LONDON — International law enforcement agencies say the recent $45 million ATM heist is just one of many scams they're fighting in an unprecedented wave of sophisticated cyber attacks.
Old-school robberies by masked criminals are being eclipsed by stealth multimillion-dollar cyber crime operations that are catching companies and investigators by surprise.
"We are seeing an unprecedented number of cyber scams that include phishing for financial data, viruses, credit card fraud and others," Marcin Skowronek, an investigator at Europol's European Cybercrime Center in The Hague said on Saturday.
"In Europe, we are generally quite well protected against some types of fraud because of the chip and pin technology we use, but there are still shops and machines around the world who still take cards without chips. And the most popular destinations for this type of fraud are the United States and the Dominican Republic."
U.S. investigators said Thursday that a gang hit cash machines in 27 countries in two attacks — the first netting $5 million in December and then $40 million in February in a 10-hour spree that involved about 36,000 transactions.
Hackers got into bank databases, eliminated withdrawal limits on prepaid debit cards and created access codes. Others loaded that data onto any plastic card — even a hotel keycard — with a magnetic stripe
A similar scam yielded some 50 arrests this year in Europe during a joint police operation between Romanian police and Europol, Skowronek said.
The operation took more than a year, involved some 400 police officers across Europe and required work comparing bank losses to illegal transactions and then cross-referencing suspects, said Skowronek, who said many national police forces were beefing up their undercover work in the cyber world to catch criminals.
Investigators found illegal workshops for producing devices and software to manipulate point-of-sale terminals. Illegal electronic equipment, financial data, cloned cards and cash were seized in raids in Britain and Romania.
The group stole credit and debit card numbers and PIN codes by implanting card reading devices and malicious software on point-of-sale terminals. The criminals then used counterfeit payment cards with stolen data for further illegal transactions in countries that included Argentina, Colombia, the Dominican Republic, Japan, Mexico, South Korea, Sri Lanka, Thailand and the United States.
Some 36,000 debit card and credit card holders in some 16 countries were affected, Skowronek said. The amount stolen was unclear.
The EU is the world's largest market for payment card transactions and it is estimated that organized crime groups derive more than $1.9 billion a year from payment card fraud in the EU.