• Menu
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Before Header

  • About Us
  • Lexicon
  • Contact Us
  • Our Store
  • ↑
  • ↓
  • ←
  • →

Balloon Juice

Come for the politics, stay for the snark.

We need to vote them all out and restore sane Democratic government.

People identifying as christian while ignoring christ and his teachings is a strange thing indeed.

Thanks to your bullshit, we are now under siege.

Hey Washington Post, “Democracy Dies in Darkness” was supposed to be a warning, not a mission statement.

I see no possible difficulties whatsoever with this fool-proof plan.

DeSantis transforming Florida into 1930s Germany with gators and theme parks.

Stamping your little feets and demanding that they see how important you are? Not working anymore.

Rupert, come get your orange boy, you petrified old dinosaur turd.

Putting aside our relentless self-interest because the moral imperative is crystal clear.

If you don’t believe freedom is for everybody, then the thing you love isn’t freedom, it is privilege.

Everything is totally normal and fine!!!

“The difference between stupidity and genius is that genius has its limits.”

A democracy can’t function when people can’t distinguish facts from lies.

🎶 Those boots were made for mockin’ 🎵

You don’t get to peddle hatred on saturday and offer condolences on sunday.

Let’s not be the monsters we hate.

There are some who say that there are too many strawmen arguments on this blog.

Red lights blinking on democracy’s dashboard

Fight for a just cause, love your fellow man, live a good life.

He really is that stupid.

Petty moves from a petty man.

“Everybody’s entitled to be an idiot.”

Fear or fury? The choice is ours.

It’s the corruption, stupid.

Mobile Menu

  • Seattle Meet-up Post
  • 2025 Activism
  • Targeted Political Fundraising
  • Donate with Venmo, Zelle & PayPal
  • Site Feedback
  • War in Ukraine
  • Submit Photos to On the Road
  • Politics
  • On The Road
  • Open Threads
  • Topics
  • COVID-19
  • Authors
  • About Us
  • Contact Us
  • Lexicon
  • Our Store
  • Politics
  • Open Threads
  • 2025 Activism
  • Garden Chats
  • On The Road
  • Targeted Fundraising!
You are here: Home / Economics / C.R.E.A.M. / Dog Bites Man — Internet Bank Heist Version

Dog Bites Man — Internet Bank Heist Version

by Tom Levenson|  May 9, 20136:03 pm| 34 Comments

This post is in: C.R.E.A.M., Free Markets Solve Everything, Science & Technology

FacebookTweetEmail

Least suprising story of the year here:

…in two precision operations that involved people in more than two dozen countries acting in close coordination and with surgical precision, the organization was able to steal $45 million from thousands of A.T.M.’s in a matter of hours.

In New York City alone, the thieves responsible for A.T.M. withdrawals struck 2,904 machines over 10 hours on Feb. 19, withdrawing $2.4 million.

The scam was simple and very smart:  hack credit card processing companies in India and the US; then raise the credit limits on pre-paid debit cards issued by a couple of banks in the Persian Gulf.  Clone the data on said cards so that teams IRL could hit machines in multiple countries, stuffing wads of cash in backpacks that surveillance video shows getting heavier and heavier. Rince, repeat, profit.

Constant_Wauters_Der_ertappte_Hausdiener

All this comes out of an unsealed indictment for a New York City crew of eight involved in the impressively effortful spree noted in the quote above.

Don’t try this at home, kids — not only is it a pretty hefty felony, and not your money and all that — but then there’s this:

The authorities said the leader of the New York cashing crew was Alberto Lajud-Peña, 23, who also went by the name Prime. His body was found in the Dominican Republic on April 27 and prosecutors said they believe he was killed.

I have no doubt that there are folks involved in this that you really, really don’t want to irritate.  None of the putative kingpins have been identified, but in an even less surprising footnote to the tale, the authorities are tracking down some of the loot in predictable forms:

The authorities have already seized hundreds of thousands of dollars from bank accounts, two Rolex watches and a Mercedes S.U.V., and are in the process of seizing a Porsche Panamera.

Part of me says that this is something to note because so much of the financial life of individuals and the economy writ large depends on the secure functioning of — and user trust in — global banking systems at every level from the corner ATM to the massive inter-bank clearing mechanisms.

The cyber security people I talk to have to hold their hands over the mouths to stop themselves from blurting “WAKE UP SHEEPLE!!!!!” — as that trust rests on a rickety tangle of hardware and software.  So while there’s a kind of Great Train Robbery thrill to the idea of capers like these, this could get ugly indeed.

The real question, though, is what role George Clooney will play.

Image: Constant Wauters, The servant as a thief, 1845.

FacebookTweetEmail
Previous Post: « I don’t understand what they mean and I could really give a fuck
Next Post: The Reverse Midas Touch »

Reader Interactions

34Comments

  1. 1.

    Trollhattan

    May 9, 2013 at 6:10 pm

    Wow, that’s pretty darn brazen for an organization not called Enron. Speaking of caper movies that Must be Made, I demand the Belgian diamond heist be given the Guy Ritchie treatment.

    http://www.bbc.co.uk/news/world-europe-22460557

  2. 2.

    EthylEster

    May 9, 2013 at 6:11 pm

    This really slays me.

    The experts have been warning about security breaches for YEARS. And they will only get worse.

    And today I logged into my XXX financial services account for the first time and was prompted to enter a new password. It has to be all numeric. Is that dumb or what? And the security questions are LAME as well.

  3. 3.

    Brother Machine Gun of Desirable Mindfulness (fka AWS)

    May 9, 2013 at 6:18 pm

    @Trollhattan:

    Wow, that’s pretty darn brazen for an organization not called Enron a Wall Street Bank.

    FTFY

  4. 4.

    joes527

    May 9, 2013 at 6:19 pm

    3000 ATM withdraws in 10 hours?

    That’s a metric fuckton of people that need to be involved. Unless the folks in the center of this kept their identity from the foot soldiers, there is no way that this wouldn’t blow wide open.

    So smart, and so stupid.

  5. 5.

    MikeJ

    May 9, 2013 at 6:27 pm

    @EthylEster:

    And today I logged into my XXX financial services account for the first time and was prompted to enter a new password

    If they aren’t using two factor auth, don’t connect over the internet.

  6. 6.

    lumpkin

    May 9, 2013 at 6:28 pm

    >>>The cyber security people I talk to have to hold their hands over the mouths to stop themselves from blurting “WAKE UP SHEEPLE!!!!!” — as that trust rests on a rickety tangle of hardware and software. So while there’s a kind of Great Train Robbery thrill to the idea of capers like these, this could get ugly indeed<<<

    I dunno – $45M from multiple banks that have $billions? Sure it's a crime and they should do the time, but seriously – is this something to freak about? I'm sure that way more than $45M gets stolen every day via conventional means.

  7. 7.

    Gordon, the Big Express Engine

    May 9, 2013 at 6:33 pm

    @EthylEster: my password is baloney1. It used to just be baloney, but now they make you add *number*

  8. 8.

    Another Halocene Human

    May 9, 2013 at 6:33 pm

    CapitalOne inherited INGDirect’s online banking business and they seemed to have pretty good security although I’ve noticed they slacked up (trying to close out my accounts because CapitalOne are a bunch of thieves). Dunno what it’s like behind the scenes. I think Ing required pin and password and the pin would rotate the secured alphanumerics (essentially, you memorized where the buttons were on the screen) sent to authorize you, AND Ing would send you an image confirming it was them and NOT a phishing site.

    Fuckin’ sucks that the pimped OptionARMs like nobody’s business and completely blew up their US division. Also went down hard in Netherlands but their gov’t bailed them out. IngDirect was sold to a US bank.

    Local coop banking for me from now on.

  9. 9.

    Another Halocene Human

    May 9, 2013 at 6:37 pm

    @Gordon, the Big Express Engine: Ha ha, I did that for years, not because it was required, but to hopefully fuck up dictionary attacks on my password.

    Old license plate codes are good too, but only if someone close to you isn’t likely to steal your identity and, sadly, maybe 25-30% of identity theft is family members? Ugh.

    Some of these clowns that ruin their kid’s credit don’t even think it’s wrong. Nor do I understand why banks don’t kind of catch on that, hey, the DOB here is a little off, hey, isn’t this actually the guy who charged off two loans here three years ago? Oh wait, that would mean not having low pay, high turnover, commission paid assholes as your main floor staff. Oops.

  10. 10.

    Schlemizel

    May 9, 2013 at 6:37 pm

    I am cyber security professional. There are people out there very capable of pulling this off but the smart ones are doing it more slowly.

    BTW – this is all small potatoes to what the Chinese are doing. They have deeply implanted backdoors into millions of computers including a lot that you wouldn’t think had any real value. But they are playing a long game & all info they gather has value. And they use it in credibly smart ways. For instance they were able to pull all the cost data out of one company’s systems and managed to know exactly how much to bid to take business away from that company. The joint government/industry partnership will own us all

  11. 11.

    Baud

    May 9, 2013 at 6:40 pm

    @Schlemizel:

    What do you think of CISPA?

  12. 12.

    Raven Onthehill

    May 9, 2013 at 6:41 pm

    The cipherpunks were almost right. It turns that that without good security which, yes, includes strong encryption, it becomes impossible to rely on computer networks in a free civil society.

    And now, over to the future, where we all are arriving, one day at a time.

  13. 13.

    Raven Onthehill

    May 9, 2013 at 6:43 pm

    A general rule of thumb is that passwords are weak to sort-of-OK security. If we intend to keep using computer networks for our day-to-day business, we had best change.

  14. 14.

    Another Halocene Human

    May 9, 2013 at 6:44 pm

    @lumpkin: The scandal is that the banks will gather all these infos on you, keep them on unsecured dbs within their walls, and don’t give a shit–probably won’t even tell you–when organized crime (usually their own employees) steals tens of thousands of account holders info.

    Banks have always been about the bullshit. I mean look at their early 20th century facades. Look at their names. They’ve always been a game but one with I guess a purpose, though it’s not like government couldn’t give out loans to businesses and shit. But that’s not how the West was won, gov’t gave out tax breaks and used eminent domain powers, while fly-by-night banks provided the cheap credit the boom towns and homesteaders needed. Savings institutions? Ha ha ha. Keep it under the FDIC limit, kiddies.

    What sucks among so many things that sucks about stupid Americans is that we flip out about government and privacy, which is fair enough, but don’t seem to care that private institutions have almost no restrictions on getting our information, keeping them in unsafe ways, not restricting who has access to it, selling it, etc. HIPAA put some limits on some sorts of data but nothing like what people imagine it does. Then add in the absolutely incorrect info being perpetuated in peoples’ credit records with no recourse that counts for anything and now drop in identity theft into that mix. This shit is extremely destructive (financially and emotionally) to the little guy. Private profits, personal risk, while the “good cop” of the gov’t sits back… Wall Street paid Uncle Sam off.

  15. 15.

    Gordon, the Big Express Engine

    May 9, 2013 at 6:47 pm

    @Another Halocene Human: I was quoting Mr. Chow from The Hangover 2… I don’t really do that!

  16. 16.

    David Koch

    May 9, 2013 at 7:06 pm

    inb4 “I blame Obama”

  17. 17.

    Bill Arnold

    May 9, 2013 at 7:10 pm

    @Schlemizel:
    Out of curiousity, how many such back doors have been found, e.g. through reverse engineering?

  18. 18.

    The prophet Nostradumbass

    May 9, 2013 at 7:20 pm

    In the last week or so, my mom has received two phone calls from some guy in India pretending that her computer was infected with and spreading viruses, trying to get her to do something. The first time, she hung up on him herself, and the second, she handed the phone to me.

  19. 19.

    Roger Moore

    May 9, 2013 at 7:30 pm

    One of the big ways they deal with this is to hang the losses from fraud on the banks rather than account holders. This has two beneficial effects:

    1) It keeps the little people sheeple from panicking and abandoning the system, since they are protected from losses better than if they tried to keep their money as cash, and

    2) It gives the banks a huge incentive to keep security tight. Yeah, they got taken for $45 million in this caper, but when was the last time you heard of anyone pulling anything close to that big against a major bank? It’s very rare, and is a good sign that the banks’ security is pretty tight.

  20. 20.

    mapaghimagsik

    May 9, 2013 at 7:35 pm

    Things are getting interesting, cyber-security wise, even a cyber security budgets seem to be getting smaller.

    I do code security. It’s pretty amazing how much training needs to be done.

  21. 21.

    Uncle Cosmo

    May 9, 2013 at 7:38 pm

    I keep getting these phone messages that “this is your final notice to lower your credit card interest rate–press 1” blah blah blah.

    This morning I pressed 1 & a guy came on the line & said “Hi, do you want to lower your credit card interest rate?”

    I replied, “I want to know who you people are & why you keep calling me.”

    “Have a good day.” (click)

    Next time I have half a mind to say yes just to see what kind of personal information they want from me. I have half of that half a mind to make up a bunch of shit in advance to use to fuck with them.

  22. 22.

    Bruce S

    May 9, 2013 at 7:39 pm

    Too bad some bodies of ringleaders of the REAL Great Bank Heist of ’08 didn’t turn up full of lead in the DR…

    It’s always the little guys who get caught or shot. This was ridiculously labor intensive and $45 million is peanuts. As they say, the best way to rob a bank is to own one.

  23. 23.

    Gex

    May 9, 2013 at 7:59 pm

    Until financial institutions that fail to secure financial data (or ascertain that the person applying for credit is the person they say they are) these things will never stop.

    If the institutions that don’t bother to make sure that everything is on the up and up had to pay the costs associated with their in ability to protect consumer data, this shit would stop pretty quick. So long as the poor person who simply exists in this modern world has to pay the costs of his data being stolen, this will continue apace.

    The fact of the matter is that these big businesses are VERY good at making sure they don’t lose money. Watch how the RIAA manages to track nearly every bit on the Internet that is part of a song. It can be done. It just won’t be done because the costs are externalized.

  24. 24.

    Jacques Anquetil

    May 9, 2013 at 8:00 pm

    I work for a large multinational bank in the merchant risk field and all I can say is this is only going to get worse. Note I did not say it worse before getting better, because it will simply get worse and worse.
    One example of banks and credit card companies trying to combat fraud is EMV enabled cards. These have a chip in them which theoretically makes it harder to hack than a simple magstripe. Most of the world has migrated to EMV, but the US is the laggard and we only expect full implementation in 2015. Know what that means? Data thieves will be out in full force stealing based on current card usage and will be learning how to beat EMV. This has already happened in GB where EMV has been around for a bit, and criminals are mastering man in the middle attacks to defeat the technology.
    The only way to fight this is to educate consumers who will fall for some of the stupidest shit imaginable. Merchants as well have their fair share of people you wonder how they managed to live thus far.
    Stupid people + payment method = THEFT 100% of the time.

  25. 25.

    MattR

    May 9, 2013 at 8:08 pm

    @Uncle Cosmo: I had the same reaction when I politely asked them what financial institution they were associated with.

  26. 26.

    BruceJ

    May 9, 2013 at 8:22 pm

    Well part if the problem is because the US is too damned backwards to move to smart cards like the rest of the goddamn civilized world.

    From the Washington Post story:

    “Some of the fault lies with the ubiquitous magnetic strips on the back of the cards. The rest of the world has largely abandoned cards with magnetic strips in favor of ones with built-in chips that are nearly impossible to copy. But because U.S. banks and merchants have stuck to cards with magnetic strips, they are still accepted around the world.”

    They were loading this data onto old hotel keys, expired credit cards, anuythign with a strip on it.

  27. 27.

    RepubAnon

    May 9, 2013 at 8:56 pm

    I expect the Bank’s next move will be have their pets in Congress pass legislation making the account holder liable if a hacker steals their money. The legislation will have ‘Homeland”, “For the Children” and “9/11” in the the title…

  28. 28.

    Dr. Squid

    May 9, 2013 at 8:58 pm

    Wonder how much the banks collected in fees from all those transactions.

  29. 29.

    catclub

    May 9, 2013 at 9:43 pm

    @The prophet Nostradumbass: My wife got that call, too. Or maybe we are married to the same person.

  30. 30.

    catclub

    May 9, 2013 at 9:48 pm

    @Roger Moore: But the banks push debit cards over credit cards, because the debit card is directly linked to your bank account, and the protections for the consumer are much worse. So I am not in agreement with your faith in the banks.

    Somebody else noted that the US has not gone to chip and pin credit cards. Actually there are two banks (One is a maryland Credit Union) in the US that do issue chip and pin cards.

  31. 31.

    El Cid

    May 9, 2013 at 10:15 pm

    They should have just pooled money, lobbied a few Congressmen to deregulate what they wanted to do, and then steal all this legally.

  32. 32.

    Reuben

    May 10, 2013 at 10:23 am

    I was recommended this blog through my cousin. I’m not sure whether this put up is written by means of him as nobody else understand such specific approximately my trouble. You are incredible! Thanks!

Comments are closed.

Trackbacks

  1. The great ATM heist: How thieves brazenly stole $45 million in a few hours | Gens News says:
    May 10, 2013 at 3:41 pm

    […] says Tom Levenson at Balloon Juice. “I have no doubt that there are folks involved in this that you really, really don’t […]

  2. The great ATM heist: How thieves brazenly stole $45 million in a few hours | CodeBlue Technology says:
    May 11, 2013 at 4:33 am

    […] says Tom Levenson at Balloon Juice. “I have no doubt that there are folks involved in this that you really, really don’t […]

Primary Sidebar

On The Road - Mike in Oly - Woodard Bay Natural Resources Conservation Area
Image by Mike in Oly (5/24/25)

Recent Comments

  • bbleh on Open Thread: Concerning Senator Fetterman (May 24, 2025 @ 7:46pm)
  • sab on Saturday Afternoon Open Thread (May 24, 2025 @ 7:45pm)
  • schrodingers_cat on Saturday Afternoon Open Thread (May 24, 2025 @ 7:44pm)
  • Another Scott on Saturday Afternoon Open Thread (May 24, 2025 @ 7:43pm)
  • NeenerNeener on Saturday Afternoon Open Thread (May 24, 2025 @ 7:40pm)

PA Supreme Court At Risk

Donate

Balloon Juice Posts

View by Topic
View by Author
View by Month & Year
View by Past Author

Featuring

Medium Cool
Artists in Our Midst
Authors in Our Midst
War in Ukraine
Donate to Razom for Ukraine

🎈Keep Balloon Juice Ad Free

Become a Balloon Juice Patreon
Donate with Venmo, Zelle or PayPal

Meetups

Upcoming Ohio Meetup May 17
5/11 Post about the May 17 Ohio Meetup

Calling All Jackals

Site Feedback
Nominate a Rotating Tag
Submit Photos to On the Road
Balloon Juice Anniversary (All Links)
Balloon Juice Anniversary (All Posts)
Fix Nyms with Apostrophes

Hands Off! – Denver, San Diego & Austin

Social Media

Balloon Juice
WaterGirl
TaMara
John Cole
DougJ (aka NYT Pitchbot)
Betty Cracker
Tom Levenson
David Anderson
Major Major Major Major
DougJ NYT Pitchbot
mistermix

Keeping Track

Legal Challenges (Lawfare)
Republicans Fleeing Town Halls (TPM)
21 Letters (to Borrow or Steal)
Search Donations from a Brand

PA Supreme Court At Risk

Donate

Site Footer

Come for the politics, stay for the snark.

  • Facebook
  • RSS
  • Twitter
  • YouTube
  • Comment Policy
  • Our Authors
  • Blogroll
  • Our Artists
  • Privacy Policy

Copyright © 2025 Dev Balloon Juice · All Rights Reserved · Powered by BizBudding Inc

Share this ArticleLike this article? Email it to a friend!

Email sent!