$9 Million ATM Hacking Ring Indicted 86
Trailrunner7 writes "US and international prosecutors have indicted a criminal ring that they allege was responsible for an ATM scam last November that stole about $9 million from RBS WorldPay. The criminals cracked payroll debit cards and withdrew money from ATMs in hundreds of cities around the world. A federal grand jury in Atlanta has indicted eight men in connection with the scheme, including five Estonians, one Russian, one Moldovan, and one unidentified man. Prosecutors allege that the men 'used sophisticated hacking techniques' to defeat the company's encryption system. The scam involved an elaborate plan in which the attackers first bypassed the encryption on the debit cards, which RBS WorldPay issues to customers for employee payroll purposes. They then raised the limits on the accounts attached to the cards, then provided a network of 'cashers' with 44 counterfeit payroll debit cards, which were used to withdraw more than $9 million from more than 2,100 ATMs in at least 280 cities worldwide, including cities in the United States, Russia, Ukraine, Estonia, Italy, Japan and Canada. The $9 million loss occurred within a span of less than 12 hours; 130 different ATMs in 49 cities were hit within one 30-minute period."
Re:??? What? (Score:5, Interesting)
Well, its a wide, wide world my friend. The things you don't know about could fill a library of congress or two.
But on topic, these cards have many uses. Telemarketers used to give time limited payroll debit cards out for performance bonuses. In some parts of the world, they are given out instead of checks. With the idea being that you don't have to go to an open bank to get it cashed. Plus in many areas outside the US, checks are dead. No one uses or accepts them. obviously these aren't the kind of people that are planning for a future retirement in the hamptons.
"Caught" them. (Score:1, Interesting)
Well, this is how I see it.
First of all, alleged is an understatement. How they would link bogus accounts, addresses and phone numbers to these 9 people I think would be very hard to do. (i.e. impossible.)
Secondly, really? The most advanced criminal ring in the world? If so, how did they get caught if they are that good? I would be more inclined to believe that they are amateurs.
Why would I think that?
1) Well, first of all, the government cannot look like a putz in public, which is strictly an image problem. So best to dress up the criminals to be world class.
2) #1 reenforces number two, which is, they have NO CHOICE but to capture SOMEONE. The public cannot know that the electronic banking system is so easy to steal money, without direct authorization of course from Congress or the Federal Reserve. (Who by the way, make laws that are illegal (Constitutionally), so they can steal your money legally.)
Loss of confidence in the electronic banking system simply cannot be permitted.
3) Finally as in all fascist states where business and government are basically the same, crimes of this fashion are not considered illegal, they are considered a threat to power.
So keep in mind if you do steal money from the crooks themselves, be aware they may imprison someone who is innocent just because they can't catch you.
Which means you might want to pick a different target.
FYI.
-Hackus
Re:??? What? (Score:5, Interesting)
Lots of companies that have a highly fluid employee population use these payroll debit cards.
My son works for a company owned 7-11 that pays him this way. Each card has an account dedicated to it. Not sure what the benefit from the company perspective is. Probably some kickback on the percentage the card issuing company collects on purchase and maybe ATM fees.
These cards are also probably a handy to pay illegal aliens who can't get bank accounts (just speculating).
Horrible Article (Score:5, Interesting)
Re:Proper monitoring (Score:3, Interesting)
There is such a thing as too much monitoring. If the cost of the monitoring system is more than the amount stolen it's not worth it. In this case a simple system could probably cost less than $9 million and prevented this. A company must have intuition to preempt the costs of theft. Many businesses, especially retail, actually expect theft and factor this into their costs.
If you're running a casino you must invest lots in security because the cost of losing a lot of money is very real and worth the investment.
A small mom and pop store might have a digital recording camera, just in case someone gets mugged, but who has the time to watch all that tape.
Stealing is stealing and the cost effects everyone.
Re:??? What? (Score:5, Interesting)
These cards are also probably a handy to pay illegal aliens who can't get bank accounts (just speculating).
I used to write software for one of these companies. They practically marketed it that way.
Re:Horrible Article (Score:3, Interesting)
"...if they are smart they had a contingency plan, hide a million or two in a hole in the ground, and will only serve a handful of years in jail..."
Let's assume high and say $2MN dollars is successfully hidden. Let's say they get 5 years in jail. There were 8 of them. 2MN/8 = $250,000. $250,000/5 = $50,000.
Good job, guys! You went to jail for 5 years for $50,000 per year, which is what a mid-level IT tech makes. You also guaranteed yourselves a lifetime of being watched by government agencies the world over.
Now, I don't know how many people were just foot soldiers and how many were involved in the technical side of the hack, but say instead of ripping off a bank, you used your what seems to be considerable insight into security flaws to start a security firm and make a lot more money, legitimately. Just not as exciting, I suppose. Good grief, just informing RBS about this hack would have netted you a fat, LEGAL payday. Or, you could have contacted their current security firm, told THEM about the hack, they pay you quietly under the table, then get to look like heroes when they show RBS what they found. There were a lot of ways to use this to your advantage.
I work with a lot of former eastern bloc nationals, and it never ceases to amaze me how much 'ripping off the system' is ingrained into their mentalities. Some of the world's best programming talent comes from that region, and the majority seem inclined to use it for nefarious purposes.
We had to fire what was probably the best technician our company ever had, a Bulgarian, because instead of using his abilities to improve our company's network, he used it to to hack the company firewall and phone switch, and sell Internet access and long distance to people. He probably made a few thousand dollars, but lost a job that paid $72,000, which is a fortune in Bulgaria.
It's less about nationality (Score:2, Interesting)
I spent 3 years going after someone who defrauded my company for quite some money, and frankly, I wish it was in a different country. The guy was quite bright financially, but instead of using it for honest gain he really HAD to do something shady even if more profitable, honest options were available. This is why we eventually took the lid of the finances he managed and found a large hole where our revenue was supposed to be - hidden by falsified statements.
He was a national, but he played the woefully inadequately trained UK judges for all it was worth. We had all sorts of bizarre lawsuits he started just to keep us too busy to go after him, one even involved his alleging we had his laptop, which he managed to win by wailing at the judge for 3 hours (the judge said that "there must be something to it is he jammered that long" which gives you an idea of how resistant these people are to conmen). He produced some receipts into evidence which were CANCELLED purchases (and of the wrong date) - it was like reading a book and thinking "boy, that could never happen in real life".
Eventually we managed to trip him on one of those lawsuits so he ended up having to pay (which is something he appears not to do on principle) so we managed to bankrupt him and start a global search for his assets. We'll never get our money back, but he'll never get me off his back either, he's become my little pet project - as is the bank that handed him our money after the lawyers had warned him he was no longer on the mandate or an authorised company representative. He had a guy in the bank who waited until he fraudulently changed company records and then quickly closed the account, handing him the money. Thank you, big global bank starting with "H" - you know who you are and I'm about to come after you big time.
I'm a nice guy. You have to go very, very far to piss me off. However, there is a point of no return and then you'll learn a wholly different side to me, on the principle that you had plenty of chance to stop.
Why did I wish it happened in a different country? Well, the police isn't interested to go after fraud, the company registry isn't interested to correct anything unless the police is involved (nice bit of practical recursion here), the judges can be waylaid by the most pathetic arguments known to man because they don't know what the real world looks like and you can't then shoot the f*cker as last resource to functional justice because they've taken the guns away. And if by some unimaginable event you DO manage to get a conviction.. .. you'll discover the jails are full, and he'll walk anyway.
I'd say that in the list of thoroughly f*cked up countries the US certainly doesn't come at the top. The UK is far higher up..