Cybercriminals Stole $45 Million from ATMs in a Matter of Hours

Picture this: A global network of hackers link up and decide to rob a bank. But not just one branch or ATM — all of them. They'd attack from all over the world, descending upon cities like ants on a hill. They'd use cashing crews, armies of credit card-carrying soldiers with backpacks that they fill with bills at each ATM. Poured into the middle of an empty airport hangar, the millions of dollars in stolen cash would form a small mountain.

Somewhere in the background, picture a Ferrari pulling up to a jewelry store to buy a fancy watch. You can picture this scene with George Clooney playing the leading man, Brad Pitt standing to the side always eating. Picture the box office earnings in that mountain formation.

This is not a movie, though. This is a real thing that just happened. On Thursday, federal prosecutors in Brooklyn unsealed the paperwork on one of the most intricately planned and well executed cyber heists in history. The indictment includes eight members of an organized crime outfit, the leader of whom was reportedly murdered in the Dominican Republic at the end of April. The crew is suspected of stealing a staggering $45 million from ATMs around the world in the span of just a few hours.

It all went down pretty much as described above. By hacking into banks' databases, they were able to steal customer data that enabled them to raise the limits on pre-paid Visa and Mastercards. They encoded the information onto blank magnetic strips and then sent the cashing crews from ATM to ATM, withdrawing as much as they could. One attack in December involved to 4,500 ATMs, and in January, similar attacks hit New York City and locations in 20 countries across the world. The New York Times reports:

Starting at 3 p.m., the crews made 36,000 transactions and withdrew about $40 million from machines in the various countries in about 10 hours. In New York City alone, a team of eight people made 2,904 withdrawals, stealing $2.4 million.

Surveillance photos of one suspect hitting various A.T.M.'s showed the man’s backpack getting heavier and heavier, Ms. Lynch said, comparing the robbery to the caper at the center of the movie “Ocean’s 11.”

So if you thought hackers were just a bunch of small time crooks, think again. Big time criminals are catching on to the fact that there's buckets of many to be made by exploiting vulnerabilities at financial institutions and elsewhere. The attacks are becoming more frequent, and as we saw on Thursday, the scale is becoming unimaginable.

Authorities sound like they know there's more to come. "In the place of guns and masks, this cybercrime organization used laptops and the Internet,” U.S. attorney Loretta E. Lynch said on Thursday. “Moving as swiftly as data over the Internet, the organization worked its way from the computer systems of international corporations to the streets of New York City, with the defendants fanning out across Manhattan to steal millions of dollars from hundreds of ATM's in a matter of hours.”

And you'd better believe others will try to do the same.