Hackers Stole $12.7 Million From Japanese ATMs in Less Than Two Hours

Image: Shutterstock
Image: Shutterstock

A rash of major breaches in recent years proves that your credit card information is hardly safe. But a recent heist in Japan shows that hackers are getting scary good at turning that data into cold hard cash. In this case, coordinated ATM withdrawals with cloned credit cards netted criminals $12.7 million in just two hours.


Police believe these thieves managed to steal data from a South African bank and use that information to print up 1,600 counterfeit credit cards. The cards were then used to withdraw the maximum amount (100,000 yen) in some 14,000 transactions. Authorities think that over 100 people participated in the flash mob-like heist.

Police in Japan and South Africa are coordinating with the International Criminal Police Organization to determine who is responsible for this breach. It’s possible that data-stealing skimmers, which are becoming increasingly crafty, were used to collect the initial data. Meanwhile, cloning the credit cards with the stolen data is relatively cheap and easy.

In the past, crime syndicates have pulled off ATM heists using a similar methods. Previous hacks took advantage of vulnerabilities on pre-paid “payroll” debit cards, created copies of those cards, and coordinated withdrawals at ATMs around the world. And as hackers’ methods get more sophisticated, you really should remember to check your credit statements regularly. If you haven’t already been the victim of credit fraud, you probably will be at some point. Sorry!


Senior reporter. Tech + labor /// bgmwrites@gmail.com Keybase: keybase.io/bryangm Securedrop: http://gmg7jl25ony5g7ws.onion/


C.M. Allen

The bitter truth here is that these systems aren’t remotely as secure as we like to think (and certainly not as secure as the banks would like us to think). Many of the systems run on antiquated hardware and/or software. And while the banks try to keep up with security, it’s in a semi-piecemeal fashion. They take security only as serious as it is cost effective to maintain.

“Wait, hang on. $12.7m is pretty costly.”

Yes, it is. And until large thefts like this one happens to publicly embarrass these banks into taking action, no action is going to be taken. If there’s no obvious sign of a threat to profits, the response is only going to be proportional to those profits that are threatened. Obviously, this is a rather sizable increase to profit threats, so expect a proportional response.