On November 7th and 8th, 2008 a group of Russian and Estonian hackers raised the balances on several ATM “prepaid payroll cards” belonging to RBS WorldPay, headquartered in Atlanta, Georgia. The hackers also modified the business logic regarding the limits on how much money could be withdrawn from a single account via ATM machines. At the pre-arranged time, a world-wide ATM spree began, with hackers using duplicates of 44 payroll cards to make withdrawals from 2,100 ATM machines in at least 280 cities around the world, including cities in the United States, Russia, Ukraine, Estonia, Italy, Hong Kong, Japan, and Canada.

When the adrenaline rush cleared, the gang had stolen Nine Million Dollars in twelve hours, and the hackers hit RBS WorldPay seeking to destroy all copies of the records of these withdrawals. The “cashiers”, the people who actually used the ATM cards, were allowed to keep between 30% and 50% of the funds they withdrew, sending the rest back to the ring-leaders via Webmoney and Western Union.

The questions being asked by EVERYONE was “HOW IS THAT POSSIBLE?!?!?!” For instance, look at the comments on this Boing Boing article: Flashmob of ATM crooks scores $9 million. At that time the news was that “less than 100″ cards were used in 30 minutes in 49 cities. Everyone was saying “That’s like $90,000 per payroll card? Who has that kind of money on a payroll card?” or “Can you imagine trying to take 3,500 $20 bills out of an ATM?” Keep reading, because those questions are answered below.

On November 10th, 2009, just about one year later, Special Agent in Charge Greg Jones of the Atlanta FBI issued a press release entitled International Effort Defeats Major Hacking Ring: Elaborate Scheme Stole over $9.4 Million from Credit Card Processor.

VIKTOR PLESHCHUK, 28, of St. Petersburg, Russia; SERGEI TŠURIKOV, 25, of Tallinn, Estonia; and OLEG COVELIN, 28, of Chişinău, Moldova, along with an unidentified individual, have been indicted by a federal grand jury on charges of conspiracy to commit wire fraud, wire fraud, conspiracy to commit computer fraud, computer fraud, and aggravated identity theft. IGOR GRUDIJEV, 31, RONALD TSOI, 31, EVELIN TSOI, 20, and MIHHAIL JEVGENOV, 33, each of Tallinn, Estonia, have been indicted by a federal grand jury on charges of access device fraud.

Read more here: http://garwarner.blogspot.com