FRANKFURT German prosecutors said on Friday they had arrested two Dutch citizens suspected of taking part in a $45 million global cyber heist unveiled the previous day by U.S. authorities.
A 35-year-old man and a 56-year-old woman were caught on February 19 withdrawing 170,000 euros ($220,500) in Düsseldorf using Bank of Muscat credit cards. In total, $2.4 million dollars was withdrawn in seven German cities, the prosecutors said.
On Thursday, U.S. prosecutors said an international criminal gang had stolen $45 million from two Middle Eastern banks by hacking into credit card processing firms and withdrawing money from cash machines in 27 countries.
The ringleaders of the global operation were believed to be outside the United States but U.S. prosecutors have declined to give details, citing the continuing investigation. Germany is the only other country so far to announce arrests.
A spokesman for the Düsseldorf prosecutor's office said the two Dutch people under arrest had come to Düsseldorf with the purpose of withdrawing money in Germany. The two suspects are accused of computer fraud and faking credit cards.
Germany's banking association, BdB, said it was not aware of any banks in Germany suffering losses as a result of the scheme.
In the complaint on Thursday, the U.S. Justice Department accused eight men of withdrawing $2.4 million from 3,000 bank cash machines in New York in the space of 10 hours in February. The Department said seven of the men have been arrested.
Dominican police on Friday confirmed that the eighth, Alberto Lajud-Pena, allegedly the leader of the New York cell, was killed in the Dominican Republic on April 27.
Lajud-Pena was shot dead in a robbery at a house in the town of San Francisco de Macoris, about 100 miles northeast of Santo Domingo, local police said. Investigators found $100,000 in cash in the house, as well as an M-16 assault rifle, two 9 mm pistols, a revolver, ammunition clips and a telescopic sight. It was not clear if the killing or the money were related to the cyber thefts.
According to the Justice Department, the hackers allegedly increased the available balance and withdrawal limits on prepaid MasterCard debit cards issued by Bank of Muscat of Oman, and National Bank of Ras Al Khaimah PSC (RAKBANK) of the United Arab Emirates.
They then distributed counterfeit debit cards to "cashers" around the world, enabling them to siphon millions of dollars from cash machines in a matter of hours, the complaint said.
National Bank of Ras Al Khaimah (RAKBANK) said on Friday the fraud against it took place at the end of last year and resulted in losses of around $4.7 million for the United Arab Emirates-based lender.
RAKBANK Chief Executive Graham Honeybill said he believed the fraud went wider than lenders in the Gulf region. "We are given to understand that the overall fraud encompassed a number of banks not only in the Middle East but in the USA and other countries," Honeybill said in a statement.
The amount of the potential loss for RAKBANK was 17.4 million UAE dirhams ($4.7 million) and this had been fully provided for before it closed its 2012 accounts, Honeybill said.
"The bank can confirm that none of its customers suffered any financial loss as a result of this fraud," he added.
The incident related to events in December 2012 and involved the bank's service provider in India, he said, without naming the provider or giving any further details. ($1 = 3.6730 UAE dirhams) ($1 = 0.7709 Euro)
(Reporting by Alexander Huebner in Frankfurt, Sabine Siebold in Berlin, Manuel Jiminez in Santo Domingo and Andrew Torchia in Dubai; Editing by Eddie Evans, Leslie Gevirtz and Claudia Parsons)