72-hour South African Bank Cyber-heist Nets $6.7 Million

By Russell D. Vines
Posted in Security
On February 07, 2012

It was a happy new years’ for the cyber gang that made off with 42 million South African Rand (about $6.7 million) during the first three days of the year from Postbank, which is part of the South African Post Office and a government agency.

The alleged Nigerian syndicate that carried out the theft had previously attempted to pull off the same crime on other, bigger banks in SA, but were unable to penetrate the systems until they found Postbank: http://bit.ly/xIVygH

The exploit took months to plan and was fairly complex. It involved opening hundreds of legal savings accounts with debit cards, hacking a supervisory account, cloning a teller’s terminal to create a virtual branch, making dummy transactions into suspense accounts, and lifting the daily withdrawal threshold on the debit cards.

They then waited until a long three-day bank holiday to withdraw large amounts from ATMs accessed by several hundred confederates across the country.

The irony is that Postbank was trying to get licensed as a full bank. This may set that back a bit.