NEW YORK—In New York City, organized crime has turned its sights to cybercrime—as was seen with last week’s ATM heist, where actors around the world managed to collectively steal $45 million practically overnight.
Manhattan District Attorney Cyrus Vance has recognized the problem. He told a panel on February 28 that his office has seen organized crime in New York moving more and more into cyberspace.
“I think cybercrime, besides being the crime scene of the 21st century, is also the new face of organized crime,” Vance said.
He said that groups that used to sell drugs and other illegal items have moved online “because identity theft and cybercrime is less risky and more profitable.”
In the days following the ATM scam, New York Governor Andrew Cuomo formed a cybersecurity advisory board to help secure New York state. Yet, preventing similar attacks from happening again will be no simple task.
The recent cyberheist had hackers around the world working with local criminal groups on the ground. They obtained prepaid debit cards from banks in Oman and Saudi Arabia with lower security standards. Hackers then accessed systems of the card processing companies and raised the withdrawal limits on the cards. The cards were then scanned, and the magnetic strip data sent out to ground crews around the world who used the data to print counterfeit cards.
While the crime spree was sophisticated, the vulnerabilities and methodology were nothing novel.
David Szuchman, Chief of the Investigative Division of the Manhattan DA’s office, said during the February 28 panel a similar case went through his office close to two year ago. Iranians in Brooklyn, Colombians in Manhattan, and other groups in the city were going into Apple stores with forged credit cards, he said.
“Once we executed search warrants and went into locations in Brooklyn, we realized when we opened their computers—through the local cybercrime analysis unit and the Secret Service—we realized that the cards that were being bought were being bought from hackers at the former Soviet bloc countries,” Szuchman said.
He said cybercriminals in Brooklyn were buying hundreds of thousands of credit card numbers at a time. Similar to the recent ATM heist, the criminals were taking the data and printing counterfeit credit cards—which costs between $2,000 and $3,000 per card—and then using the cards in Apple stores around the country to “commit millions of dollars in fraud.”
Uprooting the groups isn’t easy. While ground crews can be arrested, the core hackers and masterminds are often in countries where the United States has no extradition treaty for criminals.
“We’re seeing this intersection between the boots on the ground—the people who are committing the crimes locally here in the five boroughs—and the intersection between them and the folks who are international, committing pieces of the crime,” Szuchman said.
The difficulty with arresting the hackers also means that the attacks will continue. While law enforcement can do things stateside, such as setting up wiretaps, it is very difficult for them to arrest the hacker if they’re sitting in Belarus, Ukraine, Kazakhstan or other countries in the region.
“This is a very large challenge, to deal with treaties that don’t exist in those countries, and we have to think of luring them out,” Szuchman said. “It’s a very hard dynamic for law enforcement to really get at the root cause of the problem.”