly. At the time, the Bureau of Justice Statistics found nationwide ATM bank loss from fraud ranged from $70 and $100 million a year.
By 2008, that had risen to about $1 billion a year, said Ken Pickering, who works in security intelligence at CORE Security, a white-hat hacking firm that offers security to businesses.
So how does he rack up all these points? For one thing, by choosing plastic over paper. Kelly suggests getting a credit card that earns rewards you will use, and using that card whenever you make a purchase. When shopping online, use a shopping portal to earn rewards even faster. Most major airlines offer them, as do many credit cards.
"There's also cash back shopping portals, so even if you don't want airline mileage, you can be getting cash back for every online purchase," Kelly says.
Of course, this method only works if you use it responsibly. You need to pay the balance in full every month, or else you could end up paying more in interest than you are saving on the make your own bobblehead
"A lot of these travel reward cards have hefty annual fees. The APRs are higher than most standard cards, so if you're running balances, if you're letting miles expire, you can absolutely get eaten alive," Kelly says. "On the flip side, if you're spending a lot of money and just using cash, you're missing out on tons and tons of points in value. So, it's really all about, are you winning as a consumer? And you can absolutely win."
- 2013/05/15(水) 16:32:13|
- Cleaning sydney