Attackers Steal $12.7M In Massive ATM Heist

Within two hours $12.7 million in cash was stolen from 1,400 ATMs located at convenience stores all across Japan, investigators announced Sunday. An anonymous reader quotes a Japanese newspaper: Police suspect that the cash was withdrawn at ATMs using counterfeit credit cards containing account information leaked from a South African bank. Japanese police will work with South African authorities through the International Criminal Police Organization to look into the major theft, including how credit card information was leaked, the sources said.
Over the two hours attackers withdrew the equivalent of $907 in 14,000 different transactions.

Re:

[JustOK]

Clarify your terrible editing

What the hell does that even mean?

Re: $907?

14,000 x $907 = $12.7m So where do you join this gang of 1400 fantastically well coordinated thieves?

Re: $907?

[ShanghaiBill]

14,000 x $907 = $12.7m So where do you join this gang of 1400 fantastically well coordinated thieves?

$907 is exactly 100,000 Yen, which is the transaction limit.

Re:

[Anonymous Coward]

Pick any Yakuza branch. The police won't trouble you but the other branches will.

Re:

[Type44Q]

So where do you join this gang of 1400 fantastically well coordinated thieves?

Not sure how much good it'll do you but I suppose you can start here [theguardian.com].

Re: $907?

[rednip]

I suspect that each thief used multiple accounts until each of the ATMs was out of money, then moved to the next one. Perhaps 10 or twenty large withdraws each one might take 10 to 20 minutes. Five to ten minutes to get to the next ATM would give four to eight 'sessions' over two hours, so I'd guess that each one worked 40 to 160 transactions, lets say 100 each for lack of better data. Meaning about 140 crooks for the 'back of napkin estimate', I'm no expert on the Yakuza, but that number seems really 'doable'.

Re:$907?

[JustAnotherOldGuy]

What the hell does that even mean?

It means he is unable to comprehend simple sentences or basic mathematics.

Re:$907?

[Hognoxious]

To be fair, the sentence probably should have contained the word "each".

Re:

[JustAnotherOldGuy]

To be fair, the sentence probably should have contained the word "each".

Perhaps, but I think it would be pretty obvious to anyone who thought about it for a moment.

Re:

[Hognoxious]

If you have to analyse it, it's bad journalism.

Re:

[stealth_finger]

To be fair, the sentence probably should have contained the word "each".

Perhaps, but I think it would be pretty obvious to anyone who thought about it for a moment.

Only if you've read the previous summary "Over the two hours attackers withdrew the equivalent of $907 in 14,000 different transactions." on it's own says exactly that. There are a bunch of ways to say what they meant but that's not one of them.

Re:

[JustAnotherOldGuy]

Only if you've read the previous summary "Over the two hours attackers withdrew the equivalent of $907 in 14,000 different transactions."

It was a 5-sentence summary. Who reads the last line without reading the first few sentences?

The last line may have been a little clumsy on its own but if that's all a person can be bothered to read then they deserve to be confused.

Re:

[stealth_finger]

Only if you've read the previous summary "Over the two hours attackers withdrew the equivalent of $907 in 14,000 different transactions."

It was a 5-sentence summary. Who reads the last line without reading the first few sentences?

The last line may have been a little clumsy on its own but if that's all a person can be bothered to read then they deserve to be confused.

That is true. What is also true is that sentence is badly written.

Re:

[JustAnotherOldGuy]

That is true. What is also true is that sentence is badly written.

Yes, but that's a long way from being incomprehensible, as the original AC seemed to think, with his "Clarify your terrible editing" comment. Believe me, if you're looking for truly terrible editing you can find lots of more egregious examples in many of the other story summaries.

Poorly written? Yes.
Still comprehensible? Yes.

One doesn't make up for the other, but it's not something that'll keep me awake at night.

Re:

[TigerPlish]

Clarify your terrible reading comprehension:

From TFS:

Over the two hours attackers withdrew the equivalent of $907 in 14,000 different transactions.

$907 x 14,000 = 12,698,000

Re:

[Hognoxious]

It could equally mean $907 / 14000 = 6.5 cents.

Re:

[John Bresnahan]

Over the two hours attackers withdrew the equivalent of $907 in 14,000 different transactions.

It should say something like "Over the two hours, attackers withdrew the equivalent of $907 in each of 14,000 different transactions.

As is, it is terribly unclear.

Re:

[haruchai]

My desk lamp sits on the floor, you insensitive clod!!

Re:

[stealth_finger]

My desk lamp sits on the floor, you insensitive clod!!

Is it not then a floor lamp?

Re:

[haruchai]

My floor IS my desk, you insensitive clod!!

Re:

[BarbaraHudson]

Come on, it's perfectly understandable as $907 * 14,000 transactions. There's pedantry and then there's whining for the sake of whining.

Hmm

[wwalker]

Over the two hours attackers withdrew the equivalent of $907 in 14,000 different transactions.

Either these were the dumbest criminals out there to steal only $907 a few cents at a time, or at least a word or two are missing from the sentence above.

Re: Hmm

[Anonymous Coward]

From TFA,
In each of the approximately 14,000 transactions, the maximum amount of 100,000 yen was withdrawn from Seven Bank ATMs using the fake credit cards, according to the sources.

Guess how much 100,000 yen is in dollars...

Re:

[wwalker]

Wow, Slashdot. So my comment gets downvoted *twice* to "flamebate" and then a comment "To be fair, the sentence probably should have contained the word "each"." from a different user gets upvoted to +5 (Informative). What am I missing?

Re:

[stealth_finger]

Wow, Slashdot. So my comment gets downvoted *twice* to "flamebate" and then a comment "To be fair, the sentence probably should have contained the word "each"." from a different user gets upvoted to +5 (Informative). What am I missing?

A snappy username?

Re:Bullcrap. 14000 transactions in two hours...

[onepoint]

I'm thinking that it's all done via mule teams
so 1400 machines and 14000 transactions = 10 transactions per machine
each transaction should take start to finish 2.5 minutes so we are looking
about 30 minutes for 10 transactions giving time for who knows what.

From this point, I am guessing 3 machines per person ( 30 min to take and 10 min to next machine )
so... 1400 / 3 = 467 members ( round up slightly for time losses so jump to 500 mules )

I am going to state that in Japan, it's doable, they got the team work.

How to discover the team, reverse engineer all bank searches for atm
machines, bet certain group patterns show up.

Re:

[TechyImmigrant]

A team that big wouldn't work.
Just offer anonymity, immunity and a reward > $12,000,000/467.

Only the first to squeal gets the offer.
 

Re:

[sjames]

And all he knows is a few vague details of his contact and that he will die shortly for squeeling.

Re:Bullcrap. 14000 transactions in two hours...

[lgw]

It was in fact a team of "over 100". Japan is Japan.

Interesting juxtaposition of stories on the Slashdot front page today. Guy discovers a vulnerability, tells the police, gets busted, his computers taken, and a 15 month suspended sentence. Guy discovers a vulnerability, goes black hat, steals $12 M in one day.

Kinda hard to miss the incentive system currently in place.

Re:

[onepoint]

Dude, it's the Japanese Mafia, they don't have rat's, they got it down pat to have no issues from everything I've ever read.

Re:

[pavelthesecond]

Japan's law system does not have the concept of plea-bargains so there really is no incentive to squeal.

Re:

[esperto]

ATM heist level asian!

I bet it was done by half that number of people and they did it while playing some dance game.

Re:

[Anonymous Coward]

The mules do not know the guys at the top of the hierarchy. The guys who got most of the cash will not appear on any footage. At best the police will catch some of the idiots who thought it was easy cash and some of their handlers.

This proves them wrong

[JustAnotherOldGuy]

And they say crime doesn't pay.

Re:

[Buchenskjoll]

Japanese dollars? Seriously? Have you ever heard of currencies that are not dollars? Such as yen?

Massive ATM Heist?

[Gravis Zero]

Why did they put $12.7M in one massive ATM? come on, that's just stupid! #OnlyReadTheHeadline

Re:

[AmiMoJo]

$907 in 14,000 different transactions seems like a rather inefficient way of stealing money. Or maybe EditorDavid's prone to typos when it comes to large amounts of money for some reason.

typical!

[Gravis Zero]

When are these fools going to learn to only deploy massless ATMs? #OnlyReadTheHeadline

Crowd sourcing?

[Camel Pilot]

Crowd sourcing white collar crime.

Re:

[EEPROMS]

never has this [WOOOSH] award been so deserving. The act of burning the CDR was "symbolic" in that it showed how a CDR can be easily damaged thus removing the backup as a viable option. The original poster was correct though, the Japanese are seen as the gods of technology but when it comes to software and security you would think their servers were setup by the dumbest IT guy they could find.

Limits

[manu0601]

I wonder why it did not hit any overdraft limit at the stolen account.

Re:

[rtb61]

The whole operations positively screams inside job. That many transactions without failure in that short time, it means all those accounts were specifically chosen. No alarms, means those account were specifically chosen, and chosen well in advance. There will be a hack left in the system to hide the hackers and not expose those who had full access. Simply over the top operation, they might have trouble legally proving who did it but they will be able to work out who did it in short order and those on foot

Re: Limits

[ytene]

Whilst I agree with your first statement, in that some knowledge of how to create a fake card would be required, the rest of your theory may not follow. In the UK, the big retail supermarkets do not validate every card transaction with the issuing bank in real time. Instead they sample a smaller number of transactions through their trading day, then batch and bulk submit the majority of transactions every few days. Obviously they can keep a history of card numbers previously used successfully and may use hi

Re:

[rtb61]

You have a large number of transaction targeted at a foreign country from a questionable country with low income, where the majority of credit card holders will simply not be able do maximum withdrawals. So those credit cards details were filtered for success. So long term planning and analysis of account details. Statistically speaking based upon the country of origin most of those card numbers should have failed a maximum withdrawal and quite a few should have trigged alarms for out of country, irregular

Is this another hoax?

[martinfb]

How is it possible to withdraw $907 from an ATM every 1.9 seconds?! How is it possible to withdraw anything from an ATM every 1.9 seconds unless there are thousands working together?! Or, was it all done as e-transfers to another account? Something is amiss: facts are missing, or this is another hoax.