A new, extraordinary cyber ring that allowed eight people to steal more than $45 million from victims makes denial of service attacks seem like child’s play. Plus, more than $2 million was stolen from ATMs scattered around New York – and the thieves were able to do this in just nine hours. Another $4 million was stolen in an even faster timeframe in other countries as the financial cyber ring continued in its global stealing spree.
The government is now saying it’s an international campaign that quickly grew. This group of cyber hackers is just one more reason why the efforts to combat these types of crimes is in overdrive. Cyber hacks have become a $110 billion industry that spans the globe.
In the announcement on Thursday, the prosecutors who will be trying the crimes revealed a number “intrusion” techniques were incorporated in order to break down security measures in banks and other financial entities. Prepaid debit card data was stolen and from there, the hackers were able to bypass limits set forth by ATMs and card networks.
So far, eight people have been charged, all from Yonkers, and one of the eight is believed to be dead. A joint murder investigation is ongoing; both here in the U.S. and the Dominican Republic as well to see if there are any parallels with the crime and the murder of AlbertoYusi Lajud-Peña. The operation has been unfolding for the past two months.
Financial Cyber Ring Goes Global
The initial operation was focused on a credit card processor that processed transactions for the prepaid debit cards issued by MasterCard and the National Bank of Ras Al-Khaimah PSC, a bank that’s headquartered in the United Arab Emirates. Days later, another massive effort was underway, this time, it involved successful hacks into the same MasterCard network. The one difference is that these attacks affected banks in Oman. According to the indictment, the second operation began on February 19 and involved hacking into a network of MasterCard prepaid debit cards issued by the Bank of Muscat. In just 10 hours, the thieves successfully executed about 36,000 transactions in 24 countries, withdrawing $40 million from ATMs, officials said.
After the data was stolen and withdrawal limits were suspended, the sensitive data was then spread around the world, with massive amounts of fraudulent ATM withdrawals occurring, sometimes simultaneously. According to the indictment, each is being accused of carrying these crimes between October 2012 and April 2013.
The defendants and their co-conspirators participated in a massive 21st century bank heist that reached across the Internet and stretched around the globe. In the place of guns and masks, this cybercrime organization used laptops and the Internet,
Loretta Lynch, the U.S. Attorney in Brooklyn, said in a press release on Thursday.
Law enforcement is committed to moving just as swiftly to solve these cybercrimes and bring their perpetrators to justice.
There are multiple charges associated with this ring of thieves. Each was charged with conspiracy to fraudulent steal money using various access devices, money laundering and others. Each defendant could be sentenced to ten years in prison for the money laundering and slightly more than 7 years if they’re convicted of conspiracy to commit device fraud. They could each be fined $250,000 and ordered to pay restitution.
The intrusion techniques, named “Unlimited Operations”, include extremely targeted attacks with international cyber criminals, countless prepaid phones used for communication and intricate efforts of laundering the stolen money. The majority of laundered cash was then sent to the higher ups in the crime ring. It definitely highlights the growing problems associated with the digital age. The prosecutors also said they were successful because of their fast movements, as evidenced by the money stolen in just a few hours.
Meanwhile, Steven Hughes, the special agent in charge for the Secret Service’s New York field office, said
The Secret Service and its law enforcement partners have adapted to these technological advancements and utilized cutting edge investigative techniques to thwart this cybercriminal activity,
said Steven Hughes, the special agent in charge for the Secret Service’s New York field office.
According to the indictment, the individuals carried out a pair of cyber heists between October 2012 and April 2013.
Fast Growing Efforts to Steal
Here’s a startling statistic: the ongoing series of attacks on the U.S financial industry has resulted in fifteen of the most recognized bank brands being offline for a massive 249 hours in the last six weeks.
The past seven months have been especially brutal and because of that, new calls are being made for lawmakers to step up to the plate and stiffen the penalties for those convicted of committing these frauds. One of the more vocal supporters of new laws, Rep. Mike Rogers (R MI) told NBC News that proof is in the rapid increase – both in the monetary and volume columns. He also believes that Iran is behind the denial of service attacks that have plagued the big banks, including Bank of America, Wells Fargo, PNC and at least one credit card company, American Express. The cyber attack group, Izz ad-Din al-Qassam Cyber Fighters, has consistently claimed responsibility in these attacks. It said it wanted a video that showed Prophet Muhammad being ridiculed pulled from YouTube. Unfortunately, it also said it would be increasing the number of attacks this spring. If it’s this group behind the current attacks, it’s remained true to its word.
Based on my conversations with companies involved with defending against these attacks, I have no doubt that the Iranian government is behind them,
Rogers said. He went on to stress his belief that,
these banks are among the best in the country when it comes to cyber security, but even they are having trouble keeping up with attacks that have the sophistication and the level of resources that a nation-state entity like Iran can devote to them.
There are no guarantees, either, that the group won’t escalate in its damage. While the denial of service attacks haven’t hacked into individual consumers’ banking records, it could change at any time.
What are your thoughts on this latest crime ring being busted? Do you think there are any common denominators between the cases this week and the denial of service attacks?