BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

How Cybercrime Gang Stole $13 Million in 1 Day

From: Jeffrey Walton <noloader () gmail com>
Date: Wed, 31 Aug 2011 01:23:45 -0400
I see Fidelity National Information Services has four other losses,
but the May 5th incident is missing. But don't worry - the executives
will get a bonus for a 'job well done', and pass the losses incurred
onto share holders.

http://krebsonsecurity.com/2011/08/coordinated-atm-heist-nets-thieves-13m/

Jacksonville based Fidelity National Information Services Inc. (FIS)
bills itself as the world’s largest processor of prepaid debit cards;
FIS claims to process more than 775 million transactions annually. The
company disclosed the breach in its first quarter earnings statement
issued May 3, 2011. But details of the attack remained shrouded in
secrecy as the FBI and forensic investigators probed one of the
biggest and most complex banking heists of its kind.
...

KrebsOnSecurity recently discovered previously undisclosed details of
the successful escapade. According to sources close to the
investigation, cyber thieves broke into the FIS network and targeted
the Sunrise platform’s “open-loop” prepaid debit cards. The balances
on these prepaid cards aren’t stored on the cards themselves; rather,
the card numbers correspond to records in a central database, where
the balances are recorded. Some prepaid cards cannot be used once
their balance has been exhausted, but the prepaid cards used in this
attack can be replenished by adding funds. Prepaid cards usually limit
the amounts that cardholders can withdraw from a cash machine within a
24 hour period.

Apparently, the crooks were able to drastically increase or eliminate
the withdrawal limits for 22 prepaid cards that they had obtained. The
fraudsters then cloned the prepaid cards, and distributed them to
co-conspirators in several major cities across Europe, Russia and
Ukraine.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/
Previous By Date Next
Previous By Thread Next

Current thread: