CNET también está disponible en español.

Ir a español

Don't show this again

Christmas Gift Guide
Software

The ten most expensive online crimes ever

Encrypt your passwords and batten down your digital hatches before reading on, as we reveal the ten most expensive digital crimes of all time

Is your firewall up and running? Have you downloaded virus definition updates? And how's that wire transfer to Nigeria coming along? Encrypt your passwords and batten down your digital hatches before reading on, as we reveal the ten most expensive online crimes ever committed.

10. Sneaky Trojans re-write bank statements = £275,000

Hundreds of Germans got a shock when they visited their bank branches this summer, revealing accounts emptied of hundreds of thousands of Euros, despite healthy online balances. They were the first victims of a new kind of Trojan malware that's able to disguise online withdrawals by faking balances on-screen. Other smart Trojans attempt to mask their activities and avoid automated anti-fraud systems by stealing random amounts of money or ensuring their victims' balances remain (just) in the black.

9. Ginko Bank collapses in Second Life = £440,000

Was it a Ponzi scheme or just the innocent victim of a crackdown on Second Life gambling? Regardless, over 18,000 people lost hundreds of millions of Lindens (worth nearly £500,000) invested in Ginko when Linden Labs suddenly closed casinos in the virtual world. MMORPGs have developed increasingly sophisticated financial systems, none more so than interstellar trading game Eve Online, whose ebank almost suffered a similar fate after trusted CEO 'Ricdic' embezzled a cool 200bn ISK (£3,115) to help with his real-life mortgage. Neither Ricdic nor Ginko director 'Nicholas Portocarrero' suffered any punishment other than being kicked out of their respective games.

8. Laundering money through iTunes = £470,000

It's often said that you only need one hit tune to get rich -- and that was certainly true for a gang of credit-card thieves last year. They arranged for several of their own songs to be uploaded to Apple iTunes and the Amazon MP3 store, then purchased them thousands of times over using 1,500 stolen credit-card numbers. The gang had earned nearly £200,000 in royalties before the Metropolitan Police and FBI mounted a joint operation in June to arrest three women and seven men, one of whom is thought to have been a DJ who composed the criminally good music.

7. Rogue anti-malware in Sweden = £690,000

You see a pop-up on your computer warning that you're vulnerable to online attacks and naturally you click on it. But instead of protecting you from digital miscreants, the fake anti-virus package sniffs out your banking passwords and siphons off your cash itself. That was the nightmare experienced by 250 unlucky customers of Swedish bank Nordea in 2007. Although bank officials and security experts tracked the attacks back to servers in America and then Russia, no one was ever prosecuted for the thefts.

6. Russians hack Citibank cash machines = £1,250,000

When Yuriy Rakushchynets cracked into the server controlling Citibank cashpoints located in 7-Eleven convenience stores across America, he must have thought he'd hit the jackpot: thousands of card numbers -- and the PINs that went with them -- rolling across his computer screens. Within weeks, teams of 'mules' were using blank cards imprinted with the numbers to max out ATMs around the country. Rakushchynets was last year also convicted of masterminding an attack on pre-paid MasterCards that netted him over £3m in just 48 hours.

5. Wireless attacks on TJ Maxx stores = £1,800,000

Note to the US Secret Service: when cutting a supergrass deal with a criminal hacker, try to ensure he's not simultaneously masterminding digital raids on dozen of retailers and accumulating a staggering 45.6 million credit-card numbers. Albert Gonzalez hunted targets using wireless 'wardriving' techniques against shops that included Barnes & Noble, Office Max and TJ Maxx. (And, yes, that is the same fashion clearance jumble-sale chain as TK Maxx here in the UK.) This 2007 attack saw Gonzalez surpass the previous record for theft of credit-card numbers -- a mere 40 million of which were stolen from processing company CardSystems in 2005.

4. Global flash-mob blitzes ATMs = £5,600,000

When payment-service company RBS WorldPay -- part of the Royal Bank of Scotland -- found that hackers had waltzed off with 1.5 million payroll account details and 1.1 million Social Security numbers, it had to wait months for the other shoe to drop. And drop it did, with a clatter that was heard around the world. On 8 November, street-level mules in 49 cities worldwide emptied 130 cash machines of over £5m in just half an hour using compromised bank cards -- that's nearly £200,000 a minute. Security professionals believe the cards, PIN numbers and attack timetable were 'franchised out' to regional criminal networks by Russian mobsters.

3. Gonzalez strikes again = £7,925,000

It's probably best to stick with a super-sized Slurpee and a cheese corn dog (whatever they are) when you visit 7-Eleven these days -- and pay with cash. Citibank ATMs in the chain were hit again in 2007 as Albert Gonzalez's cyber-crime spree reached its peak, culminating in the daylight robbery of 130 million credit- and debit-card numbers (that's about a third of the entire population of the USA) from payment-processing firm Heartland. In August this year, Gonzalez signed a plea bargain that will see him serving a prison term of at least 15 years. He forfeited a 2006 Beemer, Toshiba and IBM laptops, three Rolexes, a Nokia phone and, oh yes, $1.65m in cash.

2. The Feds take over DarkMarket = £20,750,000 saved

Here's a happy story for a change. In 2008, the FBI and the UK's Serious Organised Crime Agency infiltrated DarkMarket, a cybercrime forum used by up to 2,500 hackers to trade stolen financial information including credit-card data and log-in credentials. The FBI managed to take over the forum and move it on to their own servers, before rounding up 60 crims in at least four countries, including DarkMarket's boss in Turkey. The FBI estimates that closing down DarkMarket saved many millions of dollars worth of fraud and theft from occurring.

1. Brazilian phisher nets the biggest cybercrime haul ever = £30,000,000

Although mass attacks on merchant networks account for the majority of online crime, Brazilian phisher Valdir Paulo de Almeida may be the biggest cyber criminal ever. In 2005, he was accused by investigators of earning up to 100 million Brazilian reals over two years from phishing emails. Sending up to three million messages a day with sophisticated Trojans attached, Paulo de Almeida targeted Brazilian bank customers and led a gang of up to 18 hackers.