Romanian police bust multi-million dollar card-cloning cyber gang

ATMRomanian police have arrested 20 members of a cyber crime gang allegedly responsible for stealing $15 million from ATMs using cloned cards.

Police raided 42 houses across Romania in an attempt to bring the group to its knees, according to a press release issued by the Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT).

The attack, which took place between February and December 2013, was initiated by hacking into the computer systems of banks in Puerto Rico and Oman.  Card data was stolen from major companies and cloned cards were produced that were used to withdraw cash from ATMs in more than 20 countries, including Romania, the United Kingdom, Japan, Germany and Russia.

Cashing out

The criminals then embarked on a massive cash withdrawal spree. In Romania, on 2 December 2013 alone, 4,200 withdrawals were made across 15 Romanian cities, totalling approximately €4,535,000.

The police raid in Romania uncovered various laptops and mobile phones thought to have been used by the network, including 2kg of gold ingots, paintings, and €150,000.

More than 78 million cyber alerts were registered in Romania last year according to the Minister for Information Society’s 2014 CERT-RO report presentation. Approximately 11,000 .ro domains were reported compromised throughout 2014, which represents a 5% increase over 2013.

11 individuals were arrested on January 17, 2014, on suspicion of taking part in an international network of Romanian payment card fraudsters. The suspects were detained just as they were preparing to go to Italy, presumably to conduct skimming attacks.


As hacks and payment card theft continue to escalate, companies are urged to take heed of the Payment Card Industry Data Security Standard (PCI DSS), which regulates the protection of cardholder data by any entity that processes, stores or transmits payment card data.

IT Governance Ltd is an authorised PCI Qualified Security Assessor (QSA), supplying a full range of PCI compliance and assessment products and services, including PCI consultancy, documentation toolkits, training courses and publications.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.