By Alexander Hübner
FRANKFURT (Reuters) - German prosecutors said on Friday they had arrested two Dutch citizens suspected of involvement in a $45 million (29 million pounds) global cyber heist unveiled the previous day by U.S. authorities.
A 35-year-old man and a 56-year-old woman were caught on February 19 withdrawing 170,000 euros in Düsseldorf using Bank of Muscat credit cards. In total, $2.4 million dollars had been withdrawn in seven German cities, the prosecutors said.
On Thursday, U.S. prosecutors said a criminal gang had stolen a total of $45 million from two Middle Eastern banks by hacking into credit card processing firms and withdrawing money from cash machines in 27 countries.
"We have arrested two Dutch people in Germany who apparently took part in this crime," a spokesman for the Düsseldorf prosecutor's office said.
He added the pair had come to Düsseldorf with the purpose of withdrawing the money in Germany. The two suspects are accused of computer fraud and faking credit cards.
Germany's banking association, BdB, said it was not aware of any banks in Germany suffering losses as a result of the scheme.
In a complaint on Thursday, the U.S. Justice Department accused eight men of forming the New York-based cell of the organisation, and said seven of them have been arrested. The eighth, allegedly a leader of the cell, was reported to have been murdered in the Dominican Republic on April 27.
The global ringleaders are believed to be outside the United States and prosecutors have declined to give details, citing the continuing investigation.
The hackers allegedly increased the available balance and withdrawal limits on prepaid MasterCard debit cards issued by Bank of Muscat of Oman, and National Bank of Ras Al Khaimah PSC (RAKBANK) of the United Arab Emirates, according to the complaint.
They then distributed counterfeit debit cards to "cashers" around the world, enabling them to siphon millions of dollars from cash machines in a matter of hours, the complaint said.
National Bank of Ras Al Khaimah (RAKBANK) said on Friday the fraud against it took place at the end of last year and resulted in losses of around $4.7 million for the United Arab Emirates-based lender.
RAKBANK Chief Executive Graham Honeybill said he believed the fraud went wider than lenders in the Gulf region. "We are given to understand that the overall fraud encompassed a number of banks not only in the Middle East but in the USA and other countries," Honeybill said in a statement.
The amount of the potential loss for RAKBANK was 17.4 million UAE dirhams ($4.7 million) and this had been fully provided for before it closed its 2012 accounts, Honeybill said.
"The bank can confirm that none of its customers suffered any financial loss as a result of this fraud," he added.
The incident related to events in December 2012 and involved the bank's service provider in India, he said, without naming the provider or giving any further details.
(Reporting by Alexander Huebner in Frankfurt, Sabine Siebold in Berlin and Andrew Torchia in Dubai; Editing by Eddie Evans and Leslie Gevirtz)
