Sunday, May 12, 2013

After the $45 Million Global Bank Heist, Where did the Money Go?

Last week, the U.S. Attorney’s Office (Eastern District of New York) announced that two cyber-attacks resulted in a theft of $45 million from the global banking system.
  • The first incident (December 22, 2012) used prepaid debit cards issued by RAKBANK in the United Arab Emirates to withdrew $5 million via 4,500 ATM transactions in 20 countries (during a 2 1/2 hour period in New York City, there were about 750 transactions made at 140 ATM locations).
  • The second incident (February 19-20, 2013) involved prepaid debit cards for the Bank of Muscat in Oman. Within 10 hours, about 36,000 ATM transactions in 24 countries withdrew about $40 million ($2.4 million came for 3,000 ATM withdrawals in New York City.
  • The initial systems break-ins occurred at ElectraCard System (Pune,  India) and EnStage, Inc. (Bangalore, India) that provide outsourced services to MasterCard.
  • U.S. Attorney Loretta Lynch said, “Moving as swiftly as data over the Internet, the organization worked its way from the computer systems of international corporations to the streets of New York City, with the defendants fanning out across Manhattan to steal millions of dollars from hundreds of ATMs in a matter of hours.”
  • Secret Service Special Agent Steven Hughes said, “New technologies and the rapid growth of the Internet have eliminated the traditional borders of financial crimes and provided new opportunities for the criminal element to threaten the world’s financial systems”
  • Federal prosecutors noted that “Unlimited Operations” such as these have three main characteristics: 1) a “surgical precision” to carry out an attack, 2) a global cybercrime organization, and 3) a fast and well-coordinated ground operation. Authorities in Japan, Canada, Germany, Romania, United Arab Emirates, Dominican Republic, Mexico, Italy, Spain, Belgium, France, United Kingdom, Latvia, Estonia, Thailand, and Malaysia cooperated in the investigation, which continues to seek crime ring members in Europe and Asia. The defendants in New York were charged with money laundering and conspiracy to commit access device fraud.
MY TAKE
  • Because these arrests account for a small fraction of the total fraudulent transactions, it is likely that more arrests will be announced in the future
  • In addition, these incidents are a reminder that cyber-crime is one of the fastest growing areas of crime, which also presents threats to power plants, electrical grids, and the information systems of government and major companies
  • As a result, demand for a broad set of solutions and services that identify, monitor and protect against cyber-attacks continues to expand.

1 comment: