$45 Million Stolen from Banks Worldwide Shows How Easy It is in a Cashless Society*
By Luis Miranda
In one of the biggest bank robberies in history, a global network of hackers seems to have stolen 45 million dollars (34 million euros) in two banks from the Middle East after they violated the security of a business’ credit card processing and withdrawal of money at ATMs in 27 countries, prosecutors said Thursday in the United States.
The Department of Justice charged eight men who allegedly formed a cell of the organization based in New York, and said that seven of them had been arrested. The eighth, supposedly the leader of the cell, was killed in Dominican Republic on April 27.
It is believed that the leaders of the network are outside the United States, but prosecutors declined to elaborate, citing the ongoing investigation. What is clear is the wide range and speed of the crimes: in one of the attacks, in only 10 hours, $ 40 million were withdrawn from ATMs in 24 countries in 36,000 transactions.
“Instead of guns and masks, this organization used computers and Internet cybercrime,” said Loretta Lunch, the Attorney for the Eastern District of New York, in a press conference. “Moving as fast as the data on the Internet, the organization made its way from the computer systems of corporations to the streets of New York,” she added.
The case demonstrates the great threat that cybercrime poses worldwide. It also shows how criminal gangs have become increasingly international and sophisticated, especially those who use the Internet.
Prosecutors highlighted the “surgeon precision” used by the hackers and the global nature of its organization, coordination and speed with which the operations were executed in 27 countries. According to the people in charge of the case, the band broke the computers security of two companies that process credit cards, one in India in December 2012 and another in the United States in February.
The companies were not identified. Hackers increased the balance available and the cash withdrawal limit on prepaid Mastercard credit cards issued by Bank of Muscat in Oman and National Bank of Ras Al Khaimah PSC (RAKBANK) UAE.
The hackers then distributed counterfeit credit cards to people in charge of taking cash worldwide, allowing them to take millions of dollars from ATMs in a few hours. In New York, for example, members of the cell were distributed around town in the afternoon of February 19, armed with cards that have a unique account number from Bank of Muscat.
Ten hours later, 2,904 had completed money orders for $ 2.4 million, the final transaction occurred at about 1:26 am prosecutors said. The teams that withdrew money in other countries were busy doing the same, taking about 40 million from the Bank of Muscat, in addition to the $ 5 million that they stole from RAKBANK in December.
In total, 40,500 withdrawals were conducted in 27 countries during the two incidents. Prosecutors said the method of attack is called “unlimited operations” in the digital underworld. It was not possible to contact representatives of the two banks for comment outside regular business hours.
In a statement, MasterCard said it had cooperated with law enforcement agencies during the investigation and stressed that their systems were not involved or engaged in the attacks. In February, Bank Muscat revealed it would receive a fee of up to $ 39 million because it had been defrauded overseas with 12 prepaid debit cards used for travel.
An investigation is ongoing to determine if there are other cells operating in the country, said Lynch, adding that law enforcement agencies in the United States have worked with their counterparts in Japan, Canada, Germany, Romania, United Arab Emirates, Dominican Republic, Mexico, Italy, Spain, Belgium, France, United Kingdom, Latvia, Estonia, Thailand and Malaysia to learn more about the network that carried out the withdrawals. According to authorities, there were no personal bank accounts involved in the heist.