US federal prosecutors say cyber-criminals stole $45m by hacking their way into a database of prepaid debit cards and draining cash machines around the globe.
Authorities announced on Thursday that seven people forming the New York-based cell of the organisation were arrested in the case, which involved thousands of thefts from ATMs in at least 26 countries.
Prosecutors say an eighth person involved in the crime was murdered in the Dominican Republic late last month.
Loretta Lynch, the US attorney in Brooklyn, called the cyber-theft “a massive 21st-century bank heist”.
In one of the attacks, in just over 10 hours, $40m was raided from ATMs in 24 countries involving 36,000 transactions.
“In the place of guns and masks, this cyber crime organisation used laptops and the internet,” Lynch said. “Moving as swiftly as data over the internet, the organisation worked its way from the computer systems of international corporations to the streets of New York City.”
Counterfeit debit cards
According to the complaint, the gang broke into the computers of two credit card processors, one in India in December 2012 and the other in the United States this February.
The hackers increased the available balance and withdrawal limits on prepaid MasterCard debit cards issued by Bank of Muscat of Oman, and National Bank of Ras Al Khaimah PSC (RAKBANK) of the United Arab Emirates, according to the complaint.
They then distributed counterfeit debit cards to “cashers” around the world, enabling them to syphon millions of dollars from ATMs in a matter of hours.
One suspect was caught on surveillance cameras, his backpack increasingly loaded down with cash, authorities said.
Others took photos of themselves with giant wads of bills as they made their way up and down Manhattan.
The ringleaders are believed to be outside the US but prosecutors declined to give details, citing the ongoing investigation.