A unique breach of bank information has hit Citibank, one of the world's largest banks.
According to a federal grand jury indictment, two hackers using bank
accounts and PINs stolen over the internet, managed to steal millions
of dollars from Citibank.
The two charged were a Ukrainian immigrant, Yuriy Ryabinin, and
Ivan Biltse. The pair are alleged to be part of a worldwide scam that
has made 9,000 fraudulent ATM withdrawals, according to court
documents. The money was drained from ATMs in the New York area,
“On or about February 1 2008, Citibank representatives informed the
FBI that a Citibank server that processes ATM withdrawals at 7-11
convenience stores had been breached," according to an affidavit filed
with a New York federal court by Albert Murray, an FBI special agent.
There were hundreds of ATM withdrawals using the breached information in New York from October 2007 to
March this year, authorities
said. Some of the illicit withdrawals were videotaped. The criminals
used ATM cards encoded with Citibank customer account information to
withdraw the money.
Specifically, the indictment charged that the criminals “received over
the internet information relating to the bank accounts of multiple
Citibank customers, information which had been previously stolen from
A spokeswoman for Citibank did not respond to a request for comment.
WIth correct information, it is very easy to create a counterfeit card,
Avivah Litan, Gartner vice president and distinguished analyst, told
SCMagazineUS.com on Thursday.
"All you have to have is the PIN and enough customer information," she
said. "And the criminals have figured out how to get that."
This kind of fraud is becoming an enormous problem for banks, said Litan. “Criminals have found ways to basically bypass many of the controls
that banks have in place," she said. "So ATM and debit card fraud is
expected to rise. In our surveys, banks themselves expect the rate of
fraud to double over the next two years."