In the early hours of November 8, 2008, a young man in John Lennon shades and a black fedora slipped his card into an ATM machine in Chicago.The seemingly banal scene played out at 2100 ATMs in 280 other cities around the world from Atlanta to Moscow.
But these were no ordinary withdrawals. They were part of what a U.S. attorney now calls “perhaps the most sophisticated and organized computer fraud attack ever conducted." In November, four Eastern European twentysomething hackers were busted in coordinating the elaborate ATM heist, which netted them $9.4 million in just 12 hours. After hacking into the Atlanta-based RBS WorldPay, part of the Royal Bank of Scotland, they made bogus debit cards – which were used during the spree. So-called “cashers” got hired to make the withdrawals in exchange for a 30 to 50 percent cut. A mastermind nicknamed Hacker 3 coordinated the cashers, who did all their dirty work with just 44 fake cards.
ATM heists are growing. Recently, three crooks died after stealing an ATM case in a small town in Holland. The ATM’s anti-theft device exploded, spraying the cash with dye – the thieves died when their car wiped out on the run. In August, a fake ATM machine got set up at the casino hosting the annual DefCon hackers conference, and skimmed the card info from unsuspecting geeks. Old ATM machines – complete with card numbers – are being bought and sold on Craigslist for under $1000.
I’ve been following the ATM heist for months and waiting for the indictments – now that they’ve hit, a portal into a new kind of battle is emerging: how ATMs get stolen/hacked, and how banks are fighting against them.
David Kushner is the author of many books, including Masters of Doom, Jonny Magic & the Card Shark Kids, Levittown, The Bones of Marianna, and Alligator Candy. A contributing editor of Rolling Stone, he has written for publications including The New Yorker, Vanity Fair, Wired, and The New York Times Magazine.