Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

5/9/2013
01:28 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

8 New Yorkers Indicted As Part of $45 Million Cyberheist Of Prepaid Debit Cards

Orchestrated massive global 'bank heist' by an international cybercrime organization targeted credit card processor for MasterCard prepaid debit cards, waged and coordinated mass ATM withdrawals

Seven New York City men have been arrested and indicted in New York City for their role in an international cybercrime ring that hacked an unnamed credit card processor for MasterCard, stole prepaid debit cards, and quickly cashed them out in a highly orchestrated operation that spanned the globe. The defendants comprised a New York ground operation that allegedly withdrew $2.8 million across ATMs across the city as part of a massive cybercrime campaign that resulted in $45 million in losses. The seven arrested defendants, all based in Yonkers, N.Y., are Jael Mejia Collado, Joan Luis Minier Lara, Evan Jose Pena, Jose Familia Reyes, Elvis Rafael Rodriguez, Emir Yasser Yeje, and Chung Yu-Holguin. An eighth defendant named in the indictment, Alberto Yusi Lajud-Pena, was reportedly murdered in the Dominican Republic last month.

U.S. Justice Department officials say the men formed the New York cell of the international crime ring, which used "sophisticated intrusion" methods to break into the computers of the credit card processor for MasterCard to steal debit cards issued by the National Bank of Ras Al-Khaimah PSC (RAKBANK) in the United Arab Emirates, on Dec. 22, 2012, and then between Feb. 19 and 20, 2013, to pilfer debit cards issued by the Bank of Muscat in Oman. The ring stole and manipulated the value of prepaid debit cards and then cashed them out in massive ATM withdrawals worldwide after each computer break-in.

"As charged in the indictment, the defendants and their co-conspirators participated in a massive 21st century bank heist that reached across the Internet and stretched around the globe. In the place of guns and masks, this cybercrime organization used laptops and the Internet. Moving as swiftly as data over the Internet, the organization worked its way from the computer systems of international corporations to the streets of New York City, with the defendants fanning out across Manhattan to steal millions of dollars from hundreds of ATMs in a matter of hours," said U.S. Attorney Loretta Lynch.

Law enforcement officials say the first of the two campaigns in late 2012 against RAKBANK resulted in $5 million in losses to the credit card processor and RAKBANK. The ring conducted more than 4,500 ATM withdrawals across 20 countries using the stolen RAKBANK accounts that were altered by the hackers to higher withdrawal limits. The New York City cell, including the defendants and co-conspirators, cashed out $400,000 in more than 140 ATMs.

The second campaign on February 19 and 20 of this year went after the same credit-card processor and stole MasterCard prepaid debit cards from the Bank of Muscat in an even bigger heist, with cells in 24 different countries withdrawing $40 million from ATMS with 10 hours via some 36,000 transactions. The New York cell cashed out $2.4 million from 3,000 ATM withdrawals in the city.

DOJ officials call this type of crime an "unlimited operation," where the hackers wipe out any account withdrawal limits to get as much cash as they can. These operations typically include targeted cyberattacks that span the globe, and quick, coordinated ground operations for cashing out at ATMs.

Cybercrime cases like these "demonstrate the importance of closely monitoring the internal corporate network for signs of a breach," says Gary Warner, director of research in computer forensics at the UAB Center for Information Assurance and Joint Forensics Research. "It takes time for the criminal to learn enough about your organization's internal workings to be able to take over and reset ATM balances. Quick detection of the breach is key to preventing" these problems, he wrote in a blog post today.

The indictment and other court filings in the case say Lajud-Pena was the head of the New York cell, and that he, Rodriguez, and Yeje laundered hundreds of thousands of dollars. The cell members also purchased Rolex watches, a Mercedes SUV, and a Porsche using money made in the scam. They could face 10 years of prison time on each money-laundering charge and 7.5 years on conspiracy to commit access device fraud, as well as up to $250,000 in fines.

The U.S. Secret Service investigated the cyberattacks and U.S.-based criminal activity, and law enforcement in Japan, Canada, Germany, and Romania all assisted in the investigation.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Windows 10 Migration: Getting It Right
Kevin Alexandra, Principal Solutions Engineer at BeyondTrust,  5/15/2019
Baltimore Ransomware Attack Takes Strange Twist
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/14/2019
When Older Windows Systems Won't Die
Kelly Sheridan, Staff Editor, Dark Reading,  5/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12184
PUBLISHED: 2019-05-19
There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC attribute of an IFRAME element, a different vulnerability than CVE-2019-12136.
CVE-2019-12173
PUBLISHED: 2019-05-18
MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138.
CVE-2019-12172
PUBLISHED: 2019-05-17
Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137.
CVE-2019-12168
PUBLISHED: 2019-05-17
Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command Shell (aka Administration > Commands) screen.
CVE-2019-12170
PUBLISHED: 2019-05-17
ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PH...