Eight Charged With Debit Card Cyber-Crime Targeting Banks

Eight New York residents were charged in what U.S. prosecutors said was a $45 million global debit card cyber-attack scheme targeting banks based in the United Arab Emirates and Oman.

The defendants are accused in a four-count indictment unsealed today in federal court in Brooklyn, New York, of participating in two worldwide attacks. They used stolen account information for prepaid MasterCard-branded debit cards to withdraw millions of dollars from ATM machines from October 2012 to April 2013, prosecutors said.

The targeted banks were National Bank of Ras Al-Khaimah PSC, based in the United Arab Emirates, and Bank Muscat SAOG, Oman’s biggest bank by assets, according to the U.S. Attorney’s Office in Brooklyn.

Members of the scheme hacked into credit card processors to steal the card data and eliminate withdrawal limits, prosecutors said. The took out cash in coordinated efforts “reminiscent of the casino heist in Ocean’s 11,” Brooklyn U.S. Attorney Loretta Lynch said today in a news conference.

“Our message is clear. Law enforcement should not stand by as cyber criminals target our global financial system for their own ends,” she said.

The attack was the “largest theft of this type that we have yet seen,” she said.

Seven of the individuals, who are residents of Yonkers, New York, have been arrested, prosecutors said. An additional defendant charged in the scheme, Alberto Yusi Lajud-Pena, was reported to have been murdered in the Dominican Republic in April, prosecutors said.

The case is U.S. v. Lajud-Pena, 13-cr-00259, U.S. District Court, Eastern District of New York (Brooklyn).

To contact the reporter on this story: Christie Smythe in Brooklyn at csmythe1@bloomberg.net

To contact the editor responsible for this story: Michael Hytha at mhytha@bloomberg.net

Press spacebar to pause and continue. Press esc to stop.

Bloomberg reserves the right to remove comments but is under no obligation to do so, or to explain individual moderation decisions.

Please enable JavaScript to view the comments powered by Disqus.