Banks, credit card companies, and major businesses take large measures to protect themselves against cyber attacks. Still, very little stops the best of hackers from infiltrating and getting around the most sophisticated technology.
“The hacker underground has developed various weapons in cyber space that allow them to bypass encryption and thus get into these systems and steal your funds. The average loss associated with a cyber heist is $1.3 million – compared to the average bank robbery in the physical world where you have a gun or a weapon, is only $6,000 to $8,000,” says financial security expert Tom Kellermann.
Cyber robbery is a criminal industry with staggering rewards. In 2005, a Miami-based hacker made history by pulling off one of the biggest online bank heists of all time. But he’s far less known than the likes of Bonnie and Clyde or Billy the Kid. Hacker Albert Gonzalez would drive through Miami’s shopping districts, hacking into store’s wireless networks. He wasn’t sealing their money – he was fishing for credit card numbers, and he’d struck the mother load.
Former hacker now security consultant, Chris Wysopal explains, “He broke into a retailer through one of their stores and got back to the corporate headquarters where there was a lot of credit card information stored in one place.”
Once Gonzalez had hacked his way into the corporate head office, he downloaded tens of thousands of customer’s credit card details. Gonzalez then sold the stolen credit card information to eastern European cyber criminals. In his first year, he stole an incredible 11.2 million payment cards from retailers across Miami. 12 months later this number had increases to almost 90 million.
“That was hitting very very large retail chains that have thousands of stores and millions of customers obviously. He went after really big targets and he was successful,” said Wysopal.
Gregg Housh, a hacker himself, weighed in saying, “Gonzalez got greedy. His plan had worked and he didn’t think he had left any tracks. Now, one agent versus one hacker – the hacker is probably going to be able to outwit him online. But when you bring money into the situation, with the amount of systems, agencies and people who are now focused on you (the hacker) – this becomes a problem.”
In July 2007, the year Live Free or Die Hard was released, Gonzalez was arrested when an undercover detective followed him into a bank. Pretending to use one of the machines, the detective watched as Gonzalez pulled out a number of debit cards and withdrew tens of thousands of dollars in cash. Following months of interrogation, authorities also found that he had access to over 43 million stolen credit card numbers. He was sentenced to 20 years.
But why didn’t this incredible cyber heist make the headlines?
“You don’t hear about the bank robberies that occur in cyber space because of the reality of the repetitional risk that would impact the financial institution as a whole. Law enforcement collaborate heavily with financial institutions to go after cyber criminals.” – Tom Kellermann