Attacks/Breaches
5/9/2013
01:28 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

8 New Yorkers Indicted As Part of $45 Million Cyberheist Of Prepaid Debit Cards

Orchestrated massive global 'bank heist' by an international cybercrime organization targeted credit card processor for MasterCard prepaid debit cards, waged and coordinated mass ATM withdrawals

Seven New York City men have been arrested and indicted in New York City for their role in an international cybercrime ring that hacked an unnamed credit card processor for MasterCard, stole prepaid debit cards, and quickly cashed them out in a highly orchestrated operation that spanned the globe. The defendants comprised a New York ground operation that allegedly withdrew $2.8 million across ATMs across the city as part of a massive cybercrime campaign that resulted in $45 million in losses. The seven arrested defendants, all based in Yonkers, N.Y., are Jael Mejia Collado, Joan Luis Minier Lara, Evan Jose Pena, Jose Familia Reyes, Elvis Rafael Rodriguez, Emir Yasser Yeje, and Chung Yu-Holguin. An eighth defendant named in the indictment, Alberto Yusi Lajud-Pena, was reportedly murdered in the Dominican Republic last month.

U.S. Justice Department officials say the men formed the New York cell of the international crime ring, which used "sophisticated intrusion" methods to break into the computers of the credit card processor for MasterCard to steal debit cards issued by the National Bank of Ras Al-Khaimah PSC (RAKBANK) in the United Arab Emirates, on Dec. 22, 2012, and then between Feb. 19 and 20, 2013, to pilfer debit cards issued by the Bank of Muscat in Oman. The ring stole and manipulated the value of prepaid debit cards and then cashed them out in massive ATM withdrawals worldwide after each computer break-in.

"As charged in the indictment, the defendants and their co-conspirators participated in a massive 21st century bank heist that reached across the Internet and stretched around the globe. In the place of guns and masks, this cybercrime organization used laptops and the Internet. Moving as swiftly as data over the Internet, the organization worked its way from the computer systems of international corporations to the streets of New York City, with the defendants fanning out across Manhattan to steal millions of dollars from hundreds of ATMs in a matter of hours," said U.S. Attorney Loretta Lynch.

Law enforcement officials say the first of the two campaigns in late 2012 against RAKBANK resulted in $5 million in losses to the credit card processor and RAKBANK. The ring conducted more than 4,500 ATM withdrawals across 20 countries using the stolen RAKBANK accounts that were altered by the hackers to higher withdrawal limits. The New York City cell, including the defendants and co-conspirators, cashed out $400,000 in more than 140 ATMs.

The second campaign on February 19 and 20 of this year went after the same credit-card processor and stole MasterCard prepaid debit cards from the Bank of Muscat in an even bigger heist, with cells in 24 different countries withdrawing $40 million from ATMS with 10 hours via some 36,000 transactions. The New York cell cashed out $2.4 million from 3,000 ATM withdrawals in the city.

DOJ officials call this type of crime an "unlimited operation," where the hackers wipe out any account withdrawal limits to get as much cash as they can. These operations typically include targeted cyberattacks that span the globe, and quick, coordinated ground operations for cashing out at ATMs.

Cybercrime cases like these "demonstrate the importance of closely monitoring the internal corporate network for signs of a breach," says Gary Warner, director of research in computer forensics at the UAB Center for Information Assurance and Joint Forensics Research. "It takes time for the criminal to learn enough about your organization's internal workings to be able to take over and reset ATM balances. Quick detection of the breach is key to preventing" these problems, he wrote in a blog post today.

The indictment and other court filings in the case say Lajud-Pena was the head of the New York cell, and that he, Rodriguez, and Yeje laundered hundreds of thousands of dollars. The cell members also purchased Rolex watches, a Mercedes SUV, and a Porsche using money made in the scam. They could face 10 years of prison time on each money-laundering charge and 7.5 years on conspiracy to commit access device fraud, as well as up to $250,000 in fines.

The U.S. Secret Service investigated the cyberattacks and U.S.-based criminal activity, and law enforcement in Japan, Canada, Germany, and Romania all assisted in the investigation.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-6477
Published: 2014-11-23
Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4...

CVE-2014-4807
Published: 2014-11-22
Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 9.3.0 before FP8 allows remote authenticated users to cause a denial of service (CPU consumption) via a '\0' character.

CVE-2014-6183
Published: 2014-11-22
IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 before 5.1.1.0 FP8, 5.1.2 before 5.1.2.0 FP9, 5.1.2.1 before FP5, 5.2 before 5.2.0.0 FP5, and 5.3 before 5.3.0.0 FP1 on XGS devices allows remote authenticated users to execute arbitrary commands via unspecified vectors.

CVE-2014-8626
Published: 2014-11-22
Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding...

CVE-2014-8710
Published: 2014-11-22
The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?