The FBI has been asked to help police investigate an international cyber-crime syndicate that hacked into a council-owned carpark to steal credit card details from thousands of customers.
The theft of credit card details from payment machines at the Downtown carpark in central Auckland was discovered in November. It had gone undetected for some time.
Victims of the scam have told the Herald their card details were used to make purchases in Phoenix, Arizona, which suggests the hackers are based overseas.
Such criminal networks exploit weak points in internet security and break into the computer server to steal credit card information from thousands of unwitting people.
The credit card details are then sold to individuals, or can be cloned on to generic cards. In this case, the credit cards were used to make everyday purchases at the Walmart chain of stores in the United States.
Westpac Bank conducted an internal investigation into the major security breach of the computer database, with the help of the Auckland City Council, which operates the 1970-space Downtown carpark.
The scale of the fraud has been shrouded in secrecy, as neither organisation has been forthcoming about the failings of the security system.
But the total amount stolen with the credit cards is believed to be hundreds of thousands of dollars, rather than millions.
Detective Senior Sergeant Hywel Jones, head of the Auckland fraud squad, would not comment on specifics of the case.
He did confirm that police had been in touch with the Federal Bureau of Investigation because of the link to the United States.
"The FBI have a liaison branch in Sydney and I've been in contact with them because of the international aspect of the investigation."
Though the amount of money stolen from the Downtown carpark customers would be small by international standards, it is thought the hackers would be part of a wider cybercrime syndicate.
The FBI agent in Australia was unavailable for comment and Weekend Herald questions to the media office in Washington yesterday were not answered by deadline.
Technically, the Downtown carpark machines are still at risk from hacking, so credit card payments can be made only at a staffed booth, which is more secure because the Eftpos system goes directly to the bank.
Auckland City Council has since fast-tracked a $4 million upgrade of the payment machines at the building, and three other inner-city carparks, after the embarrassing breach of the 10-year-old system.
The council hopes to have the new system in place by the end of the year.
Information technology security expert Daniel Ayers - whose own Visa card was replaced by ASB Bank because of the fraud - said the breach meant that either the council's automatic payment machine or a related computer system containing credit card details had been hacked.
He said the council's exposure to fraud was "outrageous".
"Should they have allowed themselves to get in this situation? No, they shouldn't have."
CATS ON THE PROWL
The FBI has Cyber Action Teams - CATS - small, highly trained teams of agents, analysts and computer forensics and code experts who "travel around the world on a moment's notice" to respond to cyber crime.
In one case, the FBI arrested two young men acting as "project managers" for a team of hackers in Russia who were hacking into computer systems and stealing user names, passwords and credit card information.
The FBI invited the pair to travel to the United States for "job interviews" with a brand-new "company".
Keen to impress, the hacker duo boasted of their illegal activities in the interview - which was used in court to convict them.
NZ asks FBI to help nail hackers
A parking machine in Auckland's Downtown carpark. Photo / Greg Bowker
AdvertisementAdvertise with NZME.
