Hackers Target ATMs Worldwide, Steal $45 Million In a Few Hours

Astounding. And no, there is not a decimal point missing. Forty Five million dollars. As people were being arrested, one of the ringleaders was found dead in Dominican Republic. One suspects the real power brokers at the top are covering their tracks as fast as possible.

A gang of cyber-criminals stole $45 million in a matter of hours by hacking their way into a database of prepaid debit cards and then fanning out around the globe to drain cash machines, federal prosecutors said Thursday.

Brooklyn U.S. Attorney Loretta Lynch called it “a massive 21st-century bank heist” and compared its size to the Lufthansa heist in the late 1970s immortalized in the film “Goodfellas.” Lynch said the fraudsters had moved with astounding speed to loot financial institutions around the world.

A security analyst said it was the biggest ATM fraud case she had heard of.

Seven people are under arrest in the U.S. in connection with the case, which prosecutors said involved thousands of thefts from ATMs using bogus magnetic swipe cards. The accused ringleader in the U.S. cell, Alberto Yusi Lajud-Pena, was reportedly murdered in the Dominican Republic late last month, prosecutors said. More investigations are ongoing and other arrests have been made in other countries, but prosecutors did not have details.

An indictment unsealed Thursday accused the eight of being members of the New York cell, saying they withdrew $2.8 million in cash from hacked accounts in less than a day. One of the suspects was caught on multiple surveillance cameras, his backpack increasingly loaded down with cash. Others took photos of themselves with giant wads of bills as they made their way up and down Manhattan.


P.S. As a Practicing Antediluvean Luddite (Church of the PAL), I am proud to say I have NEVER used an ATM machine. Or a debit card. I am sure it is because I come from a generation trained to control the drive to constant instant gratification, and to actually plan ahead and think through what I will be doing further than 10 minutes into the future.

My career in computer programming and technology lasted from around 1982 through 2011, when I retired. The first two decades were a lot of fun. The last decade had become a nightmare, thanks to the insecurity of machines and devices, all connected via the Internet. My job, and the jobs of my staff, had become a constant battle to defend our resources from the constant attacks by criminals over the Internet. I can remember back during Windows XP era, we would do a basic build without service packs and fixes, of an XP machine, plug it into the Internet, and watch it be hacked within five minutes. Most people simply have no concept that criminal hackers are running programs 24×7 that scan every publicly exposed IP number on every machine and device connected to the Internet. Those programs probe every available well known port, looking for services that can be exploited due to vulnerabilities, in order to hack into the machine.

And of course social engineering via target emails (Google Spear Phishing) has become wildly successful. Carefully target emails to CEOs or high level administrators in a specific corporation. Make the email look legit. The recipient clicks the link to a web site in the body, or downloads the attachment, and presto, the hackers have infiltrated that machine, and proceed then to spread out over the company’s network. The Chinese have become expert at doing this. One has to wonder if there is any part of our governmental or military computing infrastructure they have not been blithely wandering through without the operators of the computers and networks knowing it. I am sure it is far beyond what has been found, exposed, and reported.


Author: Ron