Hackers and flash mobs in $45m heist
This has movie written all over it – an audacious bank heist committed in broad daylight, using the equivalent of flash mobs to wander New York City and other cities, using counterfeit ATM cards to withdraw cash, which they stuffed into backpacks. Don’t laugh: They almost got away with $45 million. According to The New York Times, which has a nice rundown, it was “one of the largest heists in New York City history, rivaling the 1978 Lufthansa robbery, which inspired the movie ‘Goodfellas.’”
The plot was ingeniously simple. Hackers targeted an Indian credit-card processing firm that handles Mastercard and Visa prepaid cards. For computer intrusions, this is standard operating procedure – it’s why you receive so many phishes in your email box. All it takes is one person to click on a link to a malevolent site or open a corrupted attachment and a hacker can covertly access your company’s network. Once inside, if he has the skills, he can leverage his access to gain control as if he were the system administrator. In this case, the hackers removed the credit limits on cards issued by the National Bank of Ras Al-Khaimah (or RakBank), which is based in United Arab Emirates.
The thieves took the card numbers and created fake ATM cards, then distributed them to gangs in New York, Japan, and two-dozen other countries the Times reported. In a span of 10 hours, crews performed 36,000 transactions, withdrawing $40 million. In New York City alone, a gang of eight made off with $2.4 million while the crew in Japan siphoned off $10 million. Much of the loot was laundered through purchases of bling like Rolex watches and automobiles.
There was also a murder committed in the Dominican Republic connected to the case and prosecutors have charged 7 men, all Americans from Yonkers. The hackers have not been identified.
This case has a number of notable components. The combination of black-hat hacking coordinated with the use of physical gangs using counterfeit plastic ATM Mastercard and Visa cards to siphon money from ATMs is an interesting combination of digital and analog criminal activity. As any security expert will tell you, your company is only as secure as the weakest link.
Surveillance cameras may have contributed to the crooks’ undoing. According to the Times: “The first to be caught was a street crew operating in New York, their pictures captured as, prosecutors said, they traveled the city withdrawing money and stuffing backpacks with cash.”
Anyway, read the coverage in The New York Times and in New York Daily News, which provided a handy map of the ATM locations and a photo of two of the alleged thieves. Unless you want to wait for the movie.