Article

Remembering John Shepherd-Barron in the age of the million-dollar ATM heist

In the '60s, there was no such word as 'cybercrime' because there was no such thing. How times have changed.

May 22, 2013

By Robert Siciliano

When Scottish inventor John Shepherd-Barron came up with the idea for a workable cash machine way back in the 1960s while taking a bath, he had no way of knowing then that his invention, the ancestor of today's ATM, would one day take center stage in an audacious banking heist allegedly involving a gang of international cybercriminals stealing millions of dollars.

Indeed, when the first ATM was installed outside the North London Enfield branch of Barclays in 1967, the term cybercriminal hadn't yet been coined. For in the decade of change often dubbed the Swinging Sixties, which spawned the likes of the Beatles, hippie culture, protests against the Vietnam War, the first unmanned moon landing and Star Trek, cyberspace didn't exist. There was no email, no World Wide Web, no plastic credit or debit cards, no online banking or computer networks or social media. All of this was many, years away in some as yet undefined future. So in the 1960s, criminals had much lower-tech ways of thievery than they do today.

How different the landscape looks today. Now there are millions of cash machines installed all across the world, along with computer systems and complex networks with vulnerabilities that sophisticated cybercriminals continually look to exploit. The latest heist, spanning dozens of countries, the execution of tens of thousands of ATM transactions, and the hacking of United Arab Emirates and Oman banking data, has turned the media spotlight firmly on the whole issue of banking and credit card security.

Earlier this month, federal prosecutors in Brooklyn unsealed a four-count indictment charging eight defendants with participating in two worldwide cyberattacks that inflicted $45 million in losses on the global financial system in a matter of hours.

According to a statement issued by prosecutors, these defendants allegedly formed the New York-based cell of an international cybercrime organization that used sophisticated intrusion techniques to hack into the systems of global financial institutions, steal prepaid debit card data and eliminate withdrawal limits.

The statement continued, "The stolen card data was then disseminated worldwide and used in making fraudulent ATM withdrawals on a massive scale across the globe. The eight indicted defendants and their co-conspirators targeted New York City and withdrew approximately $2.8 million in a matter of hours. The defendants are charged variously with conspiracy to commit access device fraud, money laundering conspiracy, and money laundering."

One of the defendants, Alberto Yusi Lajud-Peña, also known as "Prime" and "Albertico" and the suspected ringleader of the New York cell, reportedly was murdered last month in the Dominican Republic.

Loretta E. Lynch, United States attorney for the Eastern District of New York, said the defendants and their co-conspirators participated in a massive 21st century bank heist that reached across the internet and stretched around the globe.

She said, "In the place of guns and masks, this cybercrime organization used laptops and the internet. Moving as swiftly as data over the internet, the organization worked its way from the computer systems of international corporations to the streets of New York City, with the defendants fanning out across Manhattan to steal millions of dollars from hundreds of ATMs in a matter of hours. Law enforcement is committed to moving just as swiftly to solve these cybercrimes and bring their perpetrators to justice."

Somehow, it all seems such a long way away from John Shepherd-Barron's first hole-in-the-wall cash machine that utilized special chemically impregnated checks instead of the plastic cards we use today. A customer placed the check in one drawer; after entering a four-digit personal identification number, a second drawer containing a £10 note sprang open.

According to an obituary in the Washington Post, Shepherd-Barron originally planned to make personal identification numbers six digits long but cut the number to four after his wife, Caroline, complained that six was too many.

"Over the kitchen table, she said she could only remember four figures, so because of her, four figures became the world standard," he told the BBC.

Shepherd-Barron never patented his invention and therefore made no money off of it. However, he was awarded the OBE — the Order of the British Empire — in 2004 for services to banking. He died on May 15, 2010, at a hospital in Inverness, Scotland, aged 84 — nearly a decade before his invention facilitated a fortune he may only have dreamed of.

Read more about security.

Robert Siciliano is CEO of IDTheftSecurity.com and a nationally known speaker on the subject of identity theft. He is also an identity theft expert to Hotspot Shield VPN and the author of "99 Things You Wish You Knew Before Your Identity Was Stolen". His identity theft and security blog appears on ATM Marketplace.