Citibank Breach Allegedly Connected To Russian ATM Fraud Scheme

The global ATM scam was the first to be exposed and connected to some of the world's largest banks, experts say.

During the scam, members of the Russian Business Network, an international cybercrime ring, targeted numerous retail banks, including First Bank in St. Louis, Mo., and Citibank's North American retail banks, as well as other financial service companies and businesses.

Federal prosecutors charged 32-year-old Yuriy Ryabinin, aka Rakushchynets, a Ukrainian immigrant with a Florida driver's license, along with co-conspirators Ivan Biltse, 30, and Ryabinin's wife Angelina Kitaeva, with numerous counts of fraud and obstruction of justice related to the ATM heist.

While the RBN had fallen silent for the past two years, security experts contend that they are starting to see the notorious crime ring resurface in a new spate of attacks.

The Citibank attack was first detected over the summer, but might have occurred months prior, according the Wall Street Journal. The WSJ reported that numerous federal agencies, including the FBI, the National Security Agency, and the Department of Homeland Security traded information with Citigroup in an effort to apprehend the culprits behind the ATM fraud scheme.

An FBI agent, Albert Murray, stated under oath that cybercriminals had executed a scheme that defrauded thousands of ATMs belonging to First Bank and Citigroup, which resulted in losses of millions of dollars between 2005 and 2008, according to an FBI affidavit.

The affidavit stated that compromised Citibank accounts were used to make hundreds of ATM withdrawals in New York City during February 2008, including $3,000 and $5,000 withdrawals, respectively, from two different Citibank branches in Brooklyn on February 20, which ultimately netted Citibank losses of about $750,000.

In the same affidavit, Murray also claims that First Bank in St. Louis, Mo., notified the Secret Service that fraudsters made more than 9,000 fraudulent withdrawals and attempted withdrawals from its ATMs around the world, netting a loss of approximately $5 million.

Meanwhile, last month, the FBI cracked down on eight individuals involved in a hacker ring from Russia, Estonia and Moldova who allegedly stole more than $9 million in less than 12 hours during an international ATM crime spree targeting the Royal Bank of Scotland.

Citibank executives, however, vehemently denied claims by the Wall Street Journal and other publications that its systems were breached or that it was connected to the ATM heist in any way.

"Any allegation that the FBI is working on a case at Citigroup involving a breach of Citi systems resulting in tens of millions of dollars of losses is false. There has been no breach and there have been no associated losses," Citigroup said in a statement. "We take the security of our customers' accounts and system seriously. We continuously take steps to protect our customers against fraud, and we have state-of-the-art processes to detect and prevent criminal activity."

Citigroup conceded that some "third-party" incidents required the organization to take action to protect its Citbank's customers.

"Occasionally, as with virtually all financial institutions, there are instances of fraud or breaches of third-party systems that require our taking actions to protect our customer and Citi. However, contrary to the Wall Street Journal reported today, there have been no breach of Citi's systems."

All in all, Citigroup has had a tough year in light of the economic meltdown. The federal government now owns about 27 percent of Citigroup after its financial collapsed and the company subsequently became the recipient of a massive federal bailout earlier this year.

Security experts say this latest ATM hacking incident underscores the power and pervasiveness of organized cybercrime, specifically the recent re-emergence of the Russian Business Network.

"Cybercrime is getting more and more organized," said Mandeep Khera, chief marketing officer for security company Cenzic. "The Russian business network is kind of like the cybercrime mafia. We know it's going to continue to grow."

Khera said that this latest incident underscores the vulnerability of ATM infrastructure, which will likely be required to undergo a complete security overhaul from the ground up in order to be adequately protected from increasingly sophisticated future attacks.

"The conveniences of ATMs are necessary to go and get cash. We just need to make sure that the systems are much more advanced," Khera said. "The back-end systems that control the ATMs are archaic. These are legacy systems. How do you bring them up to date from a security point of view?"

Looking ahead, Khera said that experts are anticipating more targeted and highly coordinated large-scale attacks targeting government agencies and retail businesses, launched by the RBN as well as other cybercrime organizations, which have gained enormous strength and membership in the worsening global economy.

"It's the low-hanging fruit, and hackers don't even need to have a lot of sophistication to steal a lot of information," Khera said. "This is the one we found out about. The question is, how many attacks are going on right now that we don't know anything about?"