The FBI uses an iPhone photo to nab six members of a cybercrime ring accused of stealing $45 million via ATMs.

Mathew J. Schwartz, Contributor

November 19, 2013

4 Min Read

The FBI Monday announced six more arrests as part of a wide-ranging investigation into an international cybercrime ring that's been accused of stealing $45 million via ATMs in more than 20 countries since December.

Five of the suspects -- Anthony Diaz, 24; Saul Franjul, 23; Saul Genao, 24; Jaindhi Polanco, 29; and Jose Angeley Valerio, 26 -- were arrested early Monday. A superseding indictment charged all of them -- except for Franjul -- with serving as money mules and withdrawing $2.8 million from ATMs. Franjul, meanwhile, was accused of packing $800,000 in stolen cash into a suitcase for the gang's alleged leader, 25-year-old Alberto Yusi Lajud-Pena (aka "Prime" and "Albertico"). Franjul's co-conspirators allegedly then took the suitcase to Lajud-Pena -- then in Miami -- via bus.

At a hearing in Brooklyn federal district court Monday, the five arrestees -- four men and one woman -- pleaded not guilty. A sixth suspect named in the indictment, Franklyn Ferreira, who was arrested later on Monday, was due to be arraigned Tuesday afternoon. All six of the arrestees hail from Yonkers, NY.

[ "Inj3ct0r Team" hackers strike vBulletin, MacRumors. Read Hacked, Customer Data Stolen. ]

In a letter sent to federal district court in Brooklyn, federal prosecutors said Monday that investigators matched surveillance photographs captured by banks -- where the alleged illegal withdrawals took place -- with suspects' driver's license photographs and Facebook profile pictures, reported The Wall Street Journal. Prosecutors also said that the government had yet to locate $2 million of the stolen money, and that no individual bank accounts were compromised by attackers.

According to prosecutors, investigators recovered an iPhone photograph -- taken by one of the suspects on March 2, 2013, just days after card details stolen from Bank Muscat in Oman were used to steal millions of dollars via ATM withdrawals -- that showed cash being stuffed into a suitcase.

"After exploiting cyber-weaknesses in the financial system to steal millions from ATMs, these defendants were packing bags to the brim with stolen cash, destined for the cybercriminal organizers of these attacks," US Attorney Loretta E. Lynch alleged in a statement. The six people arrested Monday face up to seven and a half years in prison based on the charge of access device fraud conspiracy, and could be hit with forfeiture and a fine of up to $250,000.

In February, German police also arrested two Dutch citizens -- caught withdrawing money from ATMs in Dusseldorf -- with being part of the cybercrime gang. To date, Department of Justice officials have declined to specify where the cybercrime gang is based, saying that their investigation remains ongoing.

Per a preceding indictment in this case, unsealed in May, three men were already arrested and charged with being part of the cybercrime gang; all three pleaded not guilty. Four other defendants charged in the indictment, meanwhile, pleaded guilty.

An eighth man, the aforementioned Lajud-Pena, allegedly lead the gang's New York cell. He was murdered in the Dominican Republic in April while playing dominoes at his home, while his two brothers were wounded. Local media outlets tied the attack to a dispute over how the cybercrime gang's stolen funds should be apportioned, and suggested the hit men had been hired by Lajud-Pena's New York accomplices.

US prosecutors haven't charged anyone with that crime, but they have accused the gang members of running so-called "unlimited operations," which consist of hacking into a credit card processor's systems, stealing prepaid debit card account numbers and PINs, and removing the withdrawal limits on those prepaid accounts. In this case, prosecutors said the targeted financial organizations were the National Bank of Ras Al-Khaimah PSC (aka RAKBANK) in the United Arab Emirates, and the Bank of Muscat in Oman.

The hackers allegedly shared stolen card details with the leader of a "cashing crew," who would create fake credit cards encoded with stolen credit and debit card information and distribute them to a gang of money mules. At a predetermined time, the money mules would make as many withdrawals as possible using the cards, until banks' fraud departments spotted the theft and shut down the related card numbers.

In this case, prosecutors said the cashing crews conducted hundreds -- and in one case thousands -- of fraudulent transactions using different ATMs. According to prosecutors, when the gang hit ATMs in the New York City area, they withdrew approximately $2.8 million in a matter of hours. In another heist, the gang allegedly used cards encoded with just 12 stolen prepaid debit account numbers to quickly withdraw $40 million.

Authorities said this stolen cash was spent in high-end nightclubs and laundered, in part, by purchasing luxury goods, including Rolex watches and two cars -- a Mercedes G63 AMG and Porsche Panamera -- that were together valued at $250,000.

Knowing your enemy is the first step in guarding against him. In this Dark Reading report, Integrating Vulnerability Management Into The Application Development Process, we examine the world of cybercriminals -- including their motives, resources, and processes -- and recommend what enterprises should do to keep their data and computing systems safe in the face of an ever-growing and ever-more-sophisticated threat. (Free registration required.)

About the Author(s)

Mathew J. Schwartz


Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights