black box

The Polish authorities, supported by Europol, have arrested two individuals committing ‘Black Box’ attacks against ATMs.  The two suspects, both Belarusian nationals, were arrested in Warsaw on 17 July 2021.  The investigation uncovered that these criminals committed dozens of black box attacks in at least seven European countries, stealing an estimated €230,000 in cash.  The same brand and model of ATM were targeted in all the attacks.

To perpetrate such attacks criminals connect electronic devices (referred to as black boxes) to a cash machine and remotely force it to spew out all its cash.  For a full definition visit the Terminal Fraud Definitions page on this website.  In these cases they gained access to the ATM wires by drilling holes or melting parts of the ATM fascia in order to physically connect the machine to a laptop, which was then used to send relay commands that caused the machine to dispense all its cash.

EFECCThe police operation was carried out in the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT).

Europol (supported by the Joint Cybercrime Action Taskforce or J-CAT), brought together the national investigators, provided continuous intelligence development and analysis to support the field investigators, and has been working closely with the ATM manufacturer targeted by these criminals, making the link with the different law enforcement authorities involved in the investigation (from Poland, Germany, Austria, Switzerland, Czech Republic and Slovakia).

The EAST Expert Group on All Terminal Fraud (EGAF) focusses on the analysis and prevention of such attacks and, to date, has put out 48 related Fraud Alerts for EAST Members, the most recent of which was released in June 2021, covering Black Box attacks in Poland.