Regional

U.S. charges eight in $45M cybercrime targeting Gulf banks

NEW YORK/BOSTON: The U.S. government charged eight individuals with using data obtained by hacking into two credit card processors in a worldwide scheme that netted some $45 million within hours, a crime prosecutors described as one of the biggest bank heists in history.

The individuals formed the New York-based cell of a global cybercriminal organization that stole MasterCard Inc. debit card data from two Middle Eastern banks, the Justice Department said. The information was used to make more than 40,500 withdrawals at automated teller machines in 27 countries, prosecutors said.

The cards were issued by National Bank of Ras Al-Khaimah in the United Arab Emirates and Bank of Muscat in Oman, prosecutors said.

Bank representatives could not be reached for comment outside of regular business hours.

The case demonstrates the major threat cybercrime poses to banks around the world. Security experts frequently identify electronic fraud as one of the key challenges facing banks.

“Hackers only need to find one vulnerability to cause millions of dollars of damage,” said Mark Rasch, a former federal cybercrimes prosecutor, based in Bethesda, Maryland.

Authorities said they arrested seven of the eight defendants, all U.S. citizens and residents of Yonkers, New York. They are Jael Mejia Collado, Joan Luis Minier Lara, Evan Jose Pe?a, Jose Familia Reyes, Elvis Rafael Rodriguez, Emir Yasser Yeje and Chung Yu-Holguin.

The eighth defendant charged in the indictment, Alberto Yusi Lajud-Pe?a, was murdered on April 27 in the Dominican Republic, according to prosecutors. U.S. Attorney Loretta Lynch in Brooklyn, New York, who filed the charges, said it was unclear whether the murder was related to the cybercrime case.

Prosecutors said the attacks, known as “unlimited operations,” occurred in two separate incidents in December 2012 and February 2013.

The hackers gained access to companies that process debit card transactions, eliminated the maximum withdrawal limits on the cards and then employed “casher” crews to take money out of ATMs around the world using the stolen data, prosecutors said.In the New York City area, the ring withdrew nearly $400,000 in less than three hours at more than 140 ATM locations, prosecutors said. On another occasion, approximately $2.4 million was collected in nearly 3,000 ATM withdrawals over a 10-hour stretch, according to prosecutors.

That makes the case the second biggest bank robbery in New York City history, Lynch said, after the so-called “Lufthansa heist,” in which robbers stole millions in cash and jewelry from John F. Kennedy International Airport.

Lynch said it was likely that the headquarters of the global scheme was located outside the United States and that the current charges focused only on the New York-based cell. Investigators are examining whether other cells are operating elsewhere in the United States, she said.

In a statement, MasterCard said it had cooperated with law enforcement and stressed that its systems were not involved or compromised in the attacks.

 
A version of this article appeared in the print edition of The Daily Star on May 10, 2013, on page 1.

Recommended





Advertisement

Comments

Your feedback is important to us!

We invite all our readers to share with us their views and comments about this article.

Disclaimer: Comments submitted by third parties on this site are the sole responsibility of the individual(s) whose content is submitted. The Daily Star accepts no responsibility for the content of comment(s), including, without limitation, any error, omission or inaccuracy therein. Please note that your email address will NOT appear on the site.

Alert: If you are facing problems with posting comments, please note that you must verify your email with Disqus prior to posting a comment. follow this link to make sure your account meets the requirements. (http://bit.ly/vDisqus)

comments powered by Disqus

Advertisement

FOLLOW THIS ARTICLE

Interested in knowing more about this story?

Click here