How international cyber thieves did it
Global hackers stole $45 million in cash from 27 countries using thousands of ATMs in two separate assaults.
In one, on Dec. 22, hackers grabbed $5 million from 20 countries. On Feb. 19, they made off with $40 million in 24 countries worldwide.
Article continues after this advertisementHere’s how they did it:
Phase 1: Card processor network intrusion. Using malware, hackers breached the worldwide processors for Rakbank in the United Arab Emirates and the Bank of Muscat in Oman.
Phase 2: The criminals override security protocols and hunt for the prepaid debit card systems and delete limits on the accounts. It takes months to penetrate the systems, prosecutors said.
Article continues after this advertisementPhase 3: Access codes are created. Data is loaded onto any plastic card with a magnetic stripe—an old hotel key card or an expired credit card would do as long as it carried the account data and correct access codes.
Phase 4: Cells around the globe fan out and begin to make repeated cash machine withdrawals. In New York City alone, 750 transactions were made in two hours and 25 minutes from 140 different ATMs totaling $400,000, prosecutors said.
Phase 5: Hackers maintain unauthorized access to the banks to monitor the cash-out, keeping withdrawals rolling until the breach is discovered and the systems shut down.
Phase 6: Cash is laundered and organizers are paid.
27 countries hit
Criminals working in cells around the world stole $45 million in just hours by hacking into a database of prepaid debit cards and making withdrawals from automated teller machines, US prosecutors said. The 27 countries where they say cash machines were plundered: Belgium, Bulgaria, Canada, Colombia, Dominican Republic, Egypt, Estonia, France, Germany, Great Britain, Indonesia, Italy, Japan, Latvia, Malaysia, Mexico, Netherlands, Pakistan, Romania, Russia, South Africa, Spain, Sri Lanka, Thailand, Ukraine, United Arab Emirates and the United States.