14 DAY TRIAL // Japanese authorities revealed yesterday that a band of criminals managed to steal 1.4 billion yen ($12.7 million) from around 1,400 ATMs placed in small convenience stores across Japan.
The heist took place in less than two hours on the morning of Sunday, May 15, and crooks operated in 16 prefectures around Japan, The Mainichi reports.
In order to carry out the heists, authorities suspect the gang had around 100 members. It is common for crooks who target ATMs to operate during late nights or early mornings on the weekend. A similar tactic was employed by a band of Romanian ATM skimmers who operated across Europe.
Crooks made 14,000 transactions on 1,400 ATMs
The Japanese gang seems to have withdrawn the maximum amount of 100,000 yen ($900) from each ATM. Japanese authorities revealed they discovered around 14,000 suspicious transactions tied to this group.
All these transactions were at the maximum limit and were carried out with credit cards issued by an yet unnamed South African bank.
Authorities revealed that during the span of two hours, Japanese banks detected over 1,600 credit cards issued by this South African bank used across the country.
Gang may not be based in Japan
This is yet another regular tactic in the case of ATM skimmers and data breaches. When a crook manages to obtain details about a credit card, they work with so-called carders and money mules.
These can be acquaintances (partners) or they can be hired on the Dark Web on special sites. If the crook obtains credit card details from country A, they'll always try to withdraw money from country B, mainly because country A's banking system is on alert on the fraudulent use of the stolen credit card data.
Neither Japanese nor South African authorities have reported anything about a possible bank data beach, but it may be very well possible. Banks are as vulnerable to data breaches as any other website or Web service, but in the case of a bank data dump, crooks can easily and quickly monetize the data by creating fake plastic cards and withdrawing money from the accounts within days.
Only recently, a team of Turkish hackers have been dumping online the details of several banks. The list currently includes banks from Qatar, UAE, Bangladesh, Nepal, and Sri Lanka.