Fans of a good story often debate whether books are more immersive than their visual Hollywood brethren. A book stimulates the human imagination to generate its own special effects, but I have to admit that there are times when I just want to sink into the couch with a chilled glass of wine and a bucket of popcorn and let a skilled director feed the story to me.
One of these mindless escapes is entitled Gone in 60 Seconds and stars Nicholas Cage and Angelina Jolie. As the tale unfolds we are introduced to a retired car thief who has to steal 50 exotic cars in 12 hours to repay the debt of a fool-hardy younger brother. The name of the movie comes from the ability for this master criminal to break in and “boost” any vehicle in less than 60 seconds—almost faster than I can get in and start my own car with keys!
Movieland abounds with tales of spectacular thefts, but sometimes a dramatic real-world crime comes along that makes its own mark on the landscape. While the movie involved the coordinated theft of numerous hard-to-steal cars, a 2008 cybercrime is back in the news and giving it a run for its money.
Earlier this month, the first U.S. sentence was handed down to Sonya Martin for her involvement in a global attack involving RBS WorldPay, an Atlanta-based payments processor. During the operation, Martin lead a team of “runners” in Chicago who used debit cards she had manufactured to withdraw approximately $80,000 in funds from numerous ATMs. Her team coordinated with others in a global cash-out that drained a cool $9 million from U.S. bank accounts; ironically, also in just 12 hours.
Behind the scenes, highly-sophisticated hackers compromised RBS WorldPay’s network to access and decrypt payroll account information, which was then provided to the teams ahead of time. The hackers then monitored withdrawals from more than 2,000 ATMs in real time to raise account balances and ATM withdrawal limits. Once the heist was complete, they attempted to destroy data to remove traces of their illegal activity. Fortunately, RBS WorldPay discovered the breach and notified law enforcement.
This brazen crime was unusual because it involved a sophisticated hack as well as an incredibly well-coordinated withdrawal operation spanning 208 cities. Hackers typically focus on electronic transfers as they allow for more currency to be obtained and provide more anonymity to the criminals.
Of course, the movie criminal walked away scot-free at the end. In the real-world story, a coordinated effort by international law enforcement agencies has resulted in numerous arrests and indictments globally. In this first U.S. ruling, Martin received a sentence of 30 months in jail and another five years of supervised release. She has also been ordered to pay $89,000 in restitution. Details about how the hackers pulled off this dramatic heist has not been made public, but one of the ring-leaders—a Russian hacker—avoided jail time by turning informant and paying compensation to the bank.
This stirs up a couple of discussion points: Are the arguably light sentences being handed down for these crimes providing any real deterrent, or are more criminals simply waiting in the wings to take their place? And should every company implement some type of detection and warning system to give timely notification of attempts to gain illegal access to data. There are a lot of varying opinions, but one conclusion is obvious: As these attacks become more and more sophisticated, no organization is safe.
So why is the title of my blog offering an additional 60 seconds? I was curious how this crime compared to the fictional movie heist and how frequently a car would have to be boosted over that same 12-hour period to net the equivalent profit obtained by these cybercriminals. I used the average cost of a new car (approximately $25,000 USD) and ran some calculations. The result? If a new vehicle were stolen non-stop every two minutes for 12 hours straight, the total value would add up to $9 million. You’d also be in possession of no less than 360 brand new cars!