A worldwide gang of criminals stole $45 million in a matter of hours by hacking their way into a database of prepaid debit cards and then draining cash machines around the globe, federal prosecutors said—and outmoded U.S. card technology may be partly to blame.
Seven people were under arrest Thursday in the U.S. in connection with the case, which prosecutors said involved thousands of thefts from ATMs using bogus magnetic swipe cards carrying information from Middle Eastern banks. The fraudsters moved with astounding speed to loot financial institutions around the world, working in cells including one in New York, Brooklyn U.S. Attorney Loretta Lynch said.
She called it “a massive 21st-century bank heist” carried out by brazen thieves.
One of the suspects was caught on surveillance cameras, his backpack increasingly loaded down with cash, authorities said. Others took photos of themselves with giant wads of bills as they made their way up and down Manhattan.
Here’s how it worked:
Hackers got into bank databases, eliminated withdrawal limits on pre-paid debit cards and created access codes. Others loaded that data onto any plastic card with a magnetic stripe—an old hotel key card or an expired credit card worked fine as long as it carried the account data and correct access codes.
A network of operatives then fanned out to rapidly withdraw money in multiple cities, authorities said. The cells would take a cut of the money, then launder it through expensive purchases or ship it wholesale to the global ringleaders. Lynch didn’t say where they were located.
It appears no individuals lost money. The thieves plundered funds held by the banks that back up prepaid credit cards, not individual or business accounts, Lynch said.
She called it a “virtual criminal flash mob,” and a security analyst said it was the biggest ATM fraud case she had heard of.
Read more at Phys.org