Lessons of the $45 Million Bank Robbery

Sue Marquette Poremba

The story of the $45 million ATM heist is a good example of just how sophisticated cybercrime has become. It also shows that there are many facets to cybercrime, and no business can afford to become focused on stopping one thing (like a data breach). The criminals will simply find another way to steal.

According to PC Magazine:

The scammers targeted banks that processed pre-paid debit cards, used a hack to erase the limit on those cards, and called on a network of criminals across the globe to withdraw millions from ATMs in a matter of hours.

It certainly isn’t the first time ATMs have been hacked, but it was definitely a large-scale attack. How big was the $45 million? As Ori Eisen, CEO and founder, 41st Parameter, told me in an email, in the world of cybercrime, any attack over $1 million is considered “professional.” I would say, then, that this was a heist in the superstar category.


But it wasn’t just the amount of money that made this heist so noteworthy. It was how it was done. Tom Cross, director of security research at Lancope, explained to me:

What makes this type of attack unique is not just the technical skill required to pull it off, but the level of logistical coordination needed to perform nearly simultaneous withdrawals from large numbers of ATM machines. Unfortunately, while breaches like this are often reported to the public, we rarely hear the specific technical vulnerabilities that the attackers were able to exploit in order to pull off the attack. It would be helpful if more organizations publicly disclosed the technical vulnerabilities associated with network security breaches. This information helps their peers prioritize the steps that they are taking to lock down their own networks.

Cross makes an interesting point. If cybercriminals can work together as these did to commit a crime – allegedly, it was a coordinated group of criminals in two dozen countries working together – shouldn’t enterprise pull together to prevent potential crime?

In this particular crime, Dodi Glenn, director of AV Labs, ThreatTrack Security, speculated:

The hackers most likely received vital bank information by compromising a customer service web portal with a SQL injection – and then most likely a keylogger and remote access tool (RAT) was used – which gave them access to the CVC or CVV data stored on the magnetic strips of prepaid credit cards. They would have also accessed a bank identification number (BIN) database and duplicated the necessary data to access funds via a closed ATM network. They then used magnetic strip writers to put the proper account information on the backs of gift cards or hotel room keys, creating a new card that they could then use to withdraw funds from multiple ATM sites.

Okay, that’s a start to a discussion on how it happened and what the potential vulnerabilities might be. Now it is time to go deeper and understand why these breaches are happening and how to prevent them in the future.

 



Add Comment      Leave a comment on this blog post
May 13, 2013 10:48 PM EliTalmor EliTalmor  says:
"Mr Dillinger”, asked the very brave radio journalist “Why do you rob banks..?” “Because”, Dillinger replied “that is where the money is.”... The steps you are describing show us that you do not need to be Dillinger to rob banks NOW ! This is time to think out-of-the-box.... IT environment evolves continuosly and there are simply too many doors being added (Web, mobile , BYOD - we name it...). We must realize that we may not be able to keep bad guys out of perimiter. hat being sad - $45 millions is too much even for credit card companies making $ billions. This is the time to involve end-users/consumers/cardholders : every cardholder should perform near real-time Identity Verification , provided the process is secure ,convenient and inexpensive . Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.