Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,511
- Points
- 113
How bank card cloning added millions of dollars to North Korea's budget.
A few years ago, a rather interesting cyber incident took place in India, the details of which were revealed quite recently. Some intruders tricked a group of men into becoming unwitting participants in a major bank robbery. Unknown people offered a group of friends small roles in a Bollywood film. However, as it turned out later, this "movie" would never have made it to the big screens.
On a quiet Saturday afternoon, employees at Cosmos Bank's head office in Pune began receiving a series of alarming messages from Visa. The largest payment operator has warned bank employees that it is detecting thousands of requests to withdraw large amounts from Visa Cosmos cards at ATMs around the world. However, when bank employees checked their own systems, they were unable to find any evidence of anomalous transactions.
About half an hour later, the bank's management decided to play it safe and allowed Visa to suspend all transactions from Cosmos cards. Unfortunately, this delay ended up costing the bank extremely dearly. When Visa sent a full list of suspicious transactions, Cosmos bank management was simply stunned. It turns out that the attackers took a total of about $14 million from Cosmos accounts. Of course, the cashiers in this case were not customers of the bank at all. They only used the card issued to them, and then returned the cash to the ATM and transferred it to the accounts of the attackers.
Indian investigators were able to arrest 18 suspects after analyzing CCTV footage from areas near ATMs. The suspects were recruited as extras for a Bollywood film but were tricked into being used as part of a heist.
As it turned out later, in fact, there were much more participants in the robbery. The criminals managed to withdraw cash from hundreds of ATMs in 28 different countries, including the US, UK and Russia. And the whole process took a little over 2 hours. As you can see, even Visa did not immediately detect anomalous activity.
This operation is associated with the North Korean hacker group Lazarus, which has previously carried out similar attacks. How did Lazarus pull off this operation? The hackers reportedly used a technique called "jackpotting" to steal the money. They were also assisted in the attack by accomplices who made hundreds of fake Cosmos bank cards, which are exact copies of existing and valid cards. During a coordinated attack, the attackers managed to access the same bank accounts from different ATMs at the same time and withdraw as much funds as these accounts did not have in principle.
North Korea has repeatedly denied any involvement in robberies or other hacking schemes. However, even by rough estimates, there are up to 7,000 trained hackers in the DPRK, who are often sent to work abroad. According to sources close to the government apparatus, these cyber units carry out massive cyber attacks, working in cramped dormitories around the world and having only a computer and the Internet in their arsenal.
A few years ago, a rather interesting cyber incident took place in India, the details of which were revealed quite recently. Some intruders tricked a group of men into becoming unwitting participants in a major bank robbery. Unknown people offered a group of friends small roles in a Bollywood film. However, as it turned out later, this "movie" would never have made it to the big screens.
On a quiet Saturday afternoon, employees at Cosmos Bank's head office in Pune began receiving a series of alarming messages from Visa. The largest payment operator has warned bank employees that it is detecting thousands of requests to withdraw large amounts from Visa Cosmos cards at ATMs around the world. However, when bank employees checked their own systems, they were unable to find any evidence of anomalous transactions.
About half an hour later, the bank's management decided to play it safe and allowed Visa to suspend all transactions from Cosmos cards. Unfortunately, this delay ended up costing the bank extremely dearly. When Visa sent a full list of suspicious transactions, Cosmos bank management was simply stunned. It turns out that the attackers took a total of about $14 million from Cosmos accounts. Of course, the cashiers in this case were not customers of the bank at all. They only used the card issued to them, and then returned the cash to the ATM and transferred it to the accounts of the attackers.
Indian investigators were able to arrest 18 suspects after analyzing CCTV footage from areas near ATMs. The suspects were recruited as extras for a Bollywood film but were tricked into being used as part of a heist.
As it turned out later, in fact, there were much more participants in the robbery. The criminals managed to withdraw cash from hundreds of ATMs in 28 different countries, including the US, UK and Russia. And the whole process took a little over 2 hours. As you can see, even Visa did not immediately detect anomalous activity.
This operation is associated with the North Korean hacker group Lazarus, which has previously carried out similar attacks. How did Lazarus pull off this operation? The hackers reportedly used a technique called "jackpotting" to steal the money. They were also assisted in the attack by accomplices who made hundreds of fake Cosmos bank cards, which are exact copies of existing and valid cards. During a coordinated attack, the attackers managed to access the same bank accounts from different ATMs at the same time and withdraw as much funds as these accounts did not have in principle.
North Korea has repeatedly denied any involvement in robberies or other hacking schemes. However, even by rough estimates, there are up to 7,000 trained hackers in the DPRK, who are often sent to work abroad. According to sources close to the government apparatus, these cyber units carry out massive cyber attacks, working in cramped dormitories around the world and having only a computer and the Internet in their arsenal.
