NEW YORK - The bloodless bank heist that netted more than $45 million has left even cybercrime experts impressed by the technical sophistication, if not the virtue, of the con artists who pulled off a remarkable internationally organized attack.
"It was pretty ingenious," Pace University computer science professor Darren Hayes said Friday.
On the creative side, a small team of highly skilled hackers penetrated bank systems, erased withdrawal limits on prepaid debit cards, and stole account numbers. On the operational end, criminals used handheld devices to change the information on the magnetic strips of old hotel key cards, used credit cards, and depleted debit cards.
Seven people were arrested in the United States and accused of operating the New York cell of what prosecutors said was a network that carried out thefts at ATMs in 27 countries, from Canada to Russia.
"It's pretty scary if you think about it. They changed the account balances. That's like the holy grail for a thief," said Chris Wysopal, cofounder of security company Veracode.
"There were obviously a lot of great minds behind this exploit, and then there were the pawns, the mules. They are entirely exploitable," said Phyllis Scheck, vice president at the security firm McAfee, who has testified to Congress about how banks and small businesses need to prepare for cyber thieves.
Scheck couldn't help be impressed by the choreography. "They executed while the iron was hot. They got in and got out," she said.
In the end, the victims were not individuals. They were two banks, Rakbank in the United Arab Emirates and the Bank of Muscat in Oman, which had their card processors breached, prosecutors said.
Investigations continue and arrests have been made in other countries, but New York prosecutors did not have details. More arrests in the United States were possible, they said.