Seven arrested in New York for alleged 'criminal flash mob' ATM cybercrime

Authorities in New York have arrested seven people in connection with a hacking scheme in which perpetrators stole $45 million from ATMs around the world. The attackers hacked into computer systems of banking and financial institutions in two separate but coordinated attacks, according to the US Immigrations and Customs Enforcement division of the Department of Homeland Security.

The attacks took place in December 2012 and February 2013, and although the recent arrests occurred in Yonkers, New York, the suspects are associated with an international crime ring, officials said. The illicit organization uses various hacking techniques to gain access to financial systems to steal money electronically.

The process involved making withdrawals from ATMs in 20 different countries, and in one of the attacks, more than 36,000 transactions were initiated in approximately 10 hours. Following the heist, the thieves purchased luxury goods, including sports cars and jewelry, in order to launder the money.

Prosecutors are calling the attack a "criminal flash mob" because of the scale of the attack and the coordinated methods used to extract money from ATMs. Dubbed "Unlimited Operation," US Attorney Loretta E. Lynch of the Eastern District of New York said, "the organization worked its way from the computer systems of international corporations to the streets of New York City, with the defendants fanning out across Manhattan to steal millions of dollars from hundreds of ATMs in a matter of hours."

Rather than targeting individual account holders, the hackers went after debit card processors and increased the balance of prepaid debit cards. They then withdrew funds using the cards at ATMs during a worldwide coordinated effort with a team of participants.

The masterminds of the operation are yet unknown, but Lynch told the Wall Street Journal that prosecutors are investigating specific individuals in Europe and Asia in search of them. If convicted, the defendants who were recently arrested face a hefty sentence. A maximum of ten years in federal prison for the four counts of money laundering, and up to seven years for conspiracy to commit access device fraud.