Cybercrime Pays

Author: Clayton Locke

Over $40 million stolen in just one heist

According to an ex-Watergate burglar, ‘obviously crime pays, or there’d be no crime.’  And, most of the time, crime that pays makes the headlines: from Robin Hood to Jessie James to Bonnie & Clyde and Alberto Peña.

Who is Alberto Peña, you may ask?  Well, stop and think: how many famous cybercriminals can you name? Considering that the Great Train Robbers got away with about $40M in today’s money, you would think that the cybercriminal who managed to steal $40M in one heist this February would be pretty well known. As the New York Times reported:

On Feb 19, cashing crews were in place at ATM’s across Manhattan and in two dozen other countries waiting for word to spring into action… After securing 12 account numbers for cards issued by the Bank of Muscat in Oman and raising the withdrawal limits, the cashing crews were set in motion. Starting at 3 p.m., the crews made 36,000 transactions and withdrew about $40 million from machines in the various countries in about 10 hours. (www.nytimes.com)

They managed to crack the security around the magnetic strip of pre-paid cards, hack into the Bank of Oman using stolen personal information and use these details in a clever robbery designed to defeat the alarms set up to detect this type of crime. They would have gotten away with it if they hadn’t been so greedy because the $40M was not their first caper. Two months earlier they had used a similar MO to take $5M from the ATMs.

Why are there so few headlines about these cybercrimes? Some security experts theorise that banks do not report the cybercrime due to reputational risk. But perhaps it needs a bit more human interest. A quick look at the FBI files for high-street bank robbery will tell you everything you want to know – from the sex of the offenders to the most likely time of day for a bank robbery (9-11AM).  But the FBI report on cybercrime is very light on any bank fraud statistics. After all there are no guns, no hostages and no public shootouts when software on the internet is used to steal millions.

We are now marking the 30th anniversary of digital banking, and in that time it has become a central part of our everyday lives. More public awareness of how our governments are fighting cybercrime would be welcome. Marketing campaigns explaining how the financial industry is investing to secure information and networks is also required. But it might never be exciting enough to make front page news.

Alberto Peña, the master mind of the ATM heist, evaded the FBI and fled the USA before he could be apprehended. Unfortunately for him, sometime in April two hooded gunmen stormed his hide-out in the Dominican Republic. They started shooting while he was playing dominos. A manila envelope containing $100,000 wasn’t touched. Some things don’t change.

26 Nov 2013

Author: Clayton Locke

Over $40 million stolen in just one heist

According to an ex-Watergate burglar, ‘obviously crime pays, or there’d be no crime.’  And, most of the time, crime that pays makes the headlines: from Robin Hood to Jessie James to Bonnie & Clyde and Alberto Peña.

Who is Alberto Peña, you may ask?  Well, stop and think: how many famous cybercriminals can you name? Considering that the Great Train Robbers got away with about $40M in today’s money, you would think that the cybercriminal who managed to steal $40M in one heist this February would be pretty well known. As the New York Times reported:

On Feb 19, cashing crews were in place at ATM’s across Manhattan and in two dozen other countries waiting for word to spring into action… After securing 12 account numbers for cards issued by the Bank of Muscat in Oman and raising the withdrawal limits, the cashing crews were set in motion. Starting at 3 p.m., the crews made 36,000 transactions and withdrew about $40 million from machines in the various countries in about 10 hours. (www.nytimes.com)

They managed to crack the security around the magnetic strip of pre-paid cards, hack into the Bank of Oman using stolen personal information and use these details in a clever robbery designed to defeat the alarms set up to detect this type of crime. They would have gotten away with it if they hadn’t been so greedy because the $40M was not their first caper. Two months earlier they had used a similar MO to take $5M from the ATMs.

Why are there so few headlines about these cybercrimes? Some security experts theorise that banks do not report the cybercrime due to reputational risk. But perhaps it needs a bit more human interest. A quick look at the FBI files for high-street bank robbery will tell you everything you want to know – from the sex of the offenders to the most likely time of day for a bank robbery (9-11AM).  But the FBI report on cybercrime is very light on any bank fraud statistics. After all there are no guns, no hostages and no public shootouts when software on the internet is used to steal millions.

We are now marking the 30th anniversary of digital banking, and in that time it has become a central part of our everyday lives. More public awareness of how our governments are fighting cybercrime would be welcome. Marketing campaigns explaining how the financial industry is investing to secure information and networks is also required. But it might never be exciting enough to make front page news.

Alberto Peña, the master mind of the ATM heist, evaded the FBI and fled the USA before he could be apprehended. Unfortunately for him, sometime in April two hooded gunmen stormed his hide-out in the Dominican Republic. They started shooting while he was playing dominos. A manila envelope containing $100,000 wasn’t touched. Some things don’t change.