Skip to: Content
Skip to: Site Navigation
Skip to: Search

How do you get $45 million from ATMs? Cyberthieves did it in 12 hours.

Most of a New York City 'casher' crew is under arrest, suspected of stealing $2.8 million from ATMs as part of a global cyberscheme that netted $45 million from tampered debit card accounts.

By Staff writer / May 10, 2013

A person inserts a debit card into an ATM machine in Pittsburgh, in January. A gang of cyber-criminals stole $45 million in a matter of hours by hacking their way into a database of prepaid debit cards and then draining cash machines around the globe, federal prosecutors said Thursday.

Gene J. Puskar/AP


In two digital bank heists that took a total of just 12 hours to pull off, cyberthieves working with “casher” crews around the world were able to withdraw $45 million dollars in cash from ATM machines in 26 countries.

Skip to next paragraph

The new-era cyberheists were plotted over months by hacker masterminds who stealthily infiltrated the computer networks of two credit card processors responsible for pre-paid debit card transactions – one in India and one in the United States, according to a federal indictment unsealed late Thursday by authorities in New York.

The document details a scheme in which the hackers – who were not named in the document – first gained internal access to a critical banking computer system. Then, they raised the balances and maximum withdrawal amounts on a handful of debit card accounts they controlled in what the indictment terms an “unlimited operation.” Those account numbers and access data were then transmitted to accomplices worldwide ready to use them at ATM machines, the indictment said.

The “cashers” took the data that was sent to them and then encoded it onto the magnetic stripes of gift cards. With the faked cards, the cashers made more than 40,000 withdrawals averaging more than $1,100 each.

Among the casher teams was a single team of eight New York City men, alleged to have withdrawn $400,000 in the first attack in 750 fraudulent transactions at 140 ATM machines in New York.

That Dec. 22, 2012 attack took just two hours and 25 minutes. But it was only the warm-up to a much larger global attack on Feb. 20, where the same New York casher group scooped up another $2.4 million from 3,000 ATM machines. That attack lasted from 3 p.m. on Feb. 19 to 1:26 a.m. the next morning, according to the indictment.

Seven of the eight New York men are under arrest. But the eighth member and purported leader of the gang – Alberto Yusi Lajud-Peña, also known as “Prime” and “Albertico” – was murdered in the Dominican Republic late last month, not long after fleeing the country, according to authorities who announced the arrests Thursday.

“The defendants and their co-conspirators participated in a massive 21st century bank heist that reached across the Internet and stretched around the globe,” said Loretta Lynch, United States attorney for the Eastern District of New York, in a statement. “In the place of guns and masks, this cybercrime organization used laptops and the Internet.”


  • Weekly review of global news and ideas
  • Balanced, insightful and trustworthy
  • Subscribe in print or digital

Special Offer


Doing Good


What happens when ordinary people decide to pay it forward? Extraordinary change...

Danny Bent poses at the starting line of the Boston Marathon in Hopkinton, Mass.

After the Boston Marathon bombings, Danny Bent took on a cross-country challenge

The athlete-adventurer co-founded a relay run called One Run for Boston that started in Los Angeles and ended at the marathon finish line to raise funds for victims.

Become a fan! Follow us! Google+ YouTube See our feeds!