Saturday, May 11, 2013

Bank Muscat's 'Ocean's Eleven' like bank card heist explained by New York Times article

1 comment:

Last February, it was reported  a large sum of money was stolen from Bank Muscat through 12 travel cards- a bank product launched in 2012, 'the bank muscat MasterCard Travel Card provides an electronic payment solution and a safer alternative to the conventional payment methods, such as the traveller’s cheques...'

There was very little information reported as to how the heist was done until now where international news agencies are reporting it as 'the great 21st century cyber-bank heist'. This is not the first time Bank Muscat has been dupped, several years ago several million dollars was stolen through transfer by an Indian national who worked at the bank. And, more recently  there have been several attempted hold-ups at branches.

At the beginning of the year, a Pakistani took advantage of currency exchange booths at the airport and Barka locations and introduced fake Rupees into circulation which Omani citizens subsequently unknowingly used in India and were arrested.

Taken from the New York Times, May 9, 2013

http://www.nytimes.com/2013/05/10/nyregion/eight-charged-in-45-million-global-cyber-bank-thefts.html?pagewanted=2&_r=1&ref=nyregion

In Hours, Thieves Took $45 Million in A.T.M. Scheme

MasterCard alerted the Secret Service to the activity soon after the transactions were completed, said a law enforcement official, who declined to be identified discussing a continuing investigation.
Multimedia
Robert D. Rodriguez, a special agent with the Secret Service for 22 years and now the chairman of Security Innovation Network, said that in some ways the crime was as old as money itself: bad guys trying to find weaknesses in a system and exploiting that weakness.
“The difference today is that the dynamics of the Internet and cyberspace are so fast that we have a hard time staying ahead of the adversary,” he said. And because these crimes are global, he said, even when the authorities figure out who is behind them they might not be able to arrest them or persuade another law enforcement agency to take action.
After pulling off the December theft, the organization grew more bold, and two months later it struck again — this time nabbing $40 million.
On Feb. 19, cashing crews were in place at A.T.M.'s across Manhattan and in two dozen other countries waiting for word to spring into action.
This time, the hackers had infiltrated a credit-card processing company based in the United States that also handles Visa and MasterCard prepaid debit cards. Prosecutors did not disclose the company’s name.
After securing 12 account numbers for cards issued by the Bank of Muscat in Oman and raising the withdrawal limits, the cashing crews were set in motion. Starting at 3 p.m., the crews made 36,000 transactions and withdrew about $40 million from machines in the various countries in about 10 hours. In New York City, a team of eight people made 2,904 withdrawals, stealing $2.4 million.
Surveillance photos of one suspect at various A.T.M.'s showed the man’s backpack getting heavier and heavier, Ms. Lynch said, comparing the series of thefts to the caper at the center of the movie “Ocean’s Eleven.”
While the New York crew had a productive spree, the crews in Japan seem to have been the most successful, stealing around $10 million, probably because some banks in Japan allow withdrawals of as much as $10,000 from a single bank machine.
“The significance here is they are manipulating the financial system to be able to change these balance limits and withdrawal limits,” said Kim Peretti, a former prosecutor in the computer crime division of the Justice Department who is now a partner in the law firm Alston & Bird. “When you have a scheme like this, where the system can be manipulated to quickly get access to millions of dollars that in some sense did not exist before, it could be a systemic risk to our financial system.”
It was unclear to whom the hacked accounts belonged, and who might ultimately be responsible for the losses.
The indictment suggests a far-reaching operation, but there were few details about the people responsible for conducting the hacking or who might be leading the global operation. Law enforcement agencies in more than a dozen countries are still investigating, according to federal prosecutors. The authorities said the leader of the New York cashing crew was Alberto Lajud-Peña, 23, whose body was found in the Dominican Republic late last month. Seven other people were charged with conspiracy to commit “access device fraud” and money laundering.
The prosecutors said they were all American citizens and were based in Yonkers. The age of one defendant was given as 35; the others were all said to be 22 to 24. Mr. Lajud-Peña fled the United States just as the authorities were starting to make arrests of members of his crew, the law enforcement official said.
On April 27, according to news reports from the Dominican Republic, two hooded gunmen stormed a house where he was playing dominoes and began shooting. A manila envelope containing about $100,000 in cash remained untouched.
Nicole Perlroth, Frances Robles and Mosi Secret contributed reporting.