Thieves steal $2 million from gas station ATMs using Bluetooth skimmers

Multi-state scam

US prosecutors have charged 13 members of a gang accused of stealing $2 million from gas station customers using Bluetooth-enabled skimmers hidden inside pump ATMs.

Prosecutors said that the after stealing the data from Raceway and Racetrac forecourts in Texas, Georgia, and South Carolina using the undetectable devices, the cards were cloned to allow the accused to withdraw money from ATMs in other states.

Between March 2012 and March 2013, gang members stole $2.1 million (£1.25 million) from ATMs in Manhattan, California and Nevada, making sure that each transaction was under the $10,000 level beyond which fraud control might kick in. Money was deposited into 70 different bank accounts as part of an attempt to launder the proceeds.

Four of the 13 defendants have been picked out as particular importance, Garegin Spartalyan, 40, Aram Martirosian, 34, Hayk Dzhandzhapanyan, and Davit Kudugulyan, 42. Despite surnames with origins in the Caucasus, the indictment states that most of the 13 were US-born.

"By using skimming devices planted inside gas station pumps, these defendants are accused of fueling the fastest growing crime in the country," said New York County District Attorney, Cyrus R. Vance Jr.

"Cybercriminals and identity thieves are not limited to any geographic region, working throughout the world behind computers. In this case, the defendants are charged with stealing personal identifying information from victims in southern states, used forged bank cards on the East Coast, and withdrew stolen proceeds on the West Coast.

"My Office's Cybercrime and Identity Theft Bureau also operates across borders, and will continue to track and prosecute identity thieves here in Manhattan and around the world," he said.

Card skimmers have been a standard way of stealing debit and credit card data for years but the innovation of adding a Bluetooth interface allowed the gang to record the data without removing the devices. This might explain why the attack appears to have gone undetected for so long despite the skimmers having been placed on a small group of ATMs.

The second interesting aspect of the crime is that the criminals allegedly placed them not on bank ATMs - generally now monitored by CC TV camera - but at less well-defended gas stations. These are more common in the US than in countries such as the UK.

Physical bank attacks of this ilk can look like a forgotten type of crime. Last year, several banks in the UK almost fell prey to attacks using KVM devices rigged up to wireless cards. Probably the most ingenious ATM crime of recent times was the gang in San Francisco that glued down the 'enter', 'cancel' and 'clear' keys as a way of tricking users into leaving their cards in ATMs just after they entered the PIN number.

Join the CSO newsletter!

Error: Please check your email address.

Tags Personal Techsecurity

More about KVMManhattanWest

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts