This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

ATM hackers net millions using stolen information

Share this article:
A unique breach of bank information has hit Citibank, one of the world's largest banks.

According to a federal grand jury indictment, two hackers using bank accounts and PINs stolen over the internet, managed to steal millions of dollars from Citibank.

The two charged were a Ukrainian immigrant, Yuriy Ryabinin, and Ivan Biltse. The pair are alleged to be part of a worldwide scam that has made 9,000 fraudulent ATM withdrawals, according to court documents. The money was drained from ATMs in the New York area, authorities said.

“On or about February 1 2008, Citibank representatives informed the FBI that a Citibank server that processes ATM withdrawals at 7-11 convenience stores had been breached," according to an affidavit filed with a New York federal court by Albert Murray, an FBI special agent.

There were hundreds of ATM withdrawals using the breached information in New York from October 2007 to March this year, authorities said. Some of the illicit withdrawals were videotaped. The criminals used ATM cards encoded with Citibank customer account information to withdraw the money.

Specifically, the indictment charged that the criminals “received over the internet information relating to the bank accounts of multiple Citibank customers, information which had been previously stolen from Citibank.”

A spokeswoman for Citibank did not respond to a request for comment.

WIth correct information, it is very easy to create a counterfeit card, Avivah Litan, Gartner vice president and distinguished analyst, told SCMagazineUS.com on Thursday.

"All you have to have is the PIN and enough customer information," she said. "And the criminals have figured out how to get that."

This kind of fraud is becoming an enormous problem for banks, said Litan. “Criminals have found ways to basically bypass many of the controls that banks have in place," she said. "So ATM and debit card fraud is expected to rise. In our surveys, banks themselves expect the rate of fraud to double over the next two years."
Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Hundreds of companies face 2,000 cyber-attacks in EU exercise

Hundreds of companies face 2,000 cyber-attacks in EU ...

The European Network and Information Security Agency (ENISA) conducted a 24-hour cyber-exercise in which more than 200 organisations from 25 EU member states faced virtual cyber-attacks from white hat hackers ...

Cyber security still a learning curve for most companies

Cyber security still a learning curve for most ...

Poor network visibility, outdated security tools, a skills shortage and a lack of control in the cloud are just some of the reasons companies are struggling with cyber-security, say two ...

WorldPay hacker sentenced to 11 years for role in £6 million scheme

WorldPay hacker sentenced to 11 years for role ...

An Estonian man, who helped hack payment processor RBS WorldPay in 2008, has now been sentenced to 11 years in prison for his involvement in the £5.9 (US$ 9.4 million) ...