- Joined
- Jun 28, 2020
- Messages
- 6,308
- Reaction score
- 710
- Points
- 212
- Awards
- 2
An exhaustive request published today by a consortium of investigative journalists says that a three-part series of KrebsOnSecurity, published in 2015 at a Romanian bank of skimming ATMs operating in Mexico's main tourist destinations, destroyed their highly profitable business, which cost $ 1.2 billion and enjoyed the protection of leading Mexican authorities.
A multimedia investigation, organized by the Organized Crime and Corruption Project (OCCRP) and several international journalism partners, details the activities of the so-called criminal gang Riviera Maya, supposedly similar to the Romanian mafia group, which until recently ran its own ATM company in Mexico called Intacash and installed sophisticated electronic card collection devices in at least 100 ATMs throughout Mexico.
According to OCCRP, Riviera Maya skimming devices allowed thieves to clone cards used to withdraw funds from ATMs in other countries - often halfway around the world in places like India, Indonesia and Taiwan.
Investigators say that each skimmer grabbed an average of 1,000 cards a month, pumping out about $ 200 from individual victims' accounts. This allowed a criminal gang to steal about $ 20 million a month.
“The gang had little tricks,” OCCRP reporters said in their video document (above). "They used cards in different cities around the world and waited three months so that banks could not track where the card was originally cloned."
In September 2015, I went to the Mexican Yucatan Peninsula to find and document nearly two dozen ATMs in the region that were compromised with Bluetooth-based skimming devices. Unlike most skimmers that can be detected by searching for inappropriate components attached to the outside of a compromised ATM, these skimmers were connected to the internal electronics of ATMs operated by Intacash competitors, authorized personnel who were reportedly bribed or forced by gangs .
But since the skimmers were based on Bluetooth, which allowed thieves to periodically collect stolen data, just walking along a hacked car with a mobile device, I could find which ATMs were hacked using only a cheap smartphone.
One of the Bluetooth-enabled PINs pulled out of a compromised ATM in Mexico. The two components on the left are legitimate parts of the machine. A fake pin made to be inserted under the authorized PIN on the machine is an orange bit, top right. Bluetooth and storage chips are in the middle.
A few days of wandering around Mexico's main tourist areas found these sophisticated skimmers at ATMs in Cancun, Cozumel, Playa del Carmen and Tulum, including a hacked ATM in the lobby of my hotel in Cancun. OCCRP investigators reported that the gang also installed the same skimmers at ATMs at tourist points on the west coast of Mexico, in Puerto Vallarta, Sayulita and Tijuana.
Part III of my 2015 investigation concluded that Intacash was probably behind this scheme. A source in the ATM industry told KrebsOnSecurity at the time that Intacash-related ATM installers were contacting its specialists, offering these technicians multiple monthly salaries if they would provide periodic access to the machines they serviced.
The alleged leader of the Riviera Maya organization and the main owner of Intacash, 43-year-old Florian “Shark” Tudor, is a Romanian resident in Mexico. Tudor claims that he is an innocent, legitimate businessman who is harassed and robbed by Mexican authorities.
Last year, police in Mexico arrested Tudor for illegal possession of weapons and raided his various possessions in connection with the investigation into the killing of his former bodyguard Konstantin Sorinel Marku in 2018.
According to prosecutors, Mark and Shark noticed my message shortly after being published in 2015 and discussed what to do next in the messaging application:
Shark: Krebsonsecurity.com See this. Watch the video and that's it. There are two episodes. They made a telenovela.
Mark: I see. This is bad.
Shark: they destroyed us. This is it. Fuck his mother. Close all
Intercepted messages show that Shark also wanted revenge on the one who was responsible for leaking information about their operations.
Shark: Tell them I'm going to kill them.
Marku: Well, I can kill them. Anytime, anytime.
Shark: They check all the cars. Even in banks. They found over 20.
Brand: Whaaaat?!? They found? Already??
Throughout my investigation, I could not be sure if the shiny new Intacash ATMs - which positively closed the tourist areas in and around Cancun - were also used to send customer card data. I actually wrote about my suspicions that Intacash ATMs were useless when I discovered that they often canceled transactions immediately after entering the PIN code, and, as a rule, did not provide paper receipts for withdrawals made in US dollars.
But, citing some of the thousands of official documents obtained during their investigation, OCCRP says investigators now believe that Intacash installed the same or similar skimming devices in their own ATMs before they were deployed - even though they touted them as equipped with the latest security features and fraudulent devices. inhibitors.
Tudor “had access that gave the Shark team tremendous opportunities for fraud,” OCCRP reports. “And on the Internet, the number of complaints has increased. Foreign tourists in Mexico take refuge ”through Intacash ATMs.
Many of the compromised ATMs I found during my travels throughout Mexico were in hotels, and although Intacash ATMs could be found in many streets of the region, they could rarely be installed in hotels.
A confidential source with whom I traveled from place to place at the time said that Intacash avoided installing their cars in hotels - despite the fact that such places are generally much more profitable - for one simple reason: if you clone a card from the hotel’s ATM, the customer can easily complain about the hotel staff. With a street ATM is not so much.
An investigation by OCCRP and its partners demonstrates a very vicious, often violent, transnational organized crime circle that controlled at least 10 percent of the $ 2 billion annual world card withdrawal market.
It also details how the group laundered its illegal proceeds and allegedly created a human smuggling ring that helped members of the criminal gang infiltrate the United States and organize their trade against ATMs in the United States. Finally, the series talks about how the Mayan Riviera gang acted with impunity for several years, exploiting relations with influential anti-corruption officials in Mexico.
Tudor and many of his associates retain their innocence and still live as free people in Mexico, although Tudor has been charged in Romania for his alleged involvement in organized crime, attempted murder and blackmail. Intacash no longer works in Mexico. In 2019, Intacash sponsor bank in Mexico suspended the company’s contract for processing transactions through ATMs.
To learn more about this investigation, check out the OCCRP multi-part series, “How the Romanian Criminal Team Conquered the World of ATM Skimming.”
A multimedia investigation, organized by the Organized Crime and Corruption Project (OCCRP) and several international journalism partners, details the activities of the so-called criminal gang Riviera Maya, supposedly similar to the Romanian mafia group, which until recently ran its own ATM company in Mexico called Intacash and installed sophisticated electronic card collection devices in at least 100 ATMs throughout Mexico.
According to OCCRP, Riviera Maya skimming devices allowed thieves to clone cards used to withdraw funds from ATMs in other countries - often halfway around the world in places like India, Indonesia and Taiwan.
Investigators say that each skimmer grabbed an average of 1,000 cards a month, pumping out about $ 200 from individual victims' accounts. This allowed a criminal gang to steal about $ 20 million a month.
“The gang had little tricks,” OCCRP reporters said in their video document (above). "They used cards in different cities around the world and waited three months so that banks could not track where the card was originally cloned."
In September 2015, I went to the Mexican Yucatan Peninsula to find and document nearly two dozen ATMs in the region that were compromised with Bluetooth-based skimming devices. Unlike most skimmers that can be detected by searching for inappropriate components attached to the outside of a compromised ATM, these skimmers were connected to the internal electronics of ATMs operated by Intacash competitors, authorized personnel who were reportedly bribed or forced by gangs .
But since the skimmers were based on Bluetooth, which allowed thieves to periodically collect stolen data, just walking along a hacked car with a mobile device, I could find which ATMs were hacked using only a cheap smartphone.
One of the Bluetooth-enabled PINs pulled out of a compromised ATM in Mexico. The two components on the left are legitimate parts of the machine. A fake pin made to be inserted under the authorized PIN on the machine is an orange bit, top right. Bluetooth and storage chips are in the middle.
A few days of wandering around Mexico's main tourist areas found these sophisticated skimmers at ATMs in Cancun, Cozumel, Playa del Carmen and Tulum, including a hacked ATM in the lobby of my hotel in Cancun. OCCRP investigators reported that the gang also installed the same skimmers at ATMs at tourist points on the west coast of Mexico, in Puerto Vallarta, Sayulita and Tijuana.
Part III of my 2015 investigation concluded that Intacash was probably behind this scheme. A source in the ATM industry told KrebsOnSecurity at the time that Intacash-related ATM installers were contacting its specialists, offering these technicians multiple monthly salaries if they would provide periodic access to the machines they serviced.
The alleged leader of the Riviera Maya organization and the main owner of Intacash, 43-year-old Florian “Shark” Tudor, is a Romanian resident in Mexico. Tudor claims that he is an innocent, legitimate businessman who is harassed and robbed by Mexican authorities.
Last year, police in Mexico arrested Tudor for illegal possession of weapons and raided his various possessions in connection with the investigation into the killing of his former bodyguard Konstantin Sorinel Marku in 2018.
According to prosecutors, Mark and Shark noticed my message shortly after being published in 2015 and discussed what to do next in the messaging application:
Shark: Krebsonsecurity.com See this. Watch the video and that's it. There are two episodes. They made a telenovela.
Mark: I see. This is bad.
Shark: they destroyed us. This is it. Fuck his mother. Close all
Intercepted messages show that Shark also wanted revenge on the one who was responsible for leaking information about their operations.
Shark: Tell them I'm going to kill them.
Marku: Well, I can kill them. Anytime, anytime.
Shark: They check all the cars. Even in banks. They found over 20.
Brand: Whaaaat?!? They found? Already??
Throughout my investigation, I could not be sure if the shiny new Intacash ATMs - which positively closed the tourist areas in and around Cancun - were also used to send customer card data. I actually wrote about my suspicions that Intacash ATMs were useless when I discovered that they often canceled transactions immediately after entering the PIN code, and, as a rule, did not provide paper receipts for withdrawals made in US dollars.
But, citing some of the thousands of official documents obtained during their investigation, OCCRP says investigators now believe that Intacash installed the same or similar skimming devices in their own ATMs before they were deployed - even though they touted them as equipped with the latest security features and fraudulent devices. inhibitors.
Tudor “had access that gave the Shark team tremendous opportunities for fraud,” OCCRP reports. “And on the Internet, the number of complaints has increased. Foreign tourists in Mexico take refuge ”through Intacash ATMs.
Many of the compromised ATMs I found during my travels throughout Mexico were in hotels, and although Intacash ATMs could be found in many streets of the region, they could rarely be installed in hotels.
A confidential source with whom I traveled from place to place at the time said that Intacash avoided installing their cars in hotels - despite the fact that such places are generally much more profitable - for one simple reason: if you clone a card from the hotel’s ATM, the customer can easily complain about the hotel staff. With a street ATM is not so much.
An investigation by OCCRP and its partners demonstrates a very vicious, often violent, transnational organized crime circle that controlled at least 10 percent of the $ 2 billion annual world card withdrawal market.
It also details how the group laundered its illegal proceeds and allegedly created a human smuggling ring that helped members of the criminal gang infiltrate the United States and organize their trade against ATMs in the United States. Finally, the series talks about how the Mayan Riviera gang acted with impunity for several years, exploiting relations with influential anti-corruption officials in Mexico.
Tudor and many of his associates retain their innocence and still live as free people in Mexico, although Tudor has been charged in Romania for his alleged involvement in organized crime, attempted murder and blackmail. Intacash no longer works in Mexico. In 2019, Intacash sponsor bank in Mexico suspended the company’s contract for processing transactions through ATMs.
To learn more about this investigation, check out the OCCRP multi-part series, “How the Romanian Criminal Team Conquered the World of ATM Skimming.”