7-Eleven Hack From Russia Led to ATM Looting in New York: Via Threat Level.

Flashback, early 2008: Citibank officials are witnessing a huge spike in fraudulent withdrawals from New York area ATMs — $180,000 is stolen from cash machines on the Upper East Side in just three days.  After a stakeout, police arrest one man walking out of a bank with thousands of dollars in cash and 12 reprogrammed cards. A lucky traffic stop catches two more plunderers who’d driven in from Michigan. Another pair are arrested after trying to mug an undercover FBI agent on the street for a magstripe encoder. In the end, there are 10 arrests and at least $2 million dollars stolen.

The wellspring of the dramatic megaheist turns out to be more prosaic than imagined: It started with a breach of the public website of America’s most famous convenience store chain: 7-Eleven.com. [ Read more ... ]

4 Hackers Indicted in $9.5 Million Bank Card Attack: Via Threat Level.

Four men have been indicted in Georgia on charges that they hacked into the Atlanta-based bank card processing company RBS WorldPay. They allegedly used an army of flunkies to steal $9.5 million in cash from ATM machines around the world in a span of hours.

Sergei Tsurikov, 25, of Tallinn, Estonia; Viktor Pleshchuk, 28, of St. Petersburg, Russia; Oleg Covelin, 28, of Chisinau, Moldova; and a fourth person identified only as “Hacker 3″ were indicted by a federal grand jury in what’s being described as “perhaps the most sophisticated and organized computer fraud attack ever conducted.”

The hack involved reverse-engineering PINs for payroll debit card accounts — the holy grail of bank card hacking. Another four people based in Estonia were also indicted on access-device fraud charges in connection with the hack. [ Read more ... ]

Malicious ATM Catches Hackers: Via Threat Level.

LAS VEGAS — There’s no honor among thieves, nor apparently among hackers.

A malicious ATM kiosk was positioned in the conference center of the Riviera Hotel Casino capturing data from an unknown number of hackers attending the DefCon hacker conference before someone noticed something suspicious about the kiosk.

An organizer for the conference said security authorities seized the device. It’s not known how long the ATM was in the hotel or whether it was placed there by a DefCon attendee to catch his fellow hackers or simply by an outside criminal group trying to target conference attendees. [ Read more ... ]

Pepper Spray-Armed ATM Misfires, Shoots Workers: Via Threat Level.

A South African bank has outfitted its ATMs with pepper spray to prevent criminals from bombing or tampering with the machines. But the system still has some bugs: One of the machines released its stinging payload on three maintenance workers last week.

Absa Bank, one of South Africa’s largest, installed the spray on 11 machines after someone bombed several of its ATMs last year, according to local news outlet Independent Online. They were installed in a region where authorities say they retrieved 40 skimmers from card machines last year. [ Read more ... ]

ATM Reprogramming Caper Hits Pennsylvania: "

Police in Derry, Pennsylvania are baffled by a June ATM robbery in which an unidentified man wearing flip flops and shorts strolled into Mastrorocco's Market and reprogrammed the cash machine to think it was dispensing dollar bills instead of twenties.

Along with a female accomplice, the crook netted $1,540 in two visits on June 19 and 20, according to store owner Vince Mastrorocco. 'They came in, they hit me the first day -- a man and a woman -- and they cleaned me out,' Mastrorocco told THREAT LEVEL. 'Then they came back the next day and cleaned me out again.' [ Read more ... ]