Sponsor Robert Siciliano as he runs the Boston Marathon for Miles for Miracles, Children's Hospital Boston
ROBERT SICILIANO is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds.


Check here if you're human


Russian Hackers Make Millions Breaching 7/11 and ATMs

Pin It

Robert Siciliano Identity Theft Expert

It started simply by hacking 7-Elevens public website using a SQL injection.  SQL is abbreviation of Structured Query Language.  Pronounced  ”Ess Que El” or ”Sequel” depending on who you ask.  This led to 7 elevens main servers compromised which led to ATMs within 7-Eleven hacked.

Wired reports

““The Russians, evidently using an SQL injection vulnerability,  “gained unauthorized access to 7-Eleven, Inc.’s servers through 7-Eleven’s public-facing internet site, and then leveraged that access into servers supporting ATM terminals located in 7-Eleven stores,” the plea agreement reads. “This access caused 7-Eleven, Inc., on or about November 9, 2007, to disable its public-facing internet site to disable the unauthorized access.””

The investigation began with noticeable fraud at a Citibank followed by a stakeout and arrest. From there a traffic stop connected a mule to the rest and the name dropping began.

This is brilliant:

“Federal prosecutors in New York had by then charged three more people in the ATM-cashing conspiracy, including 32-year-old Ukrainian immigrant Yuriy Ryabinin, aka Yuriy Rakushchynets, and 30-year-old Ivan Biltse.

In addition to looting Citibank accounts, Ryabinin had participated in a global cybercrime feeding frenzy that tore into four specific iWire prepaid MasterCard accounts, issued by St. Louis–based First Bank,  in the fall of 2007. On Sept. 30 and Oct. 1 — just two days — the iWire accounts were hit with more than 9,000 actual and attempted withdrawals from ATM machines around the world, resulting in $5 million in losses.

At the time of the ATM capers, FBI and U.S. Secret Service agents had been investigating Ryabinin for his activities on Eastern European carder forums. Ryabinin used the same ICQ chat account to conduct criminal business, and to participate in amateur-radio websites. The feds compared photos of Ryabinin from some of the ham sites to video captured by New York ATM cameras in the Citibank and iWire withdrawals, and determined it was the same man — right down to the tan jacket with dark-blue trim.

When they raided Ryabinin’s home, agents found his computer logged into a carding forum. They also found a magstripe writer and $800,000 in cash — including $690,000 in garbage bags, shopping bags and boxes stashed in the bedroom closet. Another $99,000 in cash turned up in one of the safe-deposit boxes rented by Ryabinin and his wife, Olena. Biltse was also found with $800,000 in cash.

Ryabinin’s wife told investigators that she witnessed her husband “leave the couple’s house with bundles of credit cards in rubber bands and return with large sums of cash,” a Secret Service affidavit (.pdf) reads.”

This is all “account takeover”. All this money comes from consumer accounts who used ATMs at a convenient store and sometimes at a bank. Once the criminal gets your account data and PIN via the processors server they then burn the data to a white card. There’s no way to protect yourself from this crime when the data is breached at the processor level.

Check your statements frequently, at least every week online. Some banks give less than a week to refute unauthorized charges. Check with your bank to find out exactly what their time frame is if your account is compromised. Call the “claims” department and ask them “what’s the cut off date when making a claim?” My bank told me I can make a claim up to a year, but after 60 days there are federal regulations the limit their liability.

I asked my bank what their thoughts were on using a debit card and they said:

  1. Not to use it at a gas pump or a convenient store ATM where you enter your PIN
  2. They suggested using it as a credit card and not as a debit card
  3. Not to use at their own branch after hours to withdraw cash due toi skimming, which wasn’t new information to me but I didn’t expect my bank to say that.

Unfortunately your security, or lack thereof, is in the hands of others. Take control. Protect your identity. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano, identity theft speaker, discusses ATM skimming on NBC Boston

About the Author
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.

Similar Posts

  • 8 Tips to Credit Card Security
    Despite the fact that tens of millions of consumers were hit by the numerous big breaches, and tens of millions more by less sensationalized breaches, you can still take the reins and yield some protection for your credit cards. Make online payments with single-use or prepaid cards. What a great idea! If you have multiple recurring payments
  • Poor Money Mule Not So Poor
    “Money mules” may be unsuspecting Americans who act as shipping managers, do the dirty work for the bad guy, and open bank accounts, too. Sometimes the mule may be foreign, traveling to the United States specifically to open bank accounts. Mules often get hooked into a “small business” or employment that is a function of a criminal
  • Data Insecurity causes Customer Headaches
    Imagine not being able to use cash for even the smallest purchases because your bank—still shaking from news of the recent retail data breach that affected at least 110 million accounts—has decided to block all customer transactions. This actually happened. In many recent interviews I have been asked the question numerous times “Is it time to
  • Identity Theft Expert; Anatomy of a Hack
    Robert Siciliano Identity Theft Expert There is a battle going on round the clock, between the bad hackers and the good hackers. Most of the time, the good guys lose. Here we have an example of the bad guy actually getting caught. At age 19, an Israeli criminal hacker named Ehud Tenebaum made news as “The Analyzer,”
  • How EMV Impacts International Travel
    In the United States, credit and debit cards rely on magnetic stripe technology. The magnetic stripe is the black, brown, gold, or silver band on the back of your credit or debit card. Tiny, iron-based magnetic particles in this band store your account number. When the card is swiped through a “reader,” the data stored

Leave a Comment

You must be logged in to post a comment.

Xtreme School

Featured in

Anderson Cooper John Stossel Robert Siciliano Featured in
Browse by Month

Browse by Category