Cyber Crime: Huge Haul in One Day

Tuesday, August 30, 2011 @ 12:08 PM gHale

When you are a target or when a group of cyber attackers are on a focused mission, it is very hard to stop them. Those with a focused plan can slow the attack and make it much more difficult, but a targeted attack will penetrate defenses.

That scary concept comes into play in any industry as a coordinated cyber criminal network pulled off one of the largest and most complex banking heists ever, withdrawing $13 million in one day from ATMs in six countries.

New Worm Infects Windows PCs
Old Browser Plug-ins Big Attack Target
Report: Malware, Targeted Attacks on Rise
Stuxnet Threat Lingers; Industry Slow to React

The breach hit Fidelity National Information Services Inc. (FIS), a Jacksonville, FL-based company that processes prepaid debit cards. FIS disclosed the breach on May 5, but security researcher Brian Krebs dug deeper and found out the true scope of the crime.

The attackers first broke into FIS’ network and gained unauthorized access to the company’s database, where they store each debit card customer’s balances, Krebs’ sources said.

FIS’ prepaid debit cards include a fraud protection policy that limits the amount cardholders can withdraw from an ATM with a 24-hour period. Furthermore, once the customer reaches balance on the cards, the owner cannot use it until he/she puts more money back onto the cards.

The criminals were thinking as they obtained 22 legitimate cards, eliminated each card’s withdrawal limit, and cloned them, sending copies to conspirators in Greece, Russia, Spain, Sweden, Ukraine and the United Kingdom. When the prepaid limit on each card got too low, the hackers simply reloaded the fraudulent cards remotely.

At the close of the business day March 5, the criminals began taking out money from ATMs. By Sunday evening, the scam was over, and the attackers had stolen $13 million.

Krebs said it is not clear who is behind the attack on FIS.

Leave a Reply

You must be logged in to post a comment.