U.S. News

05.11.13

The ATM Heist: How Did the ‘Casher’ Crew Do It?

It was an audacious attack—thousands of simultaneous withdrawals, at least 26 countries, and a $40 million haul. Who’s the crew who almost pulled it off—and who are hackers behind it?

The surveillance photos show the backpack of a man in a black stocking cap growing ever fuller as he proceeded from ATM to ATM, starting at 4:31 p.m. on Feb. 19 with three withdrawals totaling $2,409 at the Bank of America at Broadway and West 86th Street in Manhattan.

130510-daly-atm-heist-embed-00
United States Department of Justice

The man, identified by federal prosecutors as Jose Familla Reyes, drew no particular attention from the other customers in the photos. None could have imagined it was part of what investigators are saying is one of the biggest bank heists ever, as the suspect made three more withdrawals totaling the same amount at 5:10 p.m. at another B of A, at Broadway and West 72nd Street, and then again 18 minutes later at another branch eight blocks further downtown.

Seven alleged confederates were simultaneously visiting ATMs at other New York City banks as the man identified as Reyes continued on down Broadway, making a total of 15 withdrawals totaling $12,045 by 7:31 p.m. and “cash crews” in 25 other countries are said to have been doing the same at that very moment.

After what may have been a dinner break, the man with the backpack resumed at 8:55 p.m. on Third Avenue—14 more withdrawals at three branches, ending at 9:55 p.m., adding another $12,045 to the backpack, investigators say.

The identical totals from the Broadway banks and from those on Third Avenue were not likely a coincidence. It was probably arranged to make the numbers easier to spot and recall as the super crooks who devised the scheme monitored its global execution in real time. Their cut is said to be based on the total take and they no doubt wanted to ensure they were not being cheated.

Including the $24,090 in the backpack from 29 withdrawals, the New York City total from 2,904 withdrawals came to $2.4 million. The overall total from 26 counties came to $40 million, all in just 10 hours.

The ease and magnitude of the theft seemed to have made two other alleged New York cashers, Elvis Rodriguez and Emir Yasser Yeje, giddy. A cellphone photo shows them smiling in a vehicle with a 7-inch stack of cash.

“They seemed starstruck themselves by the amount of money they had looted,” Loretta Lynch, the U.S. Attorney in Brooklyn, later said.

The men had walked into the banks armed only with plastic cards that had magnetic strips encoded with data provided by the faraway hackers behind the scheme.

130510-daly-atm-heist-embed-01
United States Department of Justice

“In the place of guns and masks, this cybercrime organization used laptops and the Internet,” Lynch elaborated. “Moving as swiftly as data over the Internet, the organization worked its way from the computer systems of international corporations to the streets of New York City, with the defendants fanning out across Manhattan to steal millions of dollars from hundreds of ATMs in a matter of hours.”

The masterminds had begun by hacking into an American credit-card-processing company. They circumvented security protocols on MasterCard prepaid debit cards tied to 12 accounts linked to the Bank of Muscat in Oman. They then dramatically increased the available balance and essentially removed the withdrawal limits, making possible what is known in the world of computer crime as an “unlimited operation.”

“The elimination of withdrawal limits enables the participants to withdraw literally unlimited amounts of cash until the operation is shut down,” notes a government memo from the case. “The cybercrime organization can access virtually ‘unlimited’ proceeds.”

Authorities say the same hackers are believed to have perpetrated an identical scheme on a smaller scale just before last Christmas, with five accounts at the RAKBank in the United Arab Emirates. A New York crew of “cashers” made 704 withdrawals totaling $382,597 on Dec. 22, while the global haul from 4,500 withdrawals in 20 countries totaled $5 million.

Two suspects are said to have deposited $148,420 at a Miami bank, all in $20 bills—7,421 of them.

“The cash cells spring into action, immediately withdrawing cash from ATMs across the globe,” the government memo says.

Investigators spoke almost admiringly of the audacious scam.

“Successful unlimited operations are rare events requiring a high degree of technical proficiency, coordination, and patience on the part of the criminal actors,” a Secret Service agent states in the criminal complaint.

A suggestion of which part of the world the scheme may have originated came in an email one of the accused New York “cashers,” Elvis Rodriguez, sent to “support@wmirk.ru,” an address prosecutors say is “associated with an organization based in St. Petersburg, Russia, that specializes in laundering the proceeds of criminal activity.” The email itself indicates that Rodriguez had sent a wire transfer to Liberty Reserve, which is said by prosecutors to be “an electronic currency service frequently used to transfer criminal proceeds in ‘carding’ activities.”

Investigators say Rodriguez flew with two other “cashers” from JFK Airport in New York to Bucharest, Romania, on Jan. 9, paying cash at the check-in counter after the airline became suspicious that the tickets might have been purchased with a stolen credit cards. Authorities say the trio returned on Jan. 11 after delivering some $300,000 to the organizers of the RAKBank operation.

The international ring gave new meaning to unlimited with the $40 million score in February involving casher crews in Canada, Mexico, the Dominican Republic, Great Britain, Belgium, France, Spain, Italy, the Netherlands, Germany, Romania, Bulgaria, Estonia, Latvia, Ukraine, Egypt, South Africa, the United Arab Emirates, Pakistan, Sri Lanka, Russia, Thailand, Malaysia, Indonesia, and Japan, as well as the United States.

130510-daly-atm-heist-embed-02
United States Department of Justice

The New York crew this time scored some $2.4 million.

Authorities suggest that the ring may have been seeking to launder some of its ill-gotten gains by buying luxury cars and Rolex watches. They also may have just been spending it.

The two giddy men in the photo, Elvis Rafael Rodriguez and Emir Yasser Yeje, are said by police to have deposited $148,420 at a Miami bank, all in $20 bills—7,421 of them—which the criminal complaint notes is “the denomination most often used in ATM transactions.”

Investigators say that account was controlled by the alleged leader of the crew, Alberto Yusi Lajud-Pena. He was found to have some $100,000 in a manila envelope after two gunmen burst into a house in San Francisco de Macoris in the Dominican Republic where he was playing dominos on April 27. He is said to have met the invasions with gunfire, only to be killed in the ensuing shootout. The would-be robbers fled empty-handed.

By then, authorities in New York were moving to arrest the rest of the alleged cash crew there. One government memo suggests a break in the case came after a suspect in an unrelated computer scam was found to have electronic communications related to the big heists.

Six of the crew, two of them school-bus drivers, were arrested at or near their homes in Yonkers, N.Y. The seventh, Rodriguez, was taken into custody at JFK Airport, as he was about to board a plane for his native Dominican Republic. Rodriguez and the others were arraigned in federal court in Brooklyn on money laundering and conspiracy charges. They entered not-guilty pleas. Their lawyers were unavailable for comment.

The same investigators who grudgingly marvel at the smarts of the ringleaders saw the opposite extreme in Rodriguez, whose cellphone produced the picture of him and the other defendant posing with the stack of money. The criminal complaint says that on the ATM surveillance photos Rodriquez can be seen wearing a stocking cap with a Domino’s pizza logo. The complaint further notes what Rodriguez listed as his employer on his passport application:

“Dominos.”

Meanwhile, the actual masterminds behind it all are still out there, no doubt working even now on some new scheme.