In March of 2013, the United States District Court of New Jersey filed charges against eight people, who allegedly hacked into many big-name banks and stole upwards of $15,000,000. This allegedly began in 2011, when several accounts in banks such as Citibank, JP Morgan Chase, PayPal, the U.S. Military Defense Finance and 11 other banks had their accounts compromised. Once inside these accounts, a payment was sent to several pre-paid debit cards. The pre-paid cards were then used by an accomplice (aka “cashers” or “money mules”) to make ATM withdrawals or purchases to convert the card into cash. From here, the cashers took a small cut for themselves, while sending the bulk of the money to their employer via a wire transfer.
They managed to avoid detection for some time by keeping the transfers below the $10,000 threshold set by the anti-money laundering laws of the U.S. However, they routinely made payments of $9,900. A $10,000 transaction sends up a big red flag, a $9,900 transaction sends up a smaller red flag. It is these multiple $9,900 amount transfers along with a Gmail account the defendants use to talk with others about the scheme that was their downfall. In addition to the discussion about the scheme, there were many emails in this account that detailed the transfers to and from many of the banks. Currently, only four of the eight defendants are in custody, the other four remain at large. They are charged with: conspiracy to commit wire fraud, conspiracy to commit money laundering, and conspiracy to commit identity theft. If convicted, each defendant will face large fines and up to 55 years in federal prison.
How these eight managed to hack into these banks is still unclear, but there is another case known as the Trident Breach which used similar techniques. Hackers used a computer virus known as “ZeuS” to hack into over 400 different companies and organizations, making off with over $70,000,000. This virus helped the perpetrators gain access to the victim’s bank accounts. They would then siphon off the money and transfer it to bank accounts held by their cashers. The Trident Breach was pulled off by foreign students holding student visas. These cashers would then wire the money to Eastern Europe via Western Union or MoneyGram, never to be seen again.
