A Professional ATM Theft
Fidelity National Information Services Inc. (FIS) lost $13M to an ATM theft earlier this year:
KrebsOnSecurity recently discovered previously undisclosed details of the successful escapade. According to sources close to the investigation, cyber thieves broke into the FIS network and targeted the Sunrise platform’s “open-loop” prepaid debit cards. The balances on these prepaid cards aren’t stored on the cards themselves; rather, the card numbers correspond to records in a central database, where the balances are recorded. Some prepaid cards cannot be used once their balance has been exhausted, but the prepaid cards used in this attack can be replenished by adding funds. Prepaid cards usually limit the amounts that cardholders can withdraw from a cash machine within a 24 hour period.
Apparently, the crooks were able to drastically increase or eliminate the withdrawal limits for 22 prepaid cards that they had obtained. The fraudsters then cloned the prepaid cards, and distributed them to co-conspirators in several major cities across Europe, Russia and Ukraine.
Sources say the thieves waited until the close of business in the United States on Saturday, March 5, 2011, to launch their attack. Working into Sunday evening, conspirators in Greece, Russia, Spain, Sweden, Ukraine and the United Kingdom used the cloned cards to withdraw cash from dozens of ATMs. Armed with unauthorized access to FIS’s card platform, the crooks were able to reload the cards remotely when the cash withdrawals brought their balances close to zero.
This reminds me of the RBS WorldPay theft from a couple of years ago.
Clive Robinson • September 2, 2011 7:14 AM
Yes and one or two other security problems with the likes of ID documents.
Put simply “off line” security does not work the same way as “on line” security, and thus you can have multiple replay attacks against an off line system that would fail with an on line system.
P.S. as it’s caused problems on this blog in the past my use of “on line” and “off line” is very specific to the usage mode not the more recent generalised perception of what the terms mean.