 "Hacker sentenced in two attacks targeting prepaid cards")
A Pakistani man who participated in two multimillion-dollar ATM heists targeting debit card processors was sentenced in to 18 months of imprisonment by the Brooklyn federal court.
Imran Elahi pleaded guilty last year to access device fraud and conspiracy, largely for his involvement in two precision strikes, a $9 million heist in 2008 involving RBS WorldPay and a $14 million hack in 2011 against Fidelity Information Services.
The cybercrimes were strikingly similar to the $45 million global ATM heist that Brooklyn federal prosecutors revealed last month, when US Attorney Loretta Lynch charged eight defendants with using stolen debit cards at thousands of automated teller machines worldwide over a period of hours in a coordinated attack. That effort involved MasterCard prepaid debit cards issued by Bank Muscat of Oman and National Bank of Ras Al Khaimah PSC, or Rakbank, of UAE.
Cybercrime operations can sometimes fetch the group enormous sums of money in quick time
The prosecutors praised Elahi for immediately waiving extradition upon his arrest in the Netherlands last May and agreeing to cooperate with the government. Elahi’s case was sealed until recently, and details of his cooperation remain under wraps. Lynch’s office has not indicated whether there is any connection between Elahi’s assistance and the case in May. The ringleaders of the Middle East heist, and the country in which they are based, have not been charged or publicly identified by authorities.
In so-called “unlimited operation” heists, like those Elahi admitted to joining, hackers gain access to the computer systems of payment processors that handled prepaid debit cards for various financial institutions and dramatically increase the available balance and withdrawal limits on a handful of cards. Co-conspirators in various countries then fan out to ATMs and take out money using the stolen debit card numbers in a coordinated global operation.
The operations can net cybercrime rings enormous sums of money in short amounts of time. In the case revealed in May, “casher crews” were able to withdraw $40 million in just over 10 hours.
Reuters