Security

Operation Swiper: Thieves Buy Apple to Sell, Launder Credit

Leave a comment

In the early 1990s I remember a bank heist in London where the robbers physically breached a large building but did not steal any money or information. Instead they removed every memory chip from every computer.

I can’t find the exact story now but the police were quoted saying something like a bag full of memory was not only worth more on the street than other stolen goods or even drugs but it was legal to trade in the open.

A similar story popped up today, but there is an additional step involved. A criminal operation was setup to skim credit cards and identity information. They then bought luxury goods like Apple computers to convert the credit into goods and sell for cash.

Bosses of each crime ring received blank credit cards from suppliers in Russia, Libya, Lebanon and China.

The bosses then hired “skimmers” who posed for jobs such as waiters and retail shop workers so they could use electronic devices to steal information from customer credit cards. That information was then sent to a “manufacturer” who programed the information into the magnetic strips of blank credit cards.

The crime rings also used card printing machines to forge credit cards and state drivers licenses to match them.

“They can actually make a license from any state in the union, print credit cards of any color and even put the holograms on there,” said NYPD deputy inspector Gregory Antonsen.

Police then said “shoppers” in the crime rings would use the forged credit cards and IDs to go on weekly shopping sprees around the U.S. at retailers such as Nordstrom’s, Macy’s, Gucci and Best Buy and sell those items mostly to people overseas.

But by far, Antonsen said, thieves spent the most time buying computer products from Apple.

“This is primarily an Apple case,” Antonsen said. “Apple is a big ticket item and a very easy sell.”

An interesting point to the takedown of this $13 million crime ring is that the PCI DSS controls again seem to be having an effect on the threats. Attackers would not have to pose for jobs taking cards if they were still able to get the cards from the back-end systems and databases or if they could install and walk away from skimmers.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.