Krebs on Security; Crooks Net Millions in Coordinated ATM Heists

Discussion in 'other security issues & news' started by Baserk, Feb 7, 2013.

Thread Status:
Not open for further replies.
  1. Baserk

    Baserk Registered Member

    Apr 14, 2008
    'Organized cyber criminals stole almost $11 million in two highly coordinated ATM heists in the final days of 2012, KrebsOnSecurity has learned.
    The events prompted Visa to warn U.S. payment card issuers to be on high-alert for additional ATM cash-out fraud schemes in the New Year.
    The accounts that the perpetrators used to withdraw money from ATMs were tied to re-loadable prepaid debit cards, which can be replenished with additional funds once depleted.
    Prepaid card networks generally enforce low-dollar limits that restrict the amounts customers can withdraw from associated accounts in a 24 hour period. But in both ATM heists, sources said, the crooks were able to increase or eliminate the withdrawal limits for the prepaid accounts they controlled.
    ' link

    According to the Visa alert from Jan. 2013 (PDF link);

    'These attacks result from hackers gaining access to issuer authorization systems and card parameter information. Once inside, the hackers manipulate daily withdrawal amount limits, card balances and other card parameters to facilitate massive fraud on individual cards.
    In some instances over $500K USD has been withdrawn on a single card in less than 24 hours.
    Hackers have been able to penetrate an internal network through the following exploits:
    -Web-based vulnerabilities, such as SQL injection
    -Establishing continuous remote access to the internal network through a “back door”
    -Compromising internal systems passwords using a password-cracking program
    -Mapping the internal network infrastructure
Thread Status:
Not open for further replies.