Investigators in the US and several other countries, including Britain, have cracked open a vast cash machine scam which yielded $45m (£29m) for its perpetrators scattered around the globe, making it one of the largest and most brazen bank heists ever seen.
Even as they offered details of the conspiracy, prosecutors conceded that some of it read like a film script – such as the revelation that the man believed to have led the New York end of the operation was found dead in the Dominican Republic, with an envelope containing $100,000 in cash untouched at his side.
Eight men in Manhattan have been charged over the conspiracy, including the dead man, while two Dutch citizens, a man and a woman, were arrested last night in Germany. While the scale and reach of the thefts are remarkable, it is the way they were executed that is most startling, proving again that just as fast as the world’s banks move to bolster their electronic security systems, so the criminal underworld is working just as swiftly to find ways to corrupt them.
Loretta Lynch, a US prosecutor in the case, said: “In the place of guns and masks, this cyber-crime organisation used laptops and the internet. Moving as swiftly as data over the internet, the organisation worked its way from the computer systems of international corporations to the streets of New York City, with the defendants fanning out across Manhattan to steal millions of dollars from hundreds of ATMs in a matter of hours.”
If the criminal operation was clever it was also global, and the men arrested in the US this week represent only a small part of it. Its inception involved computer hackers who infiltrated the networks of a credit-card processing company in India and the National Bank of Ras Al-Khaimah in the United Arab Emirates. They then allegedly raised the daily withdrawal limits on a number of debit cards.
According to the charges filed in court in New York, “even a few compromised bank account numbers can result in tremendous financial loss to the victim financial institution”.
Information about the compromised accounts was shared with conspiracy leaders in 20 countries, who encoded it on to fake debit cards. Those cards were then given to so-called cashing crews, who physically withdrew cash from ATMs.
The operation was repeated in February, targeting a different processing company and bank. In that round, US officials say, $40m was taken.
Almost a subplot, meanwhile, is the killing on 27 April in the Dominican Republic of Alberto Lajud-Peña, 23, identified by prosecutors as the leader of the New York crew. Known on the street as “Prime” and “Albertico”, he is believed to have fled the US as the police closed in. He is said to have died when hooded gunmen burst into an apartment where he was playing dominoes. They left the envelope of cash, but investigators do not know if his murder is related to the case.Reuse content