- CyberCrime Center
January 10, 2014
On both sides of the law there hasn’t been this much international cooperation since Independence Day, Mars Attacks or War of the Worlds had Earthlings coming together to fend off alien invaders. But since those accounts were fictional – at least we’re pretty sure or Fox or CNN or somebody would’ve run the story – maybe there’s never been this much worldwide cooperation by the good guys or the baddies.
The international ATM theft ring, which stole millions, had illegal activities going from the United Arab Emirates to the United States and from Germany to India. Arrayed against them were law enforcement agencies in the US, Germany, Spain and possibly others.
In a piece that was reported on pcworld.com, IDG New Service correspondent Jeremy Kirk describes how the ring worked and how it’s being taken down:
Spanish police said Sunday eight people have been arrested who allegedly aided a global ring that stole millions from two banks through fraudulent ATM withdrawals.
Six Romanians and two Moroccans are accused of making 446 withdrawals totaling €285,000 (U.S.$392,000) using cloned payment cards at ATMs in Madrid in February, according to a news release from Spain’s Interior Ministry. They’re also alleged to have stolen €68,000(approximately U.S. $92,465) in December 2012.
Spain’s roundup adds to arrests made by the U.S. and Germany in the scam, which saw the Bank of Muscat, based in Oman, and the National Bank of Ras Al-Khaimah PSC, also known as RAKBANK, in United Arab Emirates, lose $45 million.
The well-planned thefts hit the banks twice, in December 2012 and in February, using a network of people who synchronized withdrawals using stolen payment card numbers at ATMs around the world.
U.S. federal prosecutors in New York indicted eight people last May and arrested six in early November. According to court documents, the withdrawal limits were raised on prepaid MasterCard and Visa payment cards.
The limits were increased as a result of a breach of credit card processors in the U.S. and India, which have not been identified.
Spain said its arrests came after Germany detained a key figure who compromised the credit card processors, disabling security features intended to protect accounts such as geographical restrictions and payment limits.
Those arrested in Spain are accused of receiving the prepaid debit card numbers and encoding the numbers onto dummy cards to make the withdrawals.
Spanish police released a video of a raid in which they seized €25,000 (approximately U.S. $34,000), payment card encoding devices, 1,000 new magnetic-stripe cards, Apple and other computer equipment, jewelry, perfume and cologne.
The video showed the magnetic stripe card encoding devices, with the model number “MSR605,” which is widely available for under $200 on websites such as Amazon and eBay.
RAKBANK suffered $5 million in losses after 4,500 ATM withdrawals were made in 20 countries on Dec. 22, 2012. A second large attack between Feb. 19 and 20 saw the Bank of Muscat lose $40 million, withdrawn by people in 20 countries in just 10 hours.
The New York group is alleged to have withdrawn $2.8 million of RAKBANK’s money in thousands of transactions from 140 ATMs around New York. The bulk of it was sent to the organizers of the attacks, according to U.S. prosecutors.
The Interior Ministry said it worked with a U.S. agency on the latest arrests, but did not identify the organization.
ThreatMetrix secures Web transactions against account takeover, payment fraud, identity spoofing, malware, and data breaches. The ThreatMetrix Global Trust Intelligence Network, which analyzes 500 million monthly transactions, provides context-based authentication and Web fraud prevention to help companies accelerate revenue, reduce costs and eliminate friction. ThreatMetrix protects more than 1,900 customers and 9,000 websites across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.
Posted by Dan Rampe
Tags: Account Takeover, Account Takeover Fraud, ATM Fraud, Bank Fraud, CNP fraud, Cookieless Device Identification, Cookies, Credit Card Fraud, Cyber attacks, Device Detection, Device Fingerprint, Device Fingerprinting, Device ID, Device Identification, Fraud Prevention, Hacking, Identity Spoofing, Identity theft, Malware, Malware Detection, Malware Protection, MitB, Mobile fraud, Online Fraud, Phishing, Phishing Detection, PII, ThreatMetrix, ThreatMetrix Cybercrime Index, ThreatMetrix Global Trust Intelligence Network, ThreatMetrix Web Fraud Map, TrustDefender Cybercrime Protection Platform, Web Fraud