With only 100 compromised ATM cards thieves were able to grab $9 million bucks from the banking system in a new style of attack. Law enforcement sources told Fox 5 it's one of the most frightening well-coordinated heists they've ever seen. "We've seen similar attempts to defraud a bank through ATM machines but not, not anywhere near the scale we have here," FBI Agent Ross Rice told Fox 5. "We've never seen one this well coordinated," the FBI said.
How did the hackers steal $9 million in one 30-minute time period using only 100 ATM cards you ask? That shouldn’t be possible given the daily limits (usually about $500/day) placed on all ATM cards. Well it turns out that the hackers applied military like precision to old ATM Scam techniques and added a touch of devious ingenuity to pull this one off. Here is a look at how the theft was perpetrated.
First, the bad guys had to obtain the ATM cards. To accomplish this they hacked into RBS WorldPay and stole at least 100 payroll cards. According to RBS WorldPay, “Payroll cards are used by a growing number of U.S. firms to pay wages to employees. A payroll card is a reloadable stored value card that can be used at any point of sale that accepts credit and debit cards.”
Second, the bad guys had to figure out how to reload the cards. To accomplish this they hacked into RBS WorldPay’s systems once again. Once this was done they had the power to reload the payroll cards with new fake deposits that they could turn into cold hard cash via an ATM withdrawal.
Third, the bad guys had to clone the card info they stole into thousands of real ATM payroll cards. This is easily and cheaply done using various over the counter card printing devices. Given that this market is completely non-regulated, anyone can buy all of the gear necessary to make your very own credit, ATM, Bank, etc. Cards.
Fourth, the bad guys needed to recruit an Army of “cashers” to physically go to an ATM machine with the newly minted counterfeit (but valid) payroll cards and withdrawal cash. Cashers is the name given to the street-level thugs that do the actual cash withdrawals at ATMs. It is hypothesized that there were dozens of them recruited for this scam.
Jamey Heary, CCIE No. 7680, is the author of the Cisco NAC Appliance: Enforcing Host Security with Clean Access book by Cisco Press. Jamey is a seasoned security technologist with over 15 years in the IT field with 10 years focused on IT security. His areas of expertise include network and host security design and implementation, security regulatory compliance, and routing and switching. His other certifications include CISSP, CCSP, and Microsoft MCSE. He is also a Certified HIPAA Security Professional. Jamey is currently a Security Consulting Systems Engineer with Cisco, though the opinions expressed here are his own. Jamey is a member of Network World's Cisco Subnet blog community.
The Leader in Network Knowledge
I'd Like to Take "Issue"...
and ban it from normal people's language.
There's that weasly word again: "issue." And used to describe what at a minimum are "problems" and at a maximum are "glaring gaps." Sigh... I wish normal people would stop speaking government-speak (weasly words) and say what they really mean. I suspect that "issue" came from RBS WorldPay and their lawyers, but it would be great if at least once a reporter/commentator called the game -- in this case, on what is obviously a huge PROBLEM as the story explains.
"Issue"
Absolute agreement with JLBrown's comment!
* Here's another to ban: "INMATE"
Add this to the misused word list
"impact" . People us it 'cause they can't figure out the difference between "effect" and "affect". Lets reserve "impact" for things like comets or bullets.
Wrong: "the inmate had an issue with the impact of the new lock-down rule had on his freedom"
Correct: The prisoner had a problem with the effect of the new lock-down rule had on his freedom"
Steve
This is not english class
to the guys that are trying to teach us all english, stop Already!!!!
The post is not about english, in fact I always hated english class growing up. If you want to discuss the language seek another venue.
If you have something pithy to add to the authors excellent SECURITY article have at it. Blogs are not meant to be a sounding board for all you english snobs! Comment on the freaking content already will ya!
-English teacher hater for life
completely agree with Anon
Here here!!!! comment on the articles no the english!
disagree with Anon
The lack of effective communication - specifically of the English language is a glaring PROBLEM that causes many issues on many software projects. Programmers are notoriously bad at written communication. This causes inefficiencies that result in big functional gaps which other clever sociopaths eagerly exploit. Sorry for being off-topic, but it is relevant!
For Those Who Care About English...
For those of you who do care about the language and improving your skills (yes yes, it's off topic) I'd like to recommend my favorite book on the subject:
Ben Yagoda's "If You Catch an Adjective, Kill It"
Lynne Truss' short rants on punctuation are also good.
All are both funny and informative.
--Jeff
Here here!!!! comment on the
Here here!!!! comment on the articles no the english!
Where where????
(try "hear hear!")
it was not about english it was about CORPORATE SPEAK
Impact and issue are words used by corporate spokesmen to makes something serious seem like it's being taken care of or that it doesn't matter.
Quit whining. It's not about language. It's about lying.
Try again
"Correct: The prisoner had a problem with the effect of the new lock-down rule had on his freedom"
Umm, nope - that, like the "Wrong:" sample still does not parse. It seems that fixing other people's English is a wee bit more complicated than you thought.
As for impact, which seems to be irrelevant in the context of the article, it is not reserved for physical effects and can even be used for abstractions.
Post new comment