Security Advisor

Hackers Steal $45 Million from Thousands of ATMs


Federal prosecutors in New York filed charges against eight individuals who allegedly took part in a precise, worldwide attack on ATMs over a 24-hour period in February.

According to the unsealed indictment, those charged visited close to 3,000 ATMs in the New York City area and used information illegally obtained on five prepaid debit card accounts stolen from the Bank of Muscat in Oman and the National Bank of Ras Al-Khaimah PSC in the United Arab Emirates .

"In order to carry out the scheme, the hackers relied upon a trusted group of associates to disseminate the stolen financial information globally via the Internet to leaders of 'cashing crews' around the world," read the indictment. "The cashing crews consisted of individuals known as 'cashers' or 'cashiers.' The leader of these crews were responsible for planning, organizing and executing the cash outs in which the cashers conducted hundreds and in one case, thousands, of fraudulent transactions over a matter of hours via ATM withdrawals and fraudulent purchases using plastic cards encoded with stolen account information."

Every time the cashers would hit the ATM withdrawal limit of a particular machine, those on the computer side would then fraudulently replace the money on the account, allowing the runners to rewithdrawal it from another machine.

Authorities said that the New York crew's haul was estimated at $2.4 million and the worldwide total of this highly sophisticated cybercrime ring is said to be $45 million. Those running the scheme in Japan were able to grab $10 million due to the higher machine withdrawal limits in the country.

While worldwide law enforcement agencies have yet to give any more news on those responsible on the computer side of the operation, it is believed the man who was in charge of the New York cell was Lajud-Peña, who was discovered shot to death by two masked gunmen in the Dominican Republic on April 27.

So far, besides the unsealed indictment, very little is known on this incident. However, due to the massive scope of this cybercrime in both money and manpower, I'm expecting we'll be hearing new details on this incident as they unfold for quite some time.

"This was indeed the largest theft of this type that we have yet seen," said Loretta Lynch, the U.S. Attorney in Brooklyn, N.Y., during an announcement following the arrest of the eight individuals. "This was a 21st century bank heist that reached through the Internet to span the globe. But, instead of guns and masks, this cybercrime organization used laptops and malware."

About the Author

Chris Paoli is the site producer for and


  • First Chromium-Based Edge Browser Beta Release Now Available

    Microsoft Edge Insider Program participants now have access to the Beta Channel release of Microsoft's Chromium-based Edge Web browser on the Windows and Mac platforms.

  • Microsoft Planning To Answer Windows Virtual Desktop Questions Next Week

    Microsoft has set aside time to answer questions about its emerging Windows Virtual Desktop service on Wednesday of next week, according to an announcement.

  • With EPYC Rome Chips, AMD Could Eclipse Intel in Datacenter

    AMD's high-profile EPYC 7002 launch has datacenter analysts wondering if the end of Intel's long reign is nigh.

  • Microsoft Buys jClarity for Azure-Based Java Workloads

    In a bid to support its "continued contributions to open source while driving increased performance for Java workloads on Azure," Microsoft on Monday announced its acquisition of jClarity.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.