• Menu
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Before Header

  • About Us
  • Lexicon
  • Contact Us
  • Our Store
  • ↑
  • ↓
  • ←
  • →

Balloon Juice

Come for the politics, stay for the snark.

Damn right I heard that as a threat.

Republicans do not pay their debts.

Too often we hand the biggest microphones to the cynics and the critics who delight in declaring failure.

“Everybody’s entitled to be an idiot.”

… pundit janitors mopping up after the GOP

Sadly, there is no cure for stupid.

The republican caucus is already covering themselves with something, and it’s not glory.

Accountability, motherfuckers.

They fucked up the fucking up of the fuckup!

Red lights blinking on democracy’s dashboard

You don’t get rid of your umbrella while it’s still raining.

White supremacy is terrorism.

We still have time to mess this up!

Their freedom requires your slavery.

Let us savor the impending downfall of lawless scoundrels who richly deserve the trouble barreling their way.

No one could have predicted…

If you are still in the GOP, you are an extremist.

This really is a full service blog.

I’d try pessimism, but it probably wouldn’t work.

Incompetence, fear, or corruption? why not all three?

New McCarthy, same old McCarthyism.

They are lying in pursuit of an agenda.

A lot of Dems talk about what the media tells them to talk about. Not helpful.

Conservatism: there are some people the law protects but does not bind and others who the law binds but does not protect.

Mobile Menu

  • Winnable House Races
  • Donate with Venmo, Zelle & PayPal
  • Site Feedback
  • War in Ukraine
  • Submit Photos to On the Road
  • Politics
  • On The Road
  • Open Threads
  • Topics
  • Balloon Juice 2023 Pet Calendar (coming soon)
  • COVID-19 Coronavirus
  • Authors
  • About Us
  • Contact Us
  • Lexicon
  • Our Store
  • Politics
  • Open Threads
  • War in Ukraine
  • Garden Chats
  • On The Road
  • 2021-22 Fundraising!
You are here: Home / Economics / C.R.E.A.M. / Dog Bites Man — Internet Bank Heist Version

Dog Bites Man — Internet Bank Heist Version

by Tom Levenson|  May 9, 20136:03 pm| 34 Comments

This post is in: C.R.E.A.M., Free Markets Solve Everything, Science & Technology

FacebookTweetEmail

Least suprising story of the year here:

…in two precision operations that involved people in more than two dozen countries acting in close coordination and with surgical precision, the organization was able to steal $45 million from thousands of A.T.M.’s in a matter of hours.

In New York City alone, the thieves responsible for A.T.M. withdrawals struck 2,904 machines over 10 hours on Feb. 19, withdrawing $2.4 million.

The scam was simple and very smart:  hack credit card processing companies in India and the US; then raise the credit limits on pre-paid debit cards issued by a couple of banks in the Persian Gulf.  Clone the data on said cards so that teams IRL could hit machines in multiple countries, stuffing wads of cash in backpacks that surveillance video shows getting heavier and heavier. Rince, repeat, profit.

Constant_Wauters_Der_ertappte_Hausdiener

All this comes out of an unsealed indictment for a New York City crew of eight involved in the impressively effortful spree noted in the quote above.

Don’t try this at home, kids — not only is it a pretty hefty felony, and not your money and all that — but then there’s this:

The authorities said the leader of the New York cashing crew was Alberto Lajud-Peña, 23, who also went by the name Prime. His body was found in the Dominican Republic on April 27 and prosecutors said they believe he was killed.

I have no doubt that there are folks involved in this that you really, really don’t want to irritate.  None of the putative kingpins have been identified, but in an even less surprising footnote to the tale, the authorities are tracking down some of the loot in predictable forms:

The authorities have already seized hundreds of thousands of dollars from bank accounts, two Rolex watches and a Mercedes S.U.V., and are in the process of seizing a Porsche Panamera.

Part of me says that this is something to note because so much of the financial life of individuals and the economy writ large depends on the secure functioning of — and user trust in — global banking systems at every level from the corner ATM to the massive inter-bank clearing mechanisms.

The cyber security people I talk to have to hold their hands over the mouths to stop themselves from blurting “WAKE UP SHEEPLE!!!!!” — as that trust rests on a rickety tangle of hardware and software.  So while there’s a kind of Great Train Robbery thrill to the idea of capers like these, this could get ugly indeed.

The real question, though, is what role George Clooney will play.

Image: Constant Wauters, The servant as a thief, 1845.

FacebookTweetEmail
Previous Post: « I don’t understand what they mean and I could really give a fuck
Next Post: The Reverse Midas Touch »

Reader Interactions

34Comments

  1. 1.

    Trollhattan

    May 9, 2013 at 6:10 pm

    Wow, that’s pretty darn brazen for an organization not called Enron. Speaking of caper movies that Must be Made, I demand the Belgian diamond heist be given the Guy Ritchie treatment.

    http://www.bbc.co.uk/news/world-europe-22460557

  2. 2.

    EthylEster

    May 9, 2013 at 6:11 pm

    This really slays me.

    The experts have been warning about security breaches for YEARS. And they will only get worse.

    And today I logged into my XXX financial services account for the first time and was prompted to enter a new password. It has to be all numeric. Is that dumb or what? And the security questions are LAME as well.

  3. 3.

    Brother Machine Gun of Desirable Mindfulness (fka AWS)

    May 9, 2013 at 6:18 pm

    @Trollhattan:

    Wow, that’s pretty darn brazen for an organization not called Enron a Wall Street Bank.

    FTFY

  4. 4.

    joes527

    May 9, 2013 at 6:19 pm

    3000 ATM withdraws in 10 hours?

    That’s a metric fuckton of people that need to be involved. Unless the folks in the center of this kept their identity from the foot soldiers, there is no way that this wouldn’t blow wide open.

    So smart, and so stupid.

  5. 5.

    MikeJ

    May 9, 2013 at 6:27 pm

    @EthylEster:

    And today I logged into my XXX financial services account for the first time and was prompted to enter a new password

    If they aren’t using two factor auth, don’t connect over the internet.

  6. 6.

    lumpkin

    May 9, 2013 at 6:28 pm

    >>>The cyber security people I talk to have to hold their hands over the mouths to stop themselves from blurting “WAKE UP SHEEPLE!!!!!” — as that trust rests on a rickety tangle of hardware and software. So while there’s a kind of Great Train Robbery thrill to the idea of capers like these, this could get ugly indeed<<<

    I dunno – $45M from multiple banks that have $billions? Sure it's a crime and they should do the time, but seriously – is this something to freak about? I'm sure that way more than $45M gets stolen every day via conventional means.

  7. 7.

    Gordon, the Big Express Engine

    May 9, 2013 at 6:33 pm

    @EthylEster: my password is baloney1. It used to just be baloney, but now they make you add *number*

  8. 8.

    Another Halocene Human

    May 9, 2013 at 6:33 pm

    CapitalOne inherited INGDirect’s online banking business and they seemed to have pretty good security although I’ve noticed they slacked up (trying to close out my accounts because CapitalOne are a bunch of thieves). Dunno what it’s like behind the scenes. I think Ing required pin and password and the pin would rotate the secured alphanumerics (essentially, you memorized where the buttons were on the screen) sent to authorize you, AND Ing would send you an image confirming it was them and NOT a phishing site.

    Fuckin’ sucks that the pimped OptionARMs like nobody’s business and completely blew up their US division. Also went down hard in Netherlands but their gov’t bailed them out. IngDirect was sold to a US bank.

    Local coop banking for me from now on.

  9. 9.

    Another Halocene Human

    May 9, 2013 at 6:37 pm

    @Gordon, the Big Express Engine: Ha ha, I did that for years, not because it was required, but to hopefully fuck up dictionary attacks on my password.

    Old license plate codes are good too, but only if someone close to you isn’t likely to steal your identity and, sadly, maybe 25-30% of identity theft is family members? Ugh.

    Some of these clowns that ruin their kid’s credit don’t even think it’s wrong. Nor do I understand why banks don’t kind of catch on that, hey, the DOB here is a little off, hey, isn’t this actually the guy who charged off two loans here three years ago? Oh wait, that would mean not having low pay, high turnover, commission paid assholes as your main floor staff. Oops.

  10. 10.

    Schlemizel

    May 9, 2013 at 6:37 pm

    I am cyber security professional. There are people out there very capable of pulling this off but the smart ones are doing it more slowly.

    BTW – this is all small potatoes to what the Chinese are doing. They have deeply implanted backdoors into millions of computers including a lot that you wouldn’t think had any real value. But they are playing a long game & all info they gather has value. And they use it in credibly smart ways. For instance they were able to pull all the cost data out of one company’s systems and managed to know exactly how much to bid to take business away from that company. The joint government/industry partnership will own us all

  11. 11.

    Baud

    May 9, 2013 at 6:40 pm

    @Schlemizel:

    What do you think of CISPA?

  12. 12.

    Raven Onthehill

    May 9, 2013 at 6:41 pm

    The cipherpunks were almost right. It turns that that without good security which, yes, includes strong encryption, it becomes impossible to rely on computer networks in a free civil society.

    And now, over to the future, where we all are arriving, one day at a time.

  13. 13.

    Raven Onthehill

    May 9, 2013 at 6:43 pm

    A general rule of thumb is that passwords are weak to sort-of-OK security. If we intend to keep using computer networks for our day-to-day business, we had best change.

  14. 14.

    Another Halocene Human

    May 9, 2013 at 6:44 pm

    @lumpkin: The scandal is that the banks will gather all these infos on you, keep them on unsecured dbs within their walls, and don’t give a shit–probably won’t even tell you–when organized crime (usually their own employees) steals tens of thousands of account holders info.

    Banks have always been about the bullshit. I mean look at their early 20th century facades. Look at their names. They’ve always been a game but one with I guess a purpose, though it’s not like government couldn’t give out loans to businesses and shit. But that’s not how the West was won, gov’t gave out tax breaks and used eminent domain powers, while fly-by-night banks provided the cheap credit the boom towns and homesteaders needed. Savings institutions? Ha ha ha. Keep it under the FDIC limit, kiddies.

    What sucks among so many things that sucks about stupid Americans is that we flip out about government and privacy, which is fair enough, but don’t seem to care that private institutions have almost no restrictions on getting our information, keeping them in unsafe ways, not restricting who has access to it, selling it, etc. HIPAA put some limits on some sorts of data but nothing like what people imagine it does. Then add in the absolutely incorrect info being perpetuated in peoples’ credit records with no recourse that counts for anything and now drop in identity theft into that mix. This shit is extremely destructive (financially and emotionally) to the little guy. Private profits, personal risk, while the “good cop” of the gov’t sits back… Wall Street paid Uncle Sam off.

  15. 15.

    Gordon, the Big Express Engine

    May 9, 2013 at 6:47 pm

    @Another Halocene Human: I was quoting Mr. Chow from The Hangover 2… I don’t really do that!

  16. 16.

    David Koch

    May 9, 2013 at 7:06 pm

    inb4 “I blame Obama”

  17. 17.

    Bill Arnold

    May 9, 2013 at 7:10 pm

    @Schlemizel:
    Out of curiousity, how many such back doors have been found, e.g. through reverse engineering?

  18. 18.

    The prophet Nostradumbass

    May 9, 2013 at 7:20 pm

    In the last week or so, my mom has received two phone calls from some guy in India pretending that her computer was infected with and spreading viruses, trying to get her to do something. The first time, she hung up on him herself, and the second, she handed the phone to me.

  19. 19.

    Roger Moore

    May 9, 2013 at 7:30 pm

    One of the big ways they deal with this is to hang the losses from fraud on the banks rather than account holders. This has two beneficial effects:

    1) It keeps the little people sheeple from panicking and abandoning the system, since they are protected from losses better than if they tried to keep their money as cash, and

    2) It gives the banks a huge incentive to keep security tight. Yeah, they got taken for $45 million in this caper, but when was the last time you heard of anyone pulling anything close to that big against a major bank? It’s very rare, and is a good sign that the banks’ security is pretty tight.

  20. 20.

    mapaghimagsik

    May 9, 2013 at 7:35 pm

    Things are getting interesting, cyber-security wise, even a cyber security budgets seem to be getting smaller.

    I do code security. It’s pretty amazing how much training needs to be done.

  21. 21.

    Uncle Cosmo

    May 9, 2013 at 7:38 pm

    I keep getting these phone messages that “this is your final notice to lower your credit card interest rate–press 1” blah blah blah.

    This morning I pressed 1 & a guy came on the line & said “Hi, do you want to lower your credit card interest rate?”

    I replied, “I want to know who you people are & why you keep calling me.”

    “Have a good day.” (click)

    Next time I have half a mind to say yes just to see what kind of personal information they want from me. I have half of that half a mind to make up a bunch of shit in advance to use to fuck with them.

  22. 22.

    Bruce S

    May 9, 2013 at 7:39 pm

    Too bad some bodies of ringleaders of the REAL Great Bank Heist of ’08 didn’t turn up full of lead in the DR…

    It’s always the little guys who get caught or shot. This was ridiculously labor intensive and $45 million is peanuts. As they say, the best way to rob a bank is to own one.

  23. 23.

    Gex

    May 9, 2013 at 7:59 pm

    Until financial institutions that fail to secure financial data (or ascertain that the person applying for credit is the person they say they are) these things will never stop.

    If the institutions that don’t bother to make sure that everything is on the up and up had to pay the costs associated with their in ability to protect consumer data, this shit would stop pretty quick. So long as the poor person who simply exists in this modern world has to pay the costs of his data being stolen, this will continue apace.

    The fact of the matter is that these big businesses are VERY good at making sure they don’t lose money. Watch how the RIAA manages to track nearly every bit on the Internet that is part of a song. It can be done. It just won’t be done because the costs are externalized.

  24. 24.

    Jacques Anquetil

    May 9, 2013 at 8:00 pm

    I work for a large multinational bank in the merchant risk field and all I can say is this is only going to get worse. Note I did not say it worse before getting better, because it will simply get worse and worse.
    One example of banks and credit card companies trying to combat fraud is EMV enabled cards. These have a chip in them which theoretically makes it harder to hack than a simple magstripe. Most of the world has migrated to EMV, but the US is the laggard and we only expect full implementation in 2015. Know what that means? Data thieves will be out in full force stealing based on current card usage and will be learning how to beat EMV. This has already happened in GB where EMV has been around for a bit, and criminals are mastering man in the middle attacks to defeat the technology.
    The only way to fight this is to educate consumers who will fall for some of the stupidest shit imaginable. Merchants as well have their fair share of people you wonder how they managed to live thus far.
    Stupid people + payment method = THEFT 100% of the time.

  25. 25.

    MattR

    May 9, 2013 at 8:08 pm

    @Uncle Cosmo: I had the same reaction when I politely asked them what financial institution they were associated with.

  26. 26.

    BruceJ

    May 9, 2013 at 8:22 pm

    Well part if the problem is because the US is too damned backwards to move to smart cards like the rest of the goddamn civilized world.

    From the Washington Post story:

    “Some of the fault lies with the ubiquitous magnetic strips on the back of the cards. The rest of the world has largely abandoned cards with magnetic strips in favor of ones with built-in chips that are nearly impossible to copy. But because U.S. banks and merchants have stuck to cards with magnetic strips, they are still accepted around the world.”

    They were loading this data onto old hotel keys, expired credit cards, anuythign with a strip on it.

  27. 27.

    RepubAnon

    May 9, 2013 at 8:56 pm

    I expect the Bank’s next move will be have their pets in Congress pass legislation making the account holder liable if a hacker steals their money. The legislation will have ‘Homeland”, “For the Children” and “9/11” in the the title…

  28. 28.

    Dr. Squid

    May 9, 2013 at 8:58 pm

    Wonder how much the banks collected in fees from all those transactions.

  29. 29.

    catclub

    May 9, 2013 at 9:43 pm

    @The prophet Nostradumbass: My wife got that call, too. Or maybe we are married to the same person.

  30. 30.

    catclub

    May 9, 2013 at 9:48 pm

    @Roger Moore: But the banks push debit cards over credit cards, because the debit card is directly linked to your bank account, and the protections for the consumer are much worse. So I am not in agreement with your faith in the banks.

    Somebody else noted that the US has not gone to chip and pin credit cards. Actually there are two banks (One is a maryland Credit Union) in the US that do issue chip and pin cards.

  31. 31.

    El Cid

    May 9, 2013 at 10:15 pm

    They should have just pooled money, lobbied a few Congressmen to deregulate what they wanted to do, and then steal all this legally.

  32. 32.

    Reuben

    May 10, 2013 at 10:23 am

    I was recommended this blog through my cousin. I’m not sure whether this put up is written by means of him as nobody else understand such specific approximately my trouble. You are incredible! Thanks!

Comments are closed.

Trackbacks

  1. The great ATM heist: How thieves brazenly stole $45 million in a few hours | Gens News says:
    May 10, 2013 at 3:41 pm

    […] says Tom Levenson at Balloon Juice. “I have no doubt that there are folks involved in this that you really, really don’t […]

  2. The great ATM heist: How thieves brazenly stole $45 million in a few hours | CodeBlue Technology says:
    May 11, 2013 at 4:33 am

    […] says Tom Levenson at Balloon Juice. “I have no doubt that there are folks involved in this that you really, really don’t […]

Primary Sidebar

Recent Comments

  • Poe Larity on Breaking News Open Thread: TFG Indicted (Mar 30, 2023 @ 5:59pm)
  • UncleEbeneezer on Cake! Manhattan Grand Jury Voted to Indict Trump (Mar 30, 2023 @ 5:59pm)
  • Gin & Tonic on Cake! Manhattan Grand Jury Voted to Indict Trump (Mar 30, 2023 @ 5:58pm)
  • Alison Rose on Breaking News Open Thread: TFG Indicted (Mar 30, 2023 @ 5:58pm)
  • Another Scott on Cake! Manhattan Grand Jury Voted to Indict Trump (Mar 30, 2023 @ 5:58pm)

Balloon Juice Meetups!

All Meetups
Seattle Meetup coming up on April 4!

🎈Keep Balloon Juice Ad Free

Become a Balloon Juice Patreon
Donate with Venmo, Zelle or PayPal

Fundraising 2023-24

Wis*Dems Supreme Court + SD-8

Balloon Juice Posts

View by Topic
View by Author
View by Month & Year
View by Past Author

Featuring

Medium Cool
Artists in Our Midst
Authors in Our Midst
We All Need A Little Kindness
Classified Documents: A Primer
State & Local Elections Discussion

Calling All Jackals

Site Feedback
Nominate a Rotating Tag
Submit Photos to On the Road
Balloon Juice Mailing List Signup
Balloon Juice Anniversary (All Links)
Balloon Juice Anniversary (All Posts)

Twitter / Spoutible

Balloon Juice (Spoutible)
WaterGirl (Spoutible)
TaMara (Spoutible)
John Cole
DougJ (aka NYT Pitchbot)
Betty Cracker
Tom Levenson
TaMara
David Anderson
Major Major Major Major
ActualCitizensUnited

Join the Fight!

Join the Fight Signup Form
All Join the Fight Posts

Balloon Juice Events

5/14  The Apocalypse
5/20  Home Away from Home
5/29  We’re Back, Baby
7/21  Merging!

Balloon Juice for Ukraine

Donate

Site Footer

Come for the politics, stay for the snark.

  • Facebook
  • RSS
  • Twitter
  • YouTube
  • Comment Policy
  • Our Authors
  • Blogroll
  • Our Artists
  • Privacy Policy

Copyright © 2023 Dev Balloon Juice · All Rights Reserved · Powered by BizBudding Inc

Share this ArticleLike this article? Email it to a friend!

Email sent!