A global cyber-crime ring stole $45 million from two Middle Eastern banks by hacking into credit-card processing firms and making withdrawals from ATMs in 27 countries, U.S. prosecutors said Thursday.
The surgically precise, highly coordinated undertaking is one of the biggest bank heists ever. Eight men were accused by the U.S. Justice Department of allegedly establishing the ring’s New York-based cell. The department said seven have been arrested, and that the remaining man, believed to be one of the cell’s leaders, was reportedly murdered in the Dominican Republic on April 2, according to Reuters.
The ring’s leaders are thought to be located outside of the U.S. Certain details about the heist reveal the enormous scope and rapid pace of the crimes. For instance, in a little more than 10 hours, $40 million was stolen from ATMs in 24 nations, and that involved 36,000 transactions, Reuters reports.
"In the place of guns and masks, this cyber crime organization used laptops and the Internet," said Loretta Lynch, U.S. attorney for the Eastern District of New York. "Moving as swiftly as data over the Internet, the organization worked its way from the computer systems of international corporations to the streets of New York City."
According to the complaint, the cyber-robbers broke into the computer systems of two credit card processors, one in India in December 2012, and the other in the U.S. this February. The companies were not identified. The hackers, who haven't been named, increased the available balance and withdrawal limits on prepaid MasterCard debit cards issued by Bank of Muscat of Oman and National Bank of Ras Al Khaimah PSC (RAKBANK) of the United Arab Emirates, the complaint states.
Continue Reading Below
The thieves then distributed counterfeit debit cards to "cashing crews" throughout the world, enabling them to withdraw millions of dollars from ATMs, Reuters reports. The indictment explains how the criminals went on to launder funds by splurging on luxury items like high-end automobiles and Rolex watches, Reuters reports.
Hackers reportedly distributed information to people in 20 countries, and those individuals encoded data on magnetic stripe cards.
On Dec. 21, the cashing crews made 4,500 ATM. transactions worldwide, stealing $5 million, according to the indictment, the New York Times reports. On Feb. 19, the crews were more brazen as they waited -- at ATMs in Manhattan and in many other countries – for the green light, according to news reports. Then, at 3 in the afternoon, the cashers made 36,000 transactions and withdrew about $40 million from machines in various countries in only about 10 hours. In the Big Apple, 2,904 withdrawals were made by eight people, and $2.4 million was stolen, according to the Times.
Surveillance photographs show a suspect at different ATMs, his backpack becoming increasingly heavy, said Lynch, who compare the pictures to a scene in the film “Ocean’s 11.”
“New technologies and the rapid growth of the Internet have eliminated the traditional borders of financial crimes and provided new opportunities for the criminal element to threaten the world’s financial systems,” said Steven Hughes, a Secret Service special agent who has participated in the investigation.
“However, as demonstrated by the charges and arrests announced today, the Secret Service and its law enforcement partners have adapted to these technological advancements and utilized cutting edge investigative techniques to thwart this cybercriminal activity,” Hughes continued.
The eight defendants -- all U.S. citizens and residents of Yonkers, N.Y -- were charged with withdrawing cash from the ATMs and transporting money.
The seven who were arrested, and who were charged with conspiracy to commit “access device fraud” and money laundering, are: Jael Mejia Collado, Joan Luis Minier Lara, Evan Jose Peña, Jose Familia Reyes, Elvis Rafael Rodriguez, Emir Yasser Yeje and Chung Yu-Holguin (known as "Chino El Abusador"), Reuters states. All of the individuals except for Rodriguez were arraigned Thursday and pleaded not guilty. Rodriguez's attorney was unavailable, reports Reuters, adding that only Peña has been released on bail.
The defendant who was reportedly murdered was Alberto Yusi Lajud-Peña -- he also went by "Prime" and "Albertico." Lynch said it was unclear whether his murder was related to this case. Meanwhile, details reportedly have not been released about individuals who carried out the computer hacking. Prosecutors said law enforcement in more at least 12 countries -- including Germany, Romania, Japan and Canada -- have been involved in the investigation, the Times reports.