If you want to rob a bunch of ATMs and get away with it, try keeping your vulnerable window longer than 2 hours...
I mean, it's going to be pretty straightforward to gather a bunch of footage and see what happened those 2 hours. These guys will get busted within the next few days basically guaranteed.
If they can coordinate a 100 person operation across 1400 ATMs nationwide in the span of two hours, I'd assume they had basic face covering to make it hard for authorities to determine their identities. At least, I hope so. After all that trouble...
Besides, I think the decision to execute the transactions in a short time window is correct. Otherwise banks would easily spot a pattern in the transactions (max amount, stolen CC, South Africa) and start rejecting them. Even if legitimate transactions are denied, it's still worth it. They would have never been able to get away with $12 mil in cash.
The way these things are usually setup, the people using the cards have little to do with collecting the info, or making the cards. If a few are fought they don't know anything about the others, and are much harder to trace. So cops don't put a lot of effect into tracking these people.
There are now 100 people holding cash. How will the organizers get it back?
Dead drops? One guy talks, they have a drop site. Law enforcement knows how to do stakeouts. Wait until someone comes to pick up the cash from the drop site, tail him to wherever he goes next.
Deposit it in real banks and transfer it somewhere? Okay, now you don't even need a participant to cooperate, you can just identify him and pull his bank records.
Maybe they convert it to BTC. Are there mixing services doing enough volume to really be untraceable? Otherwise investigators can watch it on the other side and see whose bank account it gets converted into.
The whole point of mules is for them to get burned. Assuming this was done properly, every single one of those 100 people can get caught and the cops won't be any closer to catching the people responsible.
That only holds true once the money has percolated up the chain - if they catch anyone in the window prior to the handoff, it could be of use.
Of course, if they pulled this off effectively, the drops all were probably executed soon after the 2h window, and then you've got a much colder trail to follow, even if you find one of the mules and magically have video surveillance of the region.
In all likelihood the handoff would be executed via bitcoins or a wire transfer by whoever is coordinating the operation in Japan. In all likelihood the people actually responsible for the hack are going to be eastern european or Russian, and once the money is no longer in cash it'll be gone forever.
More likely, the Yakusa can find 100 random people who they have some sort of leverage over and who know virtually nothing about anything of importance so it doesn't especially matter if they get arrested.
A bear jumps out of a bush and starts chasing two hikers. They both start
running for their lives, but then one of them stops to put on his running
shoes.
His friends says, "What are you doing? You can't outrun a bear!"
His friend replies, "I don't have to outrun the bear; I only have to outrun
you!"
Let me guess, they'll narrow it down to a bunch of people wearing surgical masks, hats, glasses, cheap windbreakers, and blue jeans. Now they can just arrest half the people in Japan!
Assuming ATMs take and store a photo every time they're used, then it'll be a matter of matching the photos to photos of people already in the corpus of training data several times. That makes it quite easy.
The guys retrieving the money, yes, but that doesn't guarantee that the masterminds will get caught.
Chances are the ones going to the ATMs are money mules (https://en.m.wikipedia.org/wiki/Money_mule), probably not of the completely innocent kind, but of the "not too smart, falling for a 'want to earn $100 in an hour?'" question from a 'friend'.
$100 will give them about a 10% cut, if they do one ATM. It is more likely, though, that they had each guy do >1 ATM. So, you would need, maybe, around 250 of these guys. To recruit them, find around 50 slightly smarter but still not too smart guys who get $2000 each. On top of that, you need real criminals who can make sure the lower levels do not run away with the money, either by convincingly threatening them with bodily harm, or by following them to the ATMs while staying out of view of the cameras.
Yes, costs will add up, but you should be able to keep costs below 50%.
A 10% cut wouldn't be $100. It sounds like each person ran about 140(!) transactions, maxing the withdrawal on each one. That's 14 million yen per person or about 127,000 usd. 10% would be 12,700. Still possible that this happened but my guess is it was yakuza given the coordination and manpower.
As someone upthread remarked, it actually seems improbable it was yakuza - way too visible, even with no provable connection, going to make their lives problematic for awhile.
Plus, we probably wouldn't be hearing about it a week after the fact, if it's part of a long-standing interaction like the yakuza, barring someone with loose lips.
No matter how you spread it out, couldn't they just look at the video from when each fraudulent withdrawal was made? Also, what is the vulnerable window here?
If you want to rob a bunch of ATMs and get away with it, try keeping your vulnerable window longer than 2 hours...
I mean, it's going to be pretty straightforward to gather a bunch of footage and see what happened those 2 hours. These guys will get busted within the next few days basically guaranteed.