Cybercrime gang members managed to steal a whopping 1.4 billion yen ($12.7m) from Japanese ATMs in a highly co-ordinated Sunday raid, according to reports.
Some 1400 cashpoints at various convenience stores around the country were targeted in a two-hour operation, “investigative sources” told the Kyodo news agency.
It’s likely that fake cards were used in the heist, cloned from information stolen from a South African bank, police believe.
Local investigators will now work with their South African counterparts through Interpol to find out how the data was stolen in the first place.
The ATM thefts took place just over a week ago, on the mornings of 15 and 16 May, with as many as 100 carders potentially involved in the operation.
They are said to have withdrawn the maximum amount of 100,000 yen ($913) in each of the 14,000 transactions attempted.
It’s the kind of operation that chip and PIN was largely developed to prevent. These newer cards, which are finally being rolled-out across the US and have been around in the UK for over a decade, are much harder to clone for these purposes.
However, this means most card fraud in the UK today is card-not-present – where the black hat simply uses the stolen data to commit fraud online rather than in the ‘real world.’
It’s not just carders using fake plastic that banks need to be on the lookout for, if recent reports are to be believed.
Almost all the ATMs in the world are at risk of being illegally accessed and raided – some even without the need to install malware – according to a Kaspersky Lab report from last month.
A big part of the problem is that many systems are still running on old and/or insecure systems like Windows XP – exposing them to exploitation by malware.
According to ATM data, around 1600 cards were used in the Japan attack, which spanned 16 prefectures across the archipelago.