latinospost.com
By Bary Alyssa Johnson | First Posted: May 10, 2013 08:48 AM EDT
The United States government on Thursday charged eight men from New York for their participation in an international conspiracy involving a high-tech theft ring that launched cyber attacks on financial institutions around the world, resulting in losses estimated at $45 million.
Authorities today took into custody seven of the eight-man crew associated with the e-bank heist. The men are facing charges of alleged conspiracy to commit access device fraud, money laundering conspiracy and money laundering as part of a scheme dubbed the "unlimited operation." For their part in the plot, the men are accused of withdrawing nearly $3 million from ATM machines across New York City, according to an indictment filed by United States Attorney Loretta Lynch.
The defendents in this case include Jael Meja Collado, Joan Luis Miner Lara, Evan Jose Peña, Jose Familia Reyes, Elvis Rafael Rodriguez, Emir Yasser Yeje, Chung Yu-Holguin and alleged ringleader of the "cashing crew" Alberto Yusi Lajud-Peña. Lajud-Peña, also known as "Prime," was murdered in the Dominican Republic on April 27, though it is unclear whether there was any connection between his murder and the cybercrimes.
All of the suspects, who range in age from 22 to 34 are United States citizens originally from the Dominican Republic. They are all from Yonkers, NY and according to Lynch knew each other and were recruited to take part together in what Lynch has referred to as "a massive 21st Century bank heist."
The men arrested today represent only a very small subset of members in the extensive International cybercrime network responsible for the big-picture theft, a group believed to be headquartered outside of the United States. This is the network responsible for two incidents that targeted banks in at least 26 different countries and resulted in the $45 million theft.
The sophisticated "unlimited operation" scheme is comprised of three different groups of criminals. The "backers" are the financiers of the operation who pay big bucks to the "hackers" who use their computers to break into the databases of various financial institutions to obtain access codes, PIN numbers for debit cards and to remove any withdrawal limits that may be placed on individual bank accounts. The hackers then pass all of this information on to the "cashers" or "cashing crews" who are later dispatched simultaneously en masse to withdraw funds from all of the compromised accounts using ATM machines in cities all over the globe.
In this specific case the $45 million in stolen money was the result of two separate attacks, one which took place in December 2012 and the other in February 2013.
The December attack targeted a bank in India and the subsequent withdrawals totalled $5 million from bank accounts around the world. The February attack targeted a Visa and Mastercard processor in the United States and led to a $40 million loss.
John Miller, senior correspondent for CBS News and a former FBI assistant director reported today on "CBS This Morning" that "we've learned how they carried out this cyber-attacks, and it's unlike anything ever seen before."
"You know, this is -- if you're a criminal, this is a gorgeous scheme. If you are a bank this is your worst nightmare. And if you're a prosecutor...or the Secret Service agents involved in this case, it's a great caper, in terms of the case, but you realize you're just at the tip of the iceberg."
................................................................
黑客撳錢黨閃電盜3億
盜改扣帳卡資料 劫銀行毋須用槍
盜改扣帳卡資料 劫銀行毋須用槍
【明報專訊】美國與多國警方聯手搗破一個「黑客撳錢黨」跨國犯罪集團。路透社形容,這個犯罪集團毋須動刀槍,就幹出了史上其中一場最大規模銀行劫案,他們
先安排黑客捕捉網上保安漏洞,竊取和竄改銀行預付扣帳卡的帳戶資料,包括取消提款上限,然後利用動過手腳的帳戶資料,複製出大量假卡,由街頭罪犯負責到各
地銀行櫃員機大舉提款。集團先後兩度在全球27國提款犯案,閃電提走合共4500萬美元(約3.5億港元)。
虛擬犯罪快閃集團 全球動員提款
這次案件罕見之處,在於犯罪集團不僅利用網絡保安漏洞作案,更有多個分支小組,短時間內在全球各地同時提款搶錢,因此美國檢察官林奇 (Loretta Lynch)形容這班人是「虛擬犯罪快閃集團」(virtual criminal flash mob),《紐約時報》更形容這次是21世紀式銀行劫案。林奇說:「這個科網犯罪集團以手提電腦和網絡,取代槍械和面具來打劫,眾被告在區區數小時內就從 曼哈頓區數以百計的自動櫃員機盜取幾百萬美元。」
根據起訴書,首次行動發生於去年12月。犯罪集團的黑客,首先入侵一間印度信用卡處理公司的系統,盜取並竄改了多個由阿聯酋銀行RakBank發出 的MasterCard預付扣帳卡(prepaid debit card)的戶口資料,包括取消其提款上限(變成可無限提款),這意味「即使只有少數銀行戶口遭入侵,也可為受害金融機構造成巨額財政損失」。
入侵小量戶口 即可大量偷錢
黑客在這次行動中,掌握了5個預付扣帳卡戶口。犯罪集團隨後將戶口資料分送至20個國家的「提款小組」,後者將資料注入各式磁帶卡(這些磁帶卡甚至 是酒店門匙卡都可以),複製出大量「冒牌扣帳卡」。12月21日,各地提款小組利用手上的冒牌扣帳卡聯手提款,一天內在全球進行4500次櫃員機交易,盜 取了500萬美元。
犯罪集團得手後食髓知味,兩個月後再次出動。這次他們選擇向一間美國信用卡處理公司下手,掌握12個阿曼馬斯喀特銀行(BankMuscat)的預 付扣帳卡戶口後,今年2月19日再度犯案。對於這個犯罪集團專揀信用卡處理公司下手盜改資料,專家解釋,這類公司的保安一般遠遜正常金融機構。香港城市大學電子工程系副教授鄭利明向本報說:「信用卡處理中心為中介公司,負責為發卡機構傳送帳戶信息、對數和進行交收。由於這些公司的保安不強,容易成為賊人目標。」
「日本組」最猖狂 撳走8000萬
起訴書仔細講述各地「提款小組」在2月19日下午3時起,在全球多國的自動櫃員機連環進行3.6萬次交易,10小時內提款共4000萬美元。最「成 功」的作案發生於日本,被盜金額達1000萬美元,相信這與日本銀行櫃員機最高提款額高達1萬美元有關。在紐約,一個8人「提款小組」則在2904次提款 中,攫取240萬美元。檢察官林奇指閉路電視影像可見其中一名疑犯的背囊愈塞愈滿,形容過程就像荷李活大片《盜海豪情》的情節,又指這幫人大約保留兩成贓 款揮霍,其餘上繳策劃者。不過執法人員稱,疑是「紐約幫」主謀的23歲男子,在逃往多米尼加後,於兩周前被殺,其餘7人皆已被捕。
(紐約時報/路透社)
這次案件罕見之處,在於犯罪集團不僅利用網絡保安漏洞作案,更有多個分支小組,短時間內在全球各地同時提款搶錢,因此美國檢察官林奇 (Loretta Lynch)形容這班人是「虛擬犯罪快閃集團」(virtual criminal flash mob),《紐約時報》更形容這次是21世紀式銀行劫案。林奇說:「這個科網犯罪集團以手提電腦和網絡,取代槍械和面具來打劫,眾被告在區區數小時內就從 曼哈頓區數以百計的自動櫃員機盜取幾百萬美元。」
根據起訴書,首次行動發生於去年12月。犯罪集團的黑客,首先入侵一間印度信用卡處理公司的系統,盜取並竄改了多個由阿聯酋銀行RakBank發出 的MasterCard預付扣帳卡(prepaid debit card)的戶口資料,包括取消其提款上限(變成可無限提款),這意味「即使只有少數銀行戶口遭入侵,也可為受害金融機構造成巨額財政損失」。
入侵小量戶口 即可大量偷錢
黑客在這次行動中,掌握了5個預付扣帳卡戶口。犯罪集團隨後將戶口資料分送至20個國家的「提款小組」,後者將資料注入各式磁帶卡(這些磁帶卡甚至 是酒店門匙卡都可以),複製出大量「冒牌扣帳卡」。12月21日,各地提款小組利用手上的冒牌扣帳卡聯手提款,一天內在全球進行4500次櫃員機交易,盜 取了500萬美元。
犯罪集團得手後食髓知味,兩個月後再次出動。這次他們選擇向一間美國信用卡處理公司下手,掌握12個阿曼馬斯喀特銀行(BankMuscat)的預 付扣帳卡戶口後,今年2月19日再度犯案。對於這個犯罪集團專揀信用卡處理公司下手盜改資料,專家解釋,這類公司的保安一般遠遜正常金融機構。香港城市大學電子工程系副教授鄭利明向本報說:「信用卡處理中心為中介公司,負責為發卡機構傳送帳戶信息、對數和進行交收。由於這些公司的保安不強,容易成為賊人目標。」
「日本組」最猖狂 撳走8000萬
起訴書仔細講述各地「提款小組」在2月19日下午3時起,在全球多國的自動櫃員機連環進行3.6萬次交易,10小時內提款共4000萬美元。最「成 功」的作案發生於日本,被盜金額達1000萬美元,相信這與日本銀行櫃員機最高提款額高達1萬美元有關。在紐約,一個8人「提款小組」則在2904次提款 中,攫取240萬美元。檢察官林奇指閉路電視影像可見其中一名疑犯的背囊愈塞愈滿,形容過程就像荷李活大片《盜海豪情》的情節,又指這幫人大約保留兩成贓 款揮霍,其餘上繳策劃者。不過執法人員稱,疑是「紐約幫」主謀的23歲男子,在逃往多米尼加後,於兩周前被殺,其餘7人皆已被捕。
(紐約時報/路透社)
