A recent report by the news channel Fox 5 claims that the RBS Worldpay data breach of payroll card data, reported back in December, resulted in a well coordinated ATM fraud in November that netted a staggering $9 million from just 100 compromised card accounts.
According the Fox 5 report, fraudulent withdrawals took place across 130 ATMS in 49 cities across the World within a 30 minute period on a single day last November. If true, it demonstrates a level of sophistication rarely encountered in previous computer-based frauds. Clearly, the hackers not only stole sensitive data from the bank’s computers, they also were able to arrange for the normal limits on withdrawals to be lifted. The fraud might have been a lot bigger if more compromised accounts had been exploited.
This reflects the future of cybercrime: an information age threat that exploits the power of networks to steal information, remotely manipulate controls, and instantly exploit a global community of thieves. Future security defences will need to include a much better capability to detect and respond immediately to anomalous, coordinated behaviour across networks.