Authorities in Niigata, Japan are making headway in their investigation of a heist that took place back in May where approximately $17.3 million was stolen from cash machines across the country in a single day.
The Japan Times reported that Niigata police arrested 11 men in connection with the crime, which impacted about 1,400 ATMs total during the heist.
According to the police, a well-known member of Japan’s largest organized crime syndicate was among the men taken into custody. The suspects range in age from 23 to 49 and are accused of not only stealing the funds, but also using fake credit cards from ATMs as well.
Authorities confirmed that some of the men arrested have admitted to their participation in the massive heist.
The transactions data suggests that the criminals leveraged generic cloned cards to withdrawal cash from ATMs and that the cards contained data from a South African bank.
The story echoes a similar pair of successful bank hacks that took place in 2012 and 2013 across 26 countries. During those attacks, a criminal syndicate used “cashout crews” to make $55 million go AWOL from ATM machines in the space of a couple of hours. In 2009, RBS WorldPay, the U.S. payments processing arm of Royal Bank of Scotland Group, lost $9 million in a 30-minute period during a global ATM heist that involved 100 cloned cards in 49 cities worldwide.
Just last month, a group of masked robbers are believed to have used a computer program to hack into ATMs in Taiwan to steal more than $2 million. The thieves are being accused of targeting more than 30 ATMs belonging to Taipei-based First Commercial Bank.
Kaspersky Lab announced new research regarding a hacker collective, known as the Skimer group, that uses malware to essentially make an ATM steal users’ money. Instead of putting skimmer devices on the ATM, this group makes the entire ATM a skimming device. This program was first discovered in 2009, but researchers have now discovered that the malware is being reused to attack banks around the world.
As part of its investigation, Kaspersky Lab found a new version of the malware on a bank’s ATM that had been planted by hackers. This is done, according to the researchers at the lab, in two ways: physical access to the ATM or through its internal network. After installation, the ATM is infected with the malware, which interacts with the bank’s payments infrastructure.