Cyber-Thieves Linked to Citibank ATM Breach
Joe Menn writes in The Financial Times:
The hacking ring allegedly at the centre of the largest-ever identity theft breach last week was also involved in cracking a network of Citibank-branded ATMs that were located in 7-Eleven stores and operated by a third company, a law enforcement source claimed.More here.
While hacking credit card data is common, successful attacks on ATM systems are much rarer and cause for greater concern because of the direct access they offer to large sums of money. Banks have said very little about their losses to cyber-thieves, but federal authorities say the figures have been growing rapidly.
In the case of the Citibank-branded ATMs, the perpetrators penetrated a network linking 2,200 kiosks inside 7-Eleven stores from late 2007 through to at least February 2008, the law enforcement sources said.
The ATMs displayed Citibank's logo. The network and the machines were owned by Texas-based CardTronics, which took in monthly fees from Citi.
According to documents from the earlier case, a group connected to the current allegations lifted card and PIN codes from the system, and their allies manufactured new cards that were used to get about $2m in cash from Citibank ATMs elsewhere. An FBI affidavit said Yuriy Ryabinin of Brooklyn withdrew $750,000 from Citibank accounts in February 2008.
A set of prepaid iWire cards was also compromised, leading to about $5m in fraudulent withdrawals. Most of the money was sent to Russia.