It was a 21st-century bank heist where the criminals didn’t come with Tommy guns, ski masks or screeching getaway cars. There were just a bunch of men walking into ATMs around the world and leaving with backpacks full of cash.
In two precision operations involving people in more than two dozen countries, the criminals robbed two global banks of $45 million by striking thousands of ATMs in a matter of hours. Before the robberies, there were cyber attacks on two credit card processing firms, one in India and the other in the US.
Using a process called ‘Unlimited Operation’ in the cyber-crime world, hackers accessed pre-paid card data and raised credit limits. They passed on the account numbers to people across the world who encoded them on magnetic-stripe cards. On December 21, ‘cashing crews’ made 4,500 ATM transactions worldwide, stealing $5 million. They struck again two months later, bigger and bolder — nabbing $40 million.
The stolen cash was then laundered in purchases of luxury items like Rolex watches and expensive cars.
The first to be caught was a New York crew, their pictures captured as they travelled the city. They hit 2,904 machines over 10 hours on February 19, withdrawing $2.4 million.
On Thursday, federal prosecutors in Brooklyn unsealed an indictment charging eight men — including the suspected ringleader, who was found dead in the Dominican Republic last month. The seven others are Americans from New York.
MasterCard alerted Secret Service about the transactions, said a law enforcement official. It was unclear who the accounts belonged to and who might ultimately be responsible for the losses.
(With NYT inputs)