Archive for the ‘Internet’ Category


In one of the biggest ever bank heists, a global cyber crime ring stole $45 million from two Middle Eastern banks by hacking into credit card processing firms and withdrawing money from ATMs in 27 countries, U.S. prosecutors said on Thursday.

The U.S. Justice Department accused eight men of allegedly forming the New York-based cell of the organization, and said seven of them have been arrested. The eighth, allegedly a leader of the cell, was reported to have been murdered in the Dominican Republic on April 27.

The ringleaders are believed to be outside the United States but prosecutors declined to give details, citing the ongoing investigation. What’s clear is the sheer scope and speed of the crimes: in one of the attacks, in just over 10 hours, $40 million was raided from ATMs in 24 countries involving 36,000 transactions.

“In the place of guns and masks, this cyber crime organization used laptops and the Internet,” U.S. Attorney for the Eastern District of New York Loretta Lynch said at a news conference. “Moving as swiftly as data over the Internet, the organization worked its way from the computer systems of international corporations to the streets of New York City.”

The case demonstrates the major threat that cyber crime poses to banks around the world. It also shows how increasingly international and sophisticated criminal gangs have become, particularly those using the Internet.

Prosecutors highlighted the “surgical precision” of these hackers, the global nature of their organization, and the speed and coordination with which they executed operations in 27 countries.

According to the complaint, the gang broke into the computers of two credit card processors, one in India in December 2012 and the other in the United States this February. The companies were not identified.

The hackers increased the available balance and withdrawal limits on prepaid MasterCard debit cards issued by Bank of Muscat of Oman, and National Bank of Ras Al Khaimah PSC (RAKBANK) of the United Arab Emirates, according to the complaint. They then distributed counterfeit debit cards to “cashers” around the world, enabling them to siphon millions of dollars from ATMs in a matter of hours.

In New York, for example, members of the cell fanned out into the city on the afternoon of February 19, armed with cards bearing a single Bank of Muscat account number. Ten hours later, they had completed 2,904 withdrawals for $2.4 million in all, the final transaction coming around 1:26 a.m., prosecutors said.

Casher crews in other countries were busy doing the same, pulling some $40 million from Bank of Muscat to add to the $5 million they stole from RAKBANK in December, according to the indictment. In total, cashers made some 40,500 withdrawals in 27 countries during the two coordinated incidents.

Prosecutors said the method of attack was known as “Unlimited Operations” in the cyber underworld.

Representatives for the two banks could not be reached for comment outside of regular business hours.

In a statement, Mastercard said it had cooperated with law enforcement in the investigation and stressed that its systems were not involved or compromised in the attacks.

In late February, Bank Muscat disclosed that it would take an impairment charge of up to 15 million rials because it had been defrauded overseas by 12 prepaid debit cards used for travel. That charge was equal to more than half of the 25 million rials profit it posted in its first quarter ended March 31.

Highly skilled hackers
Cyber experts said they believe the operation likely required the work of several hundred people, at least several of whom were highly skilled hackers capable of devising ways to penetrate well-protected financial systems.

“Hackers only need to find one vulnerability to cause millions of dollars of damage,” said Mark Rasch, a former federal cyber crimes prosecutor, based in Bethesda, Maryland.

The group may have targeted Middle Eastern banks because they tend to allow customers to put much larger sums on cards and do not monitor them as closely as banks in other regions, said Shane Shook, global vice president of consulting for the security firm Cylance Inc.

“It’s a target-rich environment in terms of soft electronic security,” said Shook, an Arabic speaker who has spent more than a decade investigating cyber crimes.

The case is similar to one in 2009 that targeted the prepaid debit-card unit of Royal Bank of Scotland, which lost more than $9 million in less than 12 hours, said Jason Weinstein, a former federal prosecutor who supervised the Justice Department’s handling of that case.

That case was considered a watershed moment in cyber crime prosecutions at the time. “This dwarfs that case,” he said.

It is not clear if banks can seek to recover losses from card processors, legal experts said. Contracts usually have specific language governing the security protocols that must be in place, said Frederick Rivera, an attorney with Perkins Coie who specializes in financial services litigation.

If the processors failed to follow those requirements, they could be liable for the losses. If they had adequate security, however, the banks “could be left holding the bag,” Rivera said.

The banks might also be able to seek reimbursement under their insurance policies, many of which now have cyber crime provisions, or from the processors’ insurance carriers.

Weinstein also said that the processors could face regulatory scrutiny over whether they provided proper security.

The eight defendants – all U.S. citizens and residents of Yonkers, New York – were charged with withdrawing cash from the ATMs and transporting money, not hacking into the credit card processing firms or managing the operation.

The seven arrested are: Jael Mejia Collado, Joan Luis Minier Lara, Evan Jose Pena, Jose Familia Reyes, Elvis Rafael Rodriguez, Emir Yasser Yeje and Chung Yu-Holguin (known as “Chino El Abusador”). All except for Rodriguez were arraigned on Thursday and pleaded not guilty. Rodriguez’s attorney was unavailable. Only Pena has been released on bail.

The defendant who reportedly had been killed was Alberto Yusi Lajud-Pena, also known as “Prime” and “Albertico.” Lynch said it was unclear whether the murder was related to this case.

Prosecutors said cashers often laundered their proceeds by purchasing luxury goods, and sending a portion of the money back to the organization’s leaders.

Lynch said the New York gang kept roughly 20 percent of their takes, and sent the rest to the organizers. Authorities said they seized hundreds of thousands of dollars in cash and bank accounts, as well as two Rolex watches and a Mercedes SUV, from the defendants.

Investigators said that they found an email exchange with an account associated with a criminal money laundering operation in St. Petersburg, Russia, describing wire transfers.

An investigation is ongoing to see if other cells are operating in the country, Lynch said, adding that U.S. law enforcement had worked with counterparts in Japan, Canada, Germany, Romania, the United Arab Emirates, Dominican Republic, Mexico, Italy, Spain, Belgium, France, United Kingdom, Latvia, Estonia, Thailand, and Malaysia to uncover the ring.

No individual bank accounts were compromised by the scheme, Lynch said.

The case is U.S. v. Lajud-Pena et al., U.S. District Court, Eastern District of New York, No. 13-cr-259.




Fed up with Twitter friends ruining the plots of her favorite TV shows, high school senior and budding software engineer Jennie Lamere took matters into her own hands.

She’s finalizing an Internet browser plugin called Twivo that uses keywords inserted by the user — like a show’s title or the names of characters and actors — to intercept any plot-spoiling tweets.

“I was just getting kind of annoyed how on Tuesday, when a lot of my favorite shows were on, I could never go on Twitter because it was filled with spoilers,” the 17-year-old from New Hampshire told the Los Angeles Times.

The concept was original enough for Lamere to win top honors at the TVnext hackathon, or a computer programming competition, in Boston last month, where she was the only female participant.

Lamere is a fan of “Dance Moms” and “Pretty Little Liars,” but like a growing number of TV viewers, she prefers to watch episodes on streaming services like Hulu after their original broadcast.

Lamere, who hopes to work for Google one day, is already using a beta version of Twivo, but ironing out some kinks before releasing it for Google Chrome and Mozilla Firefox in a few weeks.


PayPal said on Wednesday that it acquired mobile app developer Duff Research, part of an effort by the online payment giant to become more nimble and technology focused.PayPal, owned by e-commerce company eBay Inc, did not disclose a purchase price.
Duff Research has built about 40 mobile apps for companies that include TiVo Inc and Adidas AG. The firm’s 18 employees, including co-founder Geoff Chatterton, will join PayPal, the companies said.
PayPal is battling a host of start-ups, such as Square Inc, that are trying to chip away at its lead in online and mobile payments.
PayPal has a reputation as slow and less innovative than some other technology companies and under new President David Marcus it is trying to change that.
“What we’re really after with this deal is the innovators and experience,” said James Barrese, chief technology officer at PayPal. “We are reinventing our organization to be more technology led.”
The Duff Research team will remain together at PayPal and work on projects aimed at making PayPal’s main digital wallet product easier to use for consumers and merchants, Barrese said.


Telecom firms owe the government a whopping Rs. 9,636.34 crore as outstanding amount for spectrum usage charges and licence fees, Parliament was informed Wednesday.Bharti Airtel, India’s largest private mobile operator, owes the maximum amount of Rs. 3,275.56 for spectrum usage charges and licence fee followed by state-run BSNL (Rs. 2,092.95 crore), Minister of State for Communication and IT Milind Deora said in a written reply to Lok Sabha.

Reliance Communication owes the third highest amount of Rs. 1,656.23 crore, followed by Vodafone (Rs. 1,122.01 crore), Tata Teleservices (Rs. 458.32 crore), Idea Cellular (Rs. 428.06 crore) among others, the Minister added.
The government has also imposed penalties to the tune of Rs. 2,199.73 crore on operators in respect of outstanding usage charges and licence fee, Deora said.
Government earned Rs. 6,889.28 crore from spectrum usage charges for 2012-13 fiscal, which includes Rs. 1,706.92 crore as auction money of 2G spectrum, and Rs. 8,540.71 crore as licence fee for first three quarters of the ongoing fiscal.
In the previous fiscal, the spectrum usage charges were Rs. 4,856.05 crore and licence fees totalled to Rs. 11,413.23 crore.
Deora added that telecom operators owe the government an outstanding amount of Rs. 23,177.65 crore for one-time spectrum charges for spectrum beyond 4.4 MHz in respect of GSM spectrum.
“The operators have been given an option of deferred payment. The first instalment has not been paid by the operators, which have been taken as outstanding dues. The matter is sub-judice,” he said.
Earlier, telecom operators were given 4.4 MHz of spectrum with licence at price of Rs. 1,658 crore for pan-India operations and later they were entitled to get 1.8 MHz spectrum on fulfilment of certain subscriber base criteria.
The government has decided that existing operators should pay for holding spectrum above 6.2 MHz retrospectively, from July 2008 to December 31, 2012. For spectrum above 4.4MHz, they would have to pay for the remaining period of their licences starting January 1, 2013.
The operators were given the option to surrender spectrum beyond 4.4 MHz if they did not wish to pay the charges.
The price of the spectrum was determined on the basis of the price discovered in the 1800 MHz spectrum auction last year.
“Most of the aforesaid dues are under litigation,” Deora told the house.


Cyber security threats against the United States are growing, President Barack Obama said before a meeting on Wednesday with corporate leaders about the issue, as concerns rise about hacking attacks emanating from China.Speaking in a television interview, Obama stopped short of echoing concerns expressed by some lawmakers that the United States was engaged in some kind of electronic war with China.
“You always have to be careful with war analogies there’s a big difference between them engaging in cyber espionage or cyber attacks and, obviously, a hot war,” Obama told ABC News in the interview, which was taped on Tuesday but aired on Wednesday.
“What is absolutely true is that we have seen a steady ramping up of cyber security threats.”
Some of the threats are “absolutely” sponsored by governments, he said. “Some are state sponsored. Some are just sponsored by criminals.”
“We’ve made it very clear to China and some other state actors that, you know, we expect them to follow international norms and abide by international rules,” Obama said, adding that Washington has already had “some pretty tough talk” with other countries.
Cyber attacks can cost billions of dollars, lead to stolen industry secrets, and place the United States at a competitive disadvantage, he said.
Obama is scheduled to meet with a group of CEOs at the White House later in the day to solicit their input on how the government and private sector together can improve U.S. security for the Internet, online databases and more. The White House has not yet named the CEOs.
The meeting comes just days after U.S. authorities said they were investigating reports that Obama’s own family had been hit by hacking.
The president said in the interview that he did not know whether reports were true that hackers had posted financial and personal information online about his wife, Michelle, along with other high-profile Americans.
“It would not shock me if some information among people who presumably have pretty good safeguards against it, still gets out,” he said.
Obama signed an executive order a month ago directing authorities to improve information sharing on cyber threats. However, such orders do not carry the weight of law and Obama told ABC that Congress has to act.
A Senate bill on cyber security last year failed to secure enough votes to pass, and was opposed by business groups.
“There are ways that we can harden our critical infrastructure, our financial sector,” Obama said. “They need to get this done.”