Ocean's 14 - high-speed bank fraud at casinos

[Jeffrey Walton <noloader () gmail com>]

I'm amazed that Citbank has such a fundamental defect in their
transaction processing. Wait, no I'm not...

http://www.h-online.com/security/news/item/Ocean-s-14-high-speed-bank-fraud-at-casinos-1741079.html

Criminals have used a bit of trickery to rob $1 million from Citibank.
The criminals found out that they could withdraw many times the
deposited amount in a bank account if they operate in parallel and
within a very narrow time window.

To exploit the vulnerability, the robbers had to be very precise and
withdraw identical sums within 60 seconds. In this time window,
Citibank didn't detect that the withdrawn amounts were many times
higher than the available balance. This was possible due to a flaw in
Citibank's security protocol for electronic transactions. According to
a report from The Press-Enterprise, the vulnerability has now been
closed.

Apart from group leader Ara Keshishyan, 13 other individuals were
involved in the bank fraud. Keshishyan opened accounts with an initial
deposit of around $10,000 that were subsequently raided via special
cash machines in at least eleven different casinos in the US States of
California and Nevada. To avoid US federal reporting requirements for
financial transactions, the criminals never withdrew more than
$10,000. They spent the money where they stole it, using it to gamble
and sometimes even enjoying free accommodation in the casinos due to
their "high roller" status.
...
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.