In our last column, we wrote about dangers posed to corporations and law firms by cyber attacks from hackers who secretly take control of host computers.1 In this column, we describe “Unlimited Operations,” a narrower but no less insidious form of cyber attack that poses a particular threat to financial institutions. In a typical unlimited operation, hackers remove security features from bank accounts, increase balances, and then provide teams of “cashing crews” with account information that allows them to make mass ATM withdrawals from the compromised accounts. The lack of security features and increased account balances allow the cashing crews to withdraw money from ATM branches all over the world in amounts far greater than typical withdrawal limits.
While the dangers are especially acute for international banks, the technology could also apply to any corporation that issues any form of credit or debit card—even gift cards. These attacks also use payment processors and vendors as a means to access the card issuer, thus creating potential liability and litigation risk for a variety of corporations.
