Feds: $45M drained from bank accounts in international cyber heist

Share this article:
Feds: $45M drained from bank accounts in international cyber heist
Feds: $45M drained from bank accounts in international cyber heist

Eight individuals have been charged for their role in the hacking of two credit card processors, which allowed a global gang of cyber bandits to withdraw tens of millions of dollars from ATMs around the world, federal prosecutors announced Thursday.

According to an indictment unsealed on Thursday, the eight defendants formed the New York-based operation of the international racket.

Seven of the people have been arrested, while the alleged leader of the New York cell, Alberto Lajud-Peña, 23, is believed to have been murdered last month in the Dominican Republic.

The other defendants, all residents of Yonkers, N.Y., are Joan Lara, 22; Chung Yu-Holguin, 22; Jael Collado, 23; Jose Reyes, 24; Elvis Rodriguez, 24; Emir Yeje, 24; and Evan Peña, 35. They are charged with conspiracy to commit access device fraud, which carries a 7 1/2-year maximum sentence, and money laundering conspiracy and money laundering, which each carry a maximum of 10 years.

According to federal prosecutors, the eight defendants and unnamed co-conspirators allegedly withdrew an estimated $2.4 million from nearly 3,000 ATMs in the New York City area from 3 p.m. on Feb 19 through the early morning of Feb. 20. In total, $40 million was stolen worldwide during that period.

Federal prosecutors called the cyber attacks “unlimited operations," meaning intruders hack into the computer systems of credit card processors – in this case reportedly one was located in the United States and the other in India – to compromise prepaid debit card accounts, then raise the limits on the accounts. Prosecutors said they targeted MasterCard prepaid debit cards issued by the Bank of Muscat in Oman.

Using the information they purloined, teams of "carders" and "cashers" then created cloned cards and used them to withdraw the funds.

In a separate occasion on December 2012, the crime outfit allegedly hacked a credit card processor that handles transactions for prepaid MasterCard debit cards issued by the National Bank of Ras Al-Khaimah (RAKBANK) PSC in the United Arab Emirates. In that operation, around $5 million was fraudulently withdrawn through more than 4,500 ATM transactions made in 20 countries.

The heists are reminiscent of the 2008 attack on processor RBS WorldPay, now known as WorldPay, in which 1.5 million cardholders were affected.

Loretta Lynch, U.S. attorney for the Eastern District of New York, called the campaign a “massive 21st century bank heist,” where the criminals used “laptops and the internet” instead of “guns and masks.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Millenials improve security habits, more interested in cyber careers, still need guidance

Millenials improve security habits, more interested in cyber ...

Raytheon's second annual survey on the online and security behavior of Millennials shows improvement but still a long way to go.

Pakistani man indicted over spyware app creation

Hammad Akbar created StealthGenie, which allowed the purchaser to secretly monitor a cell phone's communications.

FDA finalizes guidelines on medical device, patient data security

The recommendations are aimed at providing better protecting patient health and data, as well as hoping device manufacturers take into account cybersecurity risks in the early stages of development.