BALTIMORE (WJZ) — Forty-five million dollars in cash, drained from ATMs all over the world in a matter of hours. A gang of cyber criminals is behind a massive bank heist using bogus debit cards.
Kai Jackson explains how they carried off the high tech crime.
The ATM heist happened in a matter of hours, and security experts tell WJZ there is a strong likelihood it will happen again.
They were fast, brazen and extremely sophisticated. In February, a worldwide gang of thieves pulled off a bank robbery with no weapons and without entering a bank.
It’s an operation that’s astounded even the best at cyber security.
U.S. prosecutors, who’ve now made a list, say it involved a network of criminals stealing from ATMs.
“They’re told where to stand, they’re told where to start. They’re told you’re going to hit as many ATMs as possible,” said Loretta Lynch, U.S. attorney.
Prosecutors say the thieves used bogus magnetic stripe cards, but stole from legitimate accounts, and went from ATM to ATM until the worldwide tally was well into the double digit millions.
Here’s how the complicated scheme worked:
Investigators say the thieves used prepaid credit cards. Hackers had already spent months obtaining data and removing the withdrawal limits on the cards. Thieves got into position around the globe in cities like New York with fake cards in hand.
At a precise time, detectives say the crooks started using the cards, but they weren’t hitting individual accounts. They targeted cash reserves held by the banks, which netted $40 million.
Severna Park cyber security expert Gary Buclous says banks have to tighten their security.
“There’s always room for improvement, coming from a banking experience, coming from a security banking experience, you have to always be one step ahead,” he said.
In the United States, seven people are now under arrest.
“They just go out and collect the money. It’s literally getting your money for free,” said Lynch.
Experts say part of the problem lies with the magnetic strips on the backs of the cards in question. Most banks around the world have abandoned this type of card in favor of one that has a computer chip. However, because U.S. banks accept and use them, so does most of the world.
The attack in February was the second such crime. In December, thieves netted $5 million worldwide.