How Cybercriminals Stole $40 Million From ATMs Worldwide In Just 10 Hours

cyber-crime-hacker-580x358An international gang of cyber thieves stole more than $45 million from thousands of ATMs in carefully coordinated attacks conducted within a matter of hours.

The set up for the heists took place over a seven-month period ending last month, during which hackers broke into the computer networks of financial companies in the United States and India.

Below is an account of how they executed the whole process.

First, hackers gained access to bank computers and downloaded prepaid debit card data while erasing their withdrawal limits. No word on how exactly the hackers gained access to the bank databases (i.e. Was it by phishing?).

Second, they passed the data to numerous “cashers” who cloned the cards and got to work withdrawing millions of dollars from ATMs.

The clockwork coordination of the hack, the cloning, and the “cash-out network” resulted in one of the biggest bank heists in history.

In February 2013 thieves in 27 countries made about 36,000 withdrawals over 10 hours to accrue $40 million — averaging a withdrawal of $1,111 every 10 seconds. A smaller heist occurred in December.

Eight individuals in the New York cell siphoned “at least $2.8 million from more than 750 ATMs in 2.5 hours,” which ranks as the second-biggest bank robbery in the history of New York City.

Neuman notes: “If all eight were working together, they would have had to hit ‘at least’ one ATM every 96 seconds, averaging $2,333 per withdrawal.”

The experts said that inadequate cyber security — i.e. lack of employee oversight and stringent electronic monitoring — allowed hackers to penetrate the back-end systems at banks.

The second issue is the vulnerability of the magnetic strip, which allows for criminals to attach devices to ATM card-readers that record the information stored on the strip.

Encrypted chip technology is more secure, experts said, but it could take a decade to implement in the U.S. (it has already been widely adopted in Europe).

Credit: Business Insider and Global post