$9 Million ATM Hacking Ring Indicted 86
Trailrunner7 writes "US and international prosecutors have indicted a criminal ring that they allege was responsible for an ATM scam last November that stole about $9 million from RBS WorldPay. The criminals cracked payroll debit cards and withdrew money from ATMs in hundreds of cities around the world. A federal grand jury in Atlanta has indicted eight men in connection with the scheme, including five Estonians, one Russian, one Moldovan, and one unidentified man. Prosecutors allege that the men 'used sophisticated hacking techniques' to defeat the company's encryption system. The scam involved an elaborate plan in which the attackers first bypassed the encryption on the debit cards, which RBS WorldPay issues to customers for employee payroll purposes. They then raised the limits on the accounts attached to the cards, then provided a network of 'cashers' with 44 counterfeit payroll debit cards, which were used to withdraw more than $9 million from more than 2,100 ATMs in at least 280 cities worldwide, including cities in the United States, Russia, Ukraine, Estonia, Italy, Japan and Canada. The $9 million loss occurred within a span of less than 12 hours; 130 different ATMs in 49 cities were hit within one 30-minute period."
Proper monitoring (Score:4, Insightful)
Just earlier, we heard about a hole in Bing cash-back program and many people rightfully stated that not enough care is taken when developing and more importantly, designing secure systems.
This is one more case that proves them right. Bright hackers usually pick the easiest target. Due to the hit and run nature of the theft, I believe that proper real-time monitoring of the system could have prevented most of the attack. Maybe half an hour or less instead of 12 hours time span before it would have been stopped.
Re: (Score:3, Interesting)
There is such a thing as too much monitoring. If the cost of the monitoring system is more than the amount stolen it's not worth it. In this case a simple system could probably cost less than $9 million and prevented this. A company must have intuition to preempt the costs of theft. Many businesses, especially retail, actually expect theft and factor this into their costs.
If you're running a casino you must invest lots in security because the cost of losing a lot of money is very real and worth the investme
Re: (Score:2)
I don't know, if you want to monitor 1000's of ATM machines for certain patterns in order to catch something like this, you probably end up paying more than $9M on it. The software/hardware alone would probably cost $10M and maintenance, wages, service centers etc. only go up from there.
Re: (Score:1)
As someone who has worked in the Card Fraud industry, I can assure you that it is a requirement for every card processor to use real time monitoring software for the prevention of fraud. Visa/Mastercard/etc demand it if you want their logo on the card. The amount of money prevented from fraudulent activity over the past 10 years has dropped very, very significantly. $9 mill on this would be a drop in th
??? What? (Score:2)
You mean some company doesn't either do direct deposit, or cut you a check?
I don't think I'd like something not going to my checking account...do you have to pay bills and stuff out of this debit card account I'm guessing that the company owns?
Re:??? What? (Score:5, Interesting)
Well, its a wide, wide world my friend. The things you don't know about could fill a library of congress or two.
But on topic, these cards have many uses. Telemarketers used to give time limited payroll debit cards out for performance bonuses. In some parts of the world, they are given out instead of checks. With the idea being that you don't have to go to an open bank to get it cashed. Plus in many areas outside the US, checks are dead. No one uses or accepts them. obviously these aren't the kind of people that are planning for a future retirement in the hamptons.
Re: (Score:2)
Yes, they actually dont. If you really need to cash a check, you have to walk in with special customer support and they will send the check out of country and keep it until the money has cleared out and they've performed other checks, which usually takes 30-50 days. It also costs a lot extra and they dont usually even do this for amounts less than $200.
Checks are still only used in USA and yes they are quite insecure. Here everyones pay gets paid directly to their bank accounts.
Re: (Score:2)
I live in Finland and I'm 27 years old. Let me explain how weird checks are here.
Some time ago, I made a donation to WFMU (http://wfmu.org/ [wfmu.org]). Since I didn't have ready access to a credit card, sending a check was the only option. I went to my bank and asked if it's possible to do...they weren't sure. Later, I went to another office of the bank and asked again and they said yes, but they have to order it from the main office.
Several days later they phoned me and told me they had the check. I went to get it,
Re: (Score:2)
Here in the US, direct deposit where the check goes straight into your checking (bank) account costs money and many small businesses don't want to pay the fees involved.
Larger companies usually offer direct deposit, however.
Re: (Score:2)
Weird. My company went from offering direct deposit to requiring it a few years ago. Saved a fair bit of money, not having ADB (payroll company that supports a lot of business in the U.S.) have to print and send checks and pay statements out every other week.
Re: (Score:2)
D'oh! See what not getting a paper check does?
Though I do have some old Apple keyboards around.
Re: (Score:2)
Cheques are almost dead in Britain, and pretty much completely dead in the rest of Europe.
Re:??? What? (Score:5, Interesting)
Lots of companies that have a highly fluid employee population use these payroll debit cards.
My son works for a company owned 7-11 that pays him this way. Each card has an account dedicated to it. Not sure what the benefit from the company perspective is. Probably some kickback on the percentage the card issuing company collects on purchase and maybe ATM fees.
These cards are also probably a handy to pay illegal aliens who can't get bank accounts (just speculating).
Re:??? What? (Score:5, Interesting)
These cards are also probably a handy to pay illegal aliens who can't get bank accounts (just speculating).
I used to write software for one of these companies. They practically marketed it that way.
Re: (Score:2)
I also worked for one of the first (maybe the first?) companies to develop such a system and use it in the US - they'd already build a similar system overseas. I didn't work directly on that project to any real degree, but I was there in the early days and at that time migrant field workers were their ONLY users.
Not that the companies ever had any trouble paying the illegal aliens with checks. This system just meant less work distributing checks, no issuing replacements for lost checks, and lower fees for
Re: (Score:1)
I worked for a spin-off of a US company in another country, so I never met the founder. I do know the US company used a 3-letter acronym from a name indicating they may well have been the first.
There was also a 3rd-party software house involved who used a four-letter acronym.
Sounding familiar?
Re: (Score:2)
My son works for a company owned 7-11 that pays him this way. Each card has an account dedicated to it. Not sure what the benefit from the company perspective is. Probably some kickback on the percentage the card issuing company collects on purchase and maybe ATM fees.
The lovely "VCom" machines in most 7-11s, especially the company owned ones. 7-11 employees are allowed to use them for FREE, no fees. As of 2007, 7-11 would direct deposit into your bank account, you would get a paper copy of your check and/or check stub statement. With the VCom card, you could withdraw money, no limits, up to and including your entire paycheck if you wanted too. Those VCom machines are convenient if you do not have a supermarket near you. Most supermarkets (grocery stores) will allow
Re:??? What? (Score:5, Informative)
You mean some company doesn't either do direct deposit, or cut you a check?
Yes. Mark of a company that hates hates HATES its employees. After undergrad I was working at gamestop when they decided to go this route. For some reason, they were incapable of processing a direct deposit for me, so checks were fine. Then these cards came. They give your paycheck to a different company. Said company gives it to you. The fine print in the information pamphlet they handed out: one free transaction a month. After that, $2 fee for using the debit card for anything.
They undoubtedly made a killing from many high school kids on that one. And gamestop no longer had to print and distribute paychecks, saving the company untold hundreds of dollars a month. Since that was one of the least annoying things gamestop did to it's employees, morale probably wasn't a factor.
Re: (Score:2)
The fine print in the information pamphlet they handed out: one free transaction a month. After that, $2 fee for using the debit card for anything.
What a rip off, solution, in one transaction, move your entire paycheck from account to another bank account, thus avoiding the $2.00 fees for additional transactions related to the cards.
Of course they would then put in an artificially low maximum that would prevent you from transferring / withdrawing your account in one transaction.
Re: (Score:2)
What a rip off, solution, in one transaction, move your entire paycheck from account to another bank account, thus avoiding the $2.00 fees for additional transactions related to the cards.
Of course they would then put in an artificially low maximum that would prevent you from transferring / withdrawing your account in one transaction.
Transferring it with that one transaction is probably exactly what they and the company would point to if called out on it. I didn't read far enough to see if there was anything about a maximum, after reading the 2$ for every transaction afterwards I understood what type of scam it was and was on the phone with personnel. I'm assuming the overdraft charges were also a scam, likely measured in "fold" rather than "percent" and a balance inquiry to be sure you don't transfer more than your paycheck counts as
Oh no not again! (Score:1)
When will banks start upgrading their security?
Me think its the same syndicate as these guys. [theage.com.au]
Re: (Score:2)
---
Computer Security [feeddistiller.com] Feed @ Feed Distiller [feeddistiller.com]
Re: (Score:2)
I'm pretty sure it was a lot more than £10bn. Lloyds was bailed out to the tune of £160bn. RBS is about 2.5 times bigger than Lloyds and in a much worse financial state.
Re: (Score:1)
Re: (Score:2, Funny)
Mobster in restaurant: "We're Crime and Crime doesn't Pay."
Re: (Score:1)
Laptop with finger print or retina recognition (Score:2)
If you are worried that your laptop containing sensitive data might get stolen and thief would there by get the passwords stored in your firefox browser, then here is my suggestion.
Use the finger print or retina recognition so that the laptop operates only when it recognizes you. These are becoming standard these days with IBM T400 series having finger print recognition and Dell Inspiron 15 series having retina recognition.
If you are worried that there are so many passwords to maintain, then yes, I am wor
Re: (Score:3, Insightful)
Re: (Score:2)
The fingerprint scanner, I had on a T60 and never used. To me it's easier just to enter a password.
Re:Laptop with finger print or retina recognition (Score:5, Insightful)
Re: (Score:2)
Biometrics by itself is inadequate for complete security (if such a thing even exists), yes. But as a part of the holy trinity of security (something you have, something you know, something you are) it is still useful.
Re: (Score:2)
I don't know what world you live in, but biometric components are highly disposable.
Just last week we had a copy of an employees eye floating around. We quickly plugged that hole by confiscating the employee's left eye.
Every so often we get a real joker who thinks its funny to prove how he can bypass the thumb readers. Those guys stop smiling the moment we take that compromised thumb away.
Just another day in the security division of OCP.
Re: (Score:2)
LOL. Ya I love when people get all hot and bothered about this type of technology, thinking it is all high tech and infallible. My favorite example of this was people spoofing "facial recognition" biometric software and sensors..... with a printed picture held up for the camera. LOL!
Re: (Score:1, Informative)
You are on the wrong article, I believe you wanted to reply to this post:
http://ask.slashdot.org/story/09/11/10/2045258/Best-Tool-For-Remembering-Passwords [slashdot.org]
Re: (Score:2)
What happens when you need to change your password?
"Caught" them. (Score:1, Interesting)
Well, this is how I see it.
First of all, alleged is an understatement. How they would link bogus accounts, addresses and phone numbers to these 9 people I think would be very hard to do. (i.e. impossible.)
Secondly, really? The most advanced criminal ring in the world? If so, how did they get caught if they are that good? I would be more inclined to believe that they are amateurs.
Why would I think that?
1) Well, first of all, the government cannot look like a putz in public, which is strictly an image pr
Horrible Article (Score:5, Interesting)
Oops forgot link... (Score:2)
Re: (Score:3, Interesting)
"...if they are smart they had a contingency plan, hide a million or two in a hole in the ground, and will only serve a handful of years in jail..."
Let's assume high and say $2MN dollars is successfully hidden. Let's say they get 5 years in jail. There were 8 of them. 2MN/8 = $250,000. $250,000/5 = $50,000.
Good job, guys! You went to jail for 5 years for $50,000 per year, which is what a mid-level IT tech makes. You also guaranteed yourselves a lifetime of being watched by government agencies the world over.
Now, I don't know how many people were just foot soldiers and how many were involved in the technical side of the hack, but say instead of ri
It's less about nationality (Score:2, Interesting)
I spent 3 years going after someone who defrauded my company for quite some money, and frankly, I wish it was in a different country. The guy was quite bright financially, but instead of using it for honest gain he really HAD to do something shady even if more profitable, honest options were available. This is why we eventually took the lid of the finances he managed and found a large hole where our revenue was supposed to be - hidden by falsified statements.
He was a national, but he played the woefully
Did Glenn Beck steal 9 million dollars? (Score:5, Funny)
Is he the unidentified man? Why does Glen Beck not deny his involvement?
Re: (Score:1)
On the basis of this post, I propose a new IM-style abbreviation: COL (Chuckle Out Loud).
As in, I just COL'd (because I just did).
Good form, sir!
"used sophisticated hacking techniques" (Score:2, Funny)
Want some coke?
Um, okay..
hackerz (Score:3, Funny)
Hacker 3, a three year old child, was already suspected by the RIAA of copywrite infringement.
Re: (Score:2)
smarter criminals (Score:5, Insightful)
Bank Robber: thousands of dollars stolen, but they go to a maximum security prison
ATM fraud ring: millions of dollars stolen, but they go to a medium security prison
Ponzi scheme: billions of dollars stolen, but they go to a minimum security prison.
Bankers: trillions of dollars stolen, and they're given more by the government with a bonus on top
Re: (Score:1, Troll)
Plus you have the added fact that the prisons are generally outside of Russia/former Soviet Union -- and there is quite a bit of difference between going to prison in the former S.U. and more modern civilized countries. Financial criminals most probably view imprisonment in current environments as a paid vacation. Hardly a deterrent, perhaps even an incentive, to commit non-violent crimes.
Re: (Score:1)
When I saw this article, I imagined Dr. Evil holding his pinky finger up and saying "Nine meeeeellion dollars!". There's much more serious fraudulent activity going on.
Re: (Score:2)
You forgot...(most likely) has a criminal record, claimed to or had a gun and held it to someone's head threatening to kill them, very high probability they will make an attempt to escape or harm other people....
Hurt approximately zero people, threatened approximately zero people with harm, but organized others to help with their deeds
Re: (Score:2)
And yet you don't think the people in government who stole the money from us and gave it to the bankers should be in prison???
Depends what you mean by stealing. If you mean taxing is stealing, then you just don't get it. You can't steal what you already own. And the government owns the whole country, every single bit of it, by virtue of having the bigger guns. Taxing is nothing more than collecting rent.
If you are saying that some government employees went above their authority in giving money to the bankers, then you are correct. There are lots of people in the government who should be held accountable for willfully ignoring exis
Amazing (Score:1)
Sophisticated Hacking Techniques (Score:1)
used sophisticated hacking techniques
They just opened the machines. Shhh! But don't tell anyone.
Nice Try (Score:1)
T2 Judgement Day (Score:1)
easy money!
Bring a dufflebag (Score:4, Insightful)
Hong Kong busts? (Score:1)
Fractions! (Score:2)
Whats wrong with this picture (Score:2)
>The $9 million loss occurred within a span of less than 12 hours; 130 different ATMs in 49 cities were hit within one 30-minute period
This is where being a programmer, it makes sense that it is physically impossible to have that many cards to 1 account used in that many cities, so after the first 4 or 5 like this, you would think you stop the transactions from going on, unless the crime was committed on a realtime schedule where everybody was synched to do the withdrawals all at the exact time (almost t