US sentences to prison its first ATM jackpotter
Argenys Rodriguez got 12 months and a day in prison for making ATMs spit out cash.
A 22-year-old man was sentenced to one year and a day in prison for his role in an ATM jackpotting scheme, becoming the first person to receive a prison sentence for a crime of this nature in the US.
ATM jackpotting isn’t by any chance a new thing. The term is used by law enforcement and the IT security industry to describe scenarios where a crook uses various techniques –usually malware– to make ATMs “spit out cash.”
ATM jackpotting attacks first appeared in Russia a few years back, then spread to Europe and Asia, and made their way to Latin America and Mexico last year.
At the start of the year, ATM vendor Diebold Nixdorf sent out a security alert warning US banks that ATM jackpotting had also started appearing in the US, as well.
Days after this alert made headlines in US press, news also broke out that US law enforcement also arrested two groups of ATM jackpotters.
The first arrests took place in Wyoming last October, where law enforcement apprehended a group of four individuals.
Recurring revenue is what happens when services are charged on a recurring basis, typically monthly or yearly (like your cell phone bill), and it can mean a lot of good things for your business.
Court documents say authorities caught the group after officers smelled marijuana smoke coming out of a parked van during a routine patrol. During a search of the vehicle, police found several backpacks full with cash, and they later connected the group to several reports of local ATMs that have been mysteriously emptied.
But while this group is still tied in the legal system, a first sentence was delivered to a man captured during late January 2018, as part of a second group.
This second group was a two-man team made up of Spanish national Alex Alberto Fajin-Diaz, 31, and Argenys Rodriguez, 21, of Springfield, Massachusetts.
According to court documents, the two deployed the Ploutus malware on ATMs located across Connecticut (cities of Cromwell, Hamden, and Guilford) and Rhode Island (city of Providence).
The two were arrested after an ATM jackpotting at Citizens Bank’s Cromwell branch. Bank employees reported the ATM hack, and police officers picked up the two in the middle of another ATM jackpotting attack, while the ATM was still dispensing $20 bills.
Officers found over $5,600 in cash in the suspects’ car, along with equipment needed to carry out ATM jackpotting attacks.
Both pleaded guilty in June. Rodriguez was sentenced on Wednesday, September 26, while Fajin-Diaz is still waiting for his sentencing hearing. Rodriguez’s imprisonment will be followed by two years of supervised release, and the judge also ruled he’ll have to pay restitution in the amount of $121,355.38.
But while ATM jackpotting attacks are now commonplace in the US and sentences are expected to flow for subsequent arrests, another type of ATM attack has also crept in.
The US Secret Service has recently issued a warning to financial institutions about ATM wiretapping attacks, also known as ATM eavesdropping.
This type of attack was described at the Kaspersky SAS security conference in 2017 (see after the 12:00-minute mark in the video below) and consists of crooks drilling holes in ATMs in the position of known cables and connectors to place a skimmer inside. The hole is then hidden with a faceplate or a large sticker, and crooks retrieve skimmer after a few days of collecting card data.
To read the original article