Cybercriminals stole $44 million in in 36,000 transactions over a 10-hour period by effectively coordinating two common credit card schemes, Scott Neuman of NPR reports.
First, hackers gained access to bank computers and downloaded prepaid debit card data while erasing their withdrawal limits.
Second, they passed the data to numerous “cashers” who cloned the cards and got to work withdrawing millions of dollars from ATMs.
Chuck Somers, vice president of core systems and ATM security at Diebold, told NPR that neither of those things are unusual by themselves — but the clockwork coordination of the hack, the cloning, and the “cash-out network” resulted in one of the biggest bank heists in history.
In February 2013 thieves in 27 countries stole made about 36,000 withdrawals over 10 hours to accrue $40 million — an average withdrawal of $1,111 every 10 seconds.
Eight individuals in the New York cell siphoned “at least $2.8 million from more than 750 ATMs in 2.5 hours,” which ranks second-biggest bank robbery in the history of New York City.
Neuman notes: “If all eight were working together, they would have had to hit ‘at least’ one ATM every 96 seconds, averaging $2,333 per withdrawal.”
The experts said that inadequate cyber security — i.e. lack of employee oversight and stringent electronic monitoring — allowed hackers to penetrate the back-end systems at banks.
The second issue is the vulnerability of the magnetic stripe, which allows for criminals to attach devices to ATM card readers that record the information stored on the stripe.
Encrypted chip technology is more secure, experts said, but it could take a decade to implement in the U.S. (it’s already been widely adopted in Europe).
Business Insider Emails & Alerts
Site highlights each day to your inbox.