Wait a minute
This criminal gang wanted to "avoid attacking banks [...] in the criminals' own backyard" - but then that means they have been attacking banks in other countries ?
With a next-generation authentication attack thingy ?
Does this mean that Western European banks have been attacked ? Why haven't we heard anything about it ?
Or have we ? And if so, who got attacked and where did they get through ? Or are we supposed to believe that Western European bank security is robust enough to shrug off next-gen attack kit without skipping a beat ? At least, between two sessions of loosing confidential user ID data, that is.