How Cybercriminals Stole $40 Million From ATMs Worldwide In Just 10 Hours

cyber

REUTERS/U.S. Attorney’s Office

An image taken from the phone of a suspect shows Elvis Rafael Rodriguez (L) and Emir Yasser Yeje (R), two of the eight individuals charged with using data obtained by hacking into two credit card processors in a cybercrime scheme among other images.

Cybercriminals stole $40 million in about 36,000 transactions over a 10-hour period by effectively coordinating two common credit card schemes, Scott Neuman of NPR reports.

From NPR:

First, hackers gained access to bank computers and downloaded prepaid debit card data while erasing their withdrawal limits.

Second, they passed the data to numerous “cashers” who cloned the cards and got to work withdrawing millions of dollars from ATMs.

Chuck Somers, vice president of core systems and ATM security at Diebold, told NPR that neither of those things are unusual by themselves  — but the clockwork coordination of the hack, the cloning, and the “cash-out network” resulted in one of the biggest bank heists in history.

In February 2013 thieves in 27 countries made about 36,000 withdrawals over 10 hours to accrue $40 million — averaging a withdrawal of $1,111 every 10 seconds. A smaller heist occurred in December.

cyber

Reuters

Eight individuals in the New York cell siphoned “at least $2.8 million from more than 750 ATMs in 2.5 hours,” which ranks second-biggest bank robbery in the history of New York City.

Neuman notes: “If all eight were working together, they would have had to hit ‘at least’ one ATM every 96 seconds, averaging $2,333 per withdrawal.”

The experts said that inadequate cyber security — i.e. lack of employee oversight and stringent electronic monitoring — allowed hackers to penetrate the back-end systems at banks.

The second issue is the vulnerability of the magnetic stripe, which allows for criminals to attach devices to ATM card readers that record the information stored on the stripe.

Encrypted chip technology is more secure, experts said, but it could take a decade to implement in the U.S. (it’s already been widely adopted in Europe).

SEE ALSO: 
Hackers Steal $44.47 Million From ATMs Worldwide In A Matter Of Hours

Article source: SAI http://feedproxy.google.com/~r/typepad/alleyinsider/silicon_alley_insider/~3/5-tILp9sOjA/how-hackers-stole-44-million-from-atms-2013-5