Mission Impossible !!
With only 100 compromised ATM cards thieves were able to grab $9 million from ATMs in a new style of attack in just under 30 minutes. Law enforcement sources have told that it’s one of the most frightening well-coordinated heists they’ve ever seen.
From the news that have come in till now, the flow of events is presumed to be as follows.
It all started when on December 24th 2008, RBS WorldPay announced that personal and financial account information of about 1.5 million cardholders and other individuals, and the social security numbers (SSNs) of 1.1 million people, may have been accessed by a hacker.
Formerly known as RBS Lynk, RBS WorldPay, which claims it has more than 20 years in the business, is the U.S. payment processing arm of The Royal Bank of Scotland Group.
Among other things, RBS WorldPay offers pre-paid payroll and gift cards.
According to RBS WorldPay, “Payroll cards are used by a growing number of U.S. firms to pay wages to employees. A payroll card is a reloadable stored value card that can be used at any point of sale that accepts credit and debit cards.”
It is presumed that the hackers also created a back-door entry into RBS WorldPay’s systems whereby they had the power to reload the payroll cards with new fake deposits that they could turn into cold hard cash via an ATM withdrawal.
The hackers then cloned the card info they stole into thousands of real ATM payroll cards. This is easily and cheaply done using various over the counter card printing devices.
They then recruited an Army of “cashers” to physically go to an ATM machine with the newly minted counterfeit (but valid) payroll cards and withdrawal cash. Cashers is the name given to the street-level thugs that do the actual cash withdrawals at ATMs. It is hypothesized that there were dozens of them recruited for this scam.
The hackers then developed an incredibly precise global attack plan. It is alleged that they mapped out exactly what ATMs they would hit, the order they would hit them in and on what global time schedule. This attack plan covered at least 49 different cities around the world for a total of approximately 130 ATM machines. The cities targeted include Atlanta, Chicago, Montreal, New York, Moscow and Hong Kong. The whole attack was choreographed to happen within a 30-minute timeframe.
On November 8th, 2008 they launched their attack. All 130 of the targeted ATM machines around the world were hit during a 30-minute time period. During the attack the bad guys reloaded (via their hack) the payroll cards as needed. When all was said and done it is thought that the thieves walked away with over $9 Million bucks in cold cash.
Mission Impossible …. Or fodder for the next Tamil Movie?