A unique breach of bank information has hit one of the world’s largest banks.
According to a federal grand jury indictment, two hackers, using bank accounts and PINs stolen over the internet, managed to steal millions of dollars from Citibank.
The two charged were a Ukrainian immigrant named Yuriy Ryabinin, andIvan Biltse. The pair are alleged to be part of a worldwide scam thathas made 9,000 fraudulent ATM withdrawals, according to court documents. The money was drained from ATMs in the New York area, authorities said.
“On or about February 1, 2008, Citibank representatives informed the FBI that a Citibank server that processes ATM withdrawals at 7-11 convenience stores had been breached,” according to an affidavit filed with a New York federal court by Albert Murray, an FBI special agent.
There were hundreds of ATM withdrawals in New York from October 2007 to March of this year, all using the breached information, authorities said. Some of the illicit withdrawals were videotaped. The criminals used ATM cards encoded with Citibank customer account information to withdraw the money.
Specifically, the indictment charged that the criminals “received over the internet information relating to the bank accounts of multiple Citibank customers, which information had been previously stolen from Citibank.”
A spokeswoman for Citibank did not respond to a request for comment.
WIth correct information, it is very easy to create a counterfeit card, Avivah Litan, Gartner vice president and distinguished analyst, told SCMagazineUS.com on Thursday
“All you have to have is the PIN and enough customer information,” she said. “And the criminals have figured out how to get that.”
This kind of fraud is becoming an enormous problem for banks, said Litan.
“Criminals have found ways to basically bypass many of the controls that banks have in place,” she said. “So ATM and debit card fraud is expected to rise. In our surveys, banks themselves expect the rate of fraud to double over the next two years.”