Hack and run! – A look at the mechanics of the surreal


ლ(ಠ_ಠ )ლ
Nov 22, 2010
December 23, 2008: RBS WorldPay announced a hack attack on their system with the resultant theft of around one and a half million customers’ personal data including banking details and card details together with information needed to replicate cards. In short 1.5 MILLION people’s magnetic stripe details coupled with account details have been compromised.

At that time RBS WorldPay only detected around 100 fraudulent activities in the batch of stolen customer data, which seemed like a small issue.

November 8, 2008: Shock and awe! What actually happened was that the hacker/s upped the withdrawal limit on those 100 cards before doing something completely insane and utterly amazing at the same time! The hacker/s dispatched a global army of minions to withdraw large sums of money with rapid fire withdrawals at 130 ATM machines in over 49 cities around the world. This happened at around Midnight US Eastern Time.

Similar incidents: In 2007 another financial institution got hit by a similar hack and run attempt. Over a period of two days 4 iWire payroll cards were used in over 9000 hit and run withdrawals that cost iWire around 5 million US Dollars.

Last year Citibank was also hit in this way with a large number of cashers withdrawing around $2 million dollars, which it turned out 70% of which made its way back to an alleged Russian hacker kingpin. Whoever he is, he is good. Whoever he is, he has an army. Could it be a she? Could it be a “them”? Nobody knows for sure or even knows if all these instances are truly linked.

Present: A class action has been filed against RBS WorldPay on behalf of consumers. The FBI has managed to get some people wagging their tongues and we might have a revelation soon.

Read the full description of events here.

Extra reading on even newer issues.

Washington Post article on the cost of saving face after insidents like these.