A coordinated cybercriminal network pulled off one of the largest and most complex banking heists ever, withdrawing $13 million in one day from ATMs in six countries.
The massive breach hit Fidelity National Information Services Inc. (FIS), a Jacksonville, Fla.-based firm that processes prepaid debit cards. FIS disclosed the breach on May 5, but security researcher Brian Krebs dug deeper and found out the true scope of the devastating crime, which he reported in his KrebsonSecurity blog.
According to Krebs' sources, the attackers first broke into FIS' network and gained unauthorized access to the company's database, where each debit card customer's balances are stored.
FIS' prepaid debit cards include a fraud protection policy that limits the amount cardholders can withdraw from an ATM with a 24-hour period. Furthermore, once the balance on the cards is reached, the cards cannot be used until their owners put more money back onto the cards.
Here's where the criminals got crafty: they obtained 22 legitimate cards, eliminated each card's withdrawal limit, and cloned them, sending copies to conspirators in Greece, Russia, Spain, Sweden, Ukraine and the United Kingdom. When the prepaid limit on each card got too low, the hackers simply reloaded the fraudulent cards remotely.
At the close of the business day on Saturday, March 5, the criminals began taking out money from ATMs. By Sunday evening, the scam was over, and the attackers had stolen $13 million.
Krebs said it is not clear who is behind the attack on FIS, although the characteristics of the scheme put it in line with similar crimes perpetrated by cybercriminals in Estonia and Russia.