$45M Heist Used a 5 Year Old (at least) TechniqueBy Rich
Big news, big money – hackers stole $45M in a flash attack. They hacked into the bank system, focused on debit and pre-paid cards that lack the usual credit card anti-fraud detection, then made massive rapid withdrawals using mules scattered around the world.
Viktor Pleshchuk, Sergei Tsurikov, Oleg Covelin and a fourth man, identified only as “Hacker 3,” pooled their talents, and with the help of a worldwide network of “cashers” in more than 280 cities, they were able to walk away with $9 million of RBS WorldPay’s money. The attack, detailed in a federal indictment announced Tuesday by the Department of Justice, illustrates clearly the level of organization and sophistication involved in ATM and payment-card fraud, as well as the difficulty banks face in guarding against these schemes.
The scam began simply and came together quickly. In early November 2008, prosecutors allege that Covelin discovered a vulnerability in the network of RBS WorldPay, a subsidiary of the Royal bank of Scotland that handles payroll and other payment-processing transactions for companies around the world.
As Gal Shpantzer said in our chat room today: this is the sort of ATM hack that should be in the Verizon DBIR – not necessarily skimming.