Anatomy of a global bank cyber theft

Prosecutors say global hackers stole $45 million in cash from 27 countries using thousands of ATMs in two separate assaults. In one, on Dec. 22, hackers grabbed $5 million from 20 countries. On Feb. 19, they made off with $40 million in 24 countries worldwide. Seven people were indicted in New York.

Here's how they did it:

___

Phase 1: Card processor network intrusion. Using malware, hackers breached the worldwide processors for Rakbank in the United Arab Emirates and the Bank of Muscat in Oman.

Phase 2: The criminals override security protocols and hunt for the prepaid debit card systems and delete limits on the accounts. It takes months to penetrate the systems, prosecutors said.

Phase 3: Access codes are created. Data is loaded onto any plastic card with a magnetic stripe — an old hotel key card or an expired credit card would do as long as it carried the account data and correct access codes.

Phase 4: Cells around the globe fan out and begin to make repeated cash machine withdrawals. In New York City alone, 750 transactions were made in two hours and 25 minutes from 140 different ATMs totaling $400,000, prosecutors said.

Phase 5: Hackers maintain unauthorized access to the banks to monitor the cashout, keeping withdrawals rolling until the breach is discovered and the systems shut down.

Phase 6: Cash is laundered and organizers are paid.

___

Source: U.S. Attorney's Office, Eastern District, Brooklyn