France Breaks Up ATM Jackpotting Network

According to French prosecutors an international network engaged in ATM jackpotting has been broken up by police (Source: AFP/SecurityWeek).

In a statement on Friday 15 May Paris prosecutor Remy Heitz said that two suspects (aged 26 and 31) and already known to the authorities, have been charged and placed in detention.  He said that, between May 10-12, several individuals from the “Russian-speaking community” suspected of belonging to an “international jackpotting organisation” were detained in Colombes outside Paris, Laval in western France and the southern city of Nice, while trying to damage an ATM.  The criminal group worked across Europe to insert malware into ATMs, attacking the machines at night. “A hacker, operating from abroad, would take control of the cash dispensing software,” the statement said.

Nineteen incidents across France have already come to light, with the financial damage estimated at €280,000.

“We have a new wave of ‘jackpotting’ in France,” Francois-Xavier Masson, head of France’s agency for combating crimes in information and communication technologies (OCLCTIC), told AFP, adding that more than 60 incidents have been identified since the end of 2019.  “There was a previous wave in 2018 and then it came to a halt, before resuming at the end of 2019. The way the groups act is changing, the teams are more international. But we are also changing how we act”, he added.

ATM jackpotting has become a recognised problem across the world in recent years.  This is done by either using malware, or by using an unauthorised device (known as a black box), to ‘jackpot’ or  ‘cash-out’ an ATM. Typically all the cash in the machine is illegally ejected in such attacks, and collected by the criminals at the scene.  The EAST Expert Group on All Terminal Fraud (EGAF) focuses on the prevention of malware and black box attacks and, since 2016, has produced 48 malware and black box related Fraud Alerts from 24 countries, which are available to EAST Members.

EAST EGAF has also produced standard definitions for both methods, which can be seen in the below images (for a full list of all Terminal Fraud Definitions and related criminal benefits see the Terminal Fraud Definitions page on this website). 

 

 

TRF fraudster jailed in Ireland after causing nearly €13,000 of damage

Damien Ionut (34), a Romanian national, has received a three year prison sentence in connection with a series of transaction reversal fraud (TRF) attacks on ATMs in the Republic of Ireland that caused nearly €13,000 of damage.  He was part of a group of men who targeted ATMs in counties Louth, Kildare, Wicklow, Meath, Westmeath and Dublin.  He also has 30 previous convictions for TRF attacks on ATMs in eight other European countries (Belgium, Czech Republic, Denmark, France, Italy, Romania, Spain, United Kingdom). According to police sources the total cash amount taken by Ionut in the five-week period was €5,980. Some of the attacks did not succeed but the total amount of damage caused was €12,881.  The attacks took place during October and November 2019.

Ionut was sentenced at Dublin Circuit Criminal Court on Friday 1st May 2020.  Police told the court that Ionut’s typical MO was as follows:

  • A legitimate “chip and pin” card is used to make a small cash withdrawal. When the cash dispenser shutter opens to dispense the cash, the criminal places a clip device behind it.
  • Then he uses the same card to request a much larger cash withdrawal, averaging €500. The ATM presents the cash behind the shutter, ready for delivery to the customer. However before the cash is dispensed, the ATM presents the bank card back to the user. The criminal quickly switches the real card for a dummy one, which is retracted by the ATM (which assumes the customer has left without it).
  •  As a result the ATM does not debit the customer’s bank account and attempts to recover the cash from behind the cash dispense shutter.
  • The clip placed behind the shutter prevents this from happening and the criminal then uses a chisel to break open the shutter and takes the cash.

More details of the case can be found in a related article published by the Irish Times

The EAST Expert Group on All Terminal Fraud (EGAF) focuses on the prevention of TRF and has produced a standard definition for TRF which can be seen in the below image.

TRF

EAST EGAF has produced definitions for all terminal fraud types, along with the related criminal benefits.  These can be seen on the Terminal Fraud Definitions page of this website.

 

 

Europol publishes Turkish language version of ATM Logical Attack Guidelines

EuropolATM has just published a Turkish language version of guidelines to help industry and law enforcement counter the ATM Logical Attack threat.  The English version of the document was officially launched in January 2019 at the 17th Meeting of the EAST Expert Group on All Terminal Fraud (EAST EGAF).  The document is now available in EnglishFrench, GermanSpanish, Russian and Turkish.

The production of this document was coordinated by EAST EGAF.  It has three sections:

  1. Description of Modi Operandi (Hareket Tarzi Açiklamas i)
  2. Mitigating the risk of ATM Logical and Malware Attacks, Setting up Lines of Defence (ATM’lere Yönelik Mantiksal ve Kötü Niyetli Yazilim Saldirilarinin Risklerini Hafifletmek Savunma Hatlari Kurmak)
  3. Identifying and responding  to Logical and Malware Attacks (Mantiksal ve KÖTÜ Niyetli Yazilim Saldirilarini Saptamak ve Yanitlamak)

The Guidelines were first published in 2015 and this latest version provides clearer definitions and greater clarity of the criminal methods and techniques encountered in these attacks, along with more detailed recommendations on how to mount a robust and effective response to them.  The recent fall in ATM malware and logical attacks, as reported by EAST in the latest European Payment Terminal Crime Report published in October 2019, reflects the work that has been put into preventing such attacks by the industry and law enforcement.

Circulation of the document is restricted to Law Enforcement and to the banking and payments industry, which includes EAST Members (National and Associate).

Europol publishes German language version of ATM Logical Attack Guidelines

EuropolATM has just published a German language version of guidelines to help industry and law enforcement counter the ATM Logical Attack threat.  The English version of the document was officially launched in January 2019 at the 17th Meeting of the EAST Expert Group on All Terminal Fraud (EAST EGAF).  The document is now available in EnglishFrench, German, Spanish and Russian.

The production of this document was coordinated by EAST EGAF.  It has three sections:

  1. Description of Modi Operandi (Beschreibung Der Vorgehensweise)
  2. Mitigating the risk of ATM Logical and Malware Attacks, Setting up Lines of Defence (Risiken Für Logische System-Angriffe Und Malware-Attacken Auf Geldautomaten Verringern, Abwehrmechanismen Etablieren)
  3. Identifying and responding  to Logical and Malware Attacks (Logische Systemangriffe Und Malware-Attacken Erkennen Und Darauf Reagieren)

The Guidelines were first published in 2015 and this latest version provides clearer definitions and greater clarity of the criminal methods and techniques encountered in these attacks, along with more detailed recommendations on how to mount a robust and effective response to them.  The recent fall in ATM malware and logical attacks, as reported by EAST in the latest European Payment Terminal Crime Report published in October 2019, reflects the work that has been put into preventing such attacks by the industry and law enforcement.

Circulation of the document is restricted to Law Enforcement and to the banking and payments industry, which includes EAST Members (National and Associate).

Europol publishes Russian language version of ATM Logical Attack Guidelines

ATM Logical Attack GuidelinesEuropol has just published a Russian language version of guidelines to help industry and law enforcement counter the ATM Logical Attack threat.  The English version of the document was officially launched in January 2019 at the 17th Meeting of the EAST Expert Group on All Terminal Fraud (EAST EGAF).  The document is now available in English, French, Spanish and Russian.

The production of this document was coordinated by EAST EGAF.  It has three sections:

  1. Description of Modi Operandi (ОПИСАНИЕ CПОСОБОВ РЕАЛИЗАЦИИ АТАК)
  2. Mitigating the risk of ATM Logical and Malware Attacks, Setting up Lines of Defence (МИНИМИЗАЦИЯ РИСКА ЛОГИЧЕСКИХ АТАК И АТАК С ПРИМЕНЕНИЕМ ВРЕДОНОСНОГО ПО, УСТАНОВКА ЛИНИЙ ЗАЩИТЫ)
  3. Identifying and responding  to Logical and Malware Attacks (ИДЕНТИФИКАЦИЯ И РЕАГИРОВАНИЕ НА ЛОГИЧЕСКИЕ АТАКИ)

The Guidelines were first published in 2015 and this latest version provides clearer definitions and greater clarity of the criminal methods and techniques encountered in these attacks, along with more detailed recommendations on how to mount a robust and effective response to them.  The recent fall in ATM malware and logical attacks, as reported by EAST in the latest European Payment Terminal Crime Report published in October 2019, reflects the work that has been put into preventing such attacks by the industry and law enforcement.

Circulation of the document is restricted to Law Enforcement and to the banking and payments industry, which includes EAST Members (National and Associate).

EAST FCS – Terminal Fraud Seminar

Open Event: Delegate places are limited.  Early registration is advised. REGISTRATION IS NOW OPEN.

EAST FCS – Terminal Fraud Seminar

This interactive event focuses on EAST EGAF and follows the basic structure of EAST EGAF Member meetings.  An introduction to the Group will be followed by a presentation of the latest EAST Fraud Statistics (H1 2019) and a high-level overview of the European situation by Europol.  Then a session will then focus on the terminal fraud situation in four countries/regions, followed by a short discussion.  This will be followed by a practical demonstration of Project Checkcard, aimed at checking the validity of EMV cards, followed by a session topic still tbc.  .

EAST FCS - Terminal Fraud SeminarAttendance at EAST EGAF meetings is limited due to the size of the Group and this event enables a wider participation and the opportunity for all attendees to engage with the Group and its organisers.

Want to attend the 2019 Event?  REGISTRATION IS NOW OPEN.

See the EAST FCS 2019 Programme

Event Sponsor

Interested in being a sponsor for the 2019 event?  Contact our Events Team

Europol publishes Spanish language version of ATM Logical Attack Guidelines

Logical AttackEuropol has just published a Spanish language version of the new guidelines to help industry and law enforcement counter the ATM Logical Attack threat.  The English version of the document was officially launched in January 2019 at the 17th Meeting of the EAST Expert Group on All Terminal Fraud (EAST EGAF), and the French version was published in March 2019.

The production of this document was coordinated by EAST EGAF.  It has three sections:

  1. Description of Modi Operandi (Descripción De Los Ataques Lógicos)
  2. Mitigating the risk of ATM Logical and Malware Attacks, Setting up Lines of Defence (Mitigación De Los Riesgos Y Establecimiento De Líneas De Defensa)
  3. Identifying and responding  to Logical and Malware Attacks (Identificación Y Respuesta Frente A Ataques Lógicos A Cajeros Automáticos)

This new version provides clearer definitions and greater clarity of the criminal methods and techniques encountered in these attacks, and more detailed recommendations on how to mount a robust and effective response to them.

Circulation of the document is restricted to Law Enforcement and to the banking and payments industry, which includes EAST Members (National and Associate).

EAST EGAF holds 18th Meeting in Amsterdam

EGAFThe Eighteenth Meeting of the EAST Expert Group on All Terminal Fraud (EAST EGAF) took place on Wednesday 8th May 2019 at ING Domestic Bank in Amsterdam.

EAST EGAF is a regional expert group that focuses on regional and global payment terminal crime and fraud related issues, threats and counter-measures.

The meeting was chaired by Mr Otto de Jong and was attended by key representatives from Terminal Deployers, Terminal Vendors, Networks, Card Schemes, Security Equipment and Software Vendors, Law Enforcement and Forensic Analysts.

The Group, which meets three times a year in advance of each of the meetings of EAST National Members, enables in-depth and technical discussion to take place on Logical and Malware attacks, Card Skimming, Card Trapping, Cash Trapping and Transaction Reversal Fraud.

In addition EAST EGAF generates EAST Fraud Alerts for all EAST Members (National and Associate). In total 210 EAST Fraud Alerts have been issued, 9 to date in 2019.

EAST EGAF meetings are restricted to working group members and, to provide a wider platform for sharing/discussion, the Group is holding a half-day open seminar in London on 9th October 2019.  Registration for this is now open and more information can be found on the EAST Events website.

Europol publishes French language version of new ATM Logical Attack Guidelines

ATM LogicalEuropol has just published a French language version of the new guidelines to help industry and law enforcement counter the ATM Logical Attack threat.  The English version of the document was officially launched in January 2019 at the 17th Meeting of the EAST Expert Group on All Terminal Fraud (EAST EGAF)

The production of this document was coordinated by EAST EGAF.  It has three sections:

  1. Description of Modi Operandi (Description des Modes Opératoires)
  2. Mitigating the risk of ATM Logical and Malware Attacks, Setting up Lines of Defence (Réduction du risque d’Attaques Logiques et de Programmes Malveillants visant les DAB, Mise en place de Lignes de Défense)
  3. Identifying and responding  to Logical and Malware Attacks (Identification et réponse aux Attaques Logiques et de Logiciels Malveillants)

This new version provides clearer definitions and greater clarity of the criminal methods and techniques encountered in these attacks, and more detailed recommendations on how to mount a robust and effective response to them.

Circulation of the document is restricted to Law Enforcement and to the banking and payments industry, which includes EAST Members (National and Associate).

Europol launches new ATM Logical Attack Guidelines at 17th EAST EGAF Meeting

ATM Logical AttackEuropol has published new guidelines to help industry and law enforcement counter the ATM Logical Attack threat.  The document was officially launched at the 17th Meeting of the EAST Expert Group on All Terminal Fraud (EAST EGAF), which took place on Wednesday 16th January 2019 at ING Domestic Bank in Amsterdam.  Production of the document was coordinated by EAST EGAF.  It has three sections:

  1. Description of Modi Operandi
  2. Mitigating the risk of ATM Logical and Malware Attacks, Setting up Lines of Defence
  3. Identifying and responding  to Logical and Malware Attacks

The original Guidelines were published in 2015 when law enforcement and the private sector came together to support the banking and payments industry. That report, the first of its kind, provided vendor-neutral guidance on countermeasures to such attacks, as well as a collection of indicators that could be used to detect when an incident may have occurred.  This new version provides clearer definitions and greater clarity of the criminal methods and techniques encountered in these attacks, and more detailed recommendations on how to mount a robust and effective response to them.

Steven Wilson, Head of Business at Europol’s European Cybercrime Centre (EC3), said “This updated and refocused edition of the report draws upon the expertise of an expanded panel of experts from both law enforcement and the private sector. In addition to the key role played by EAST, I would like to extend my thanks to Diebold Nixdorf, GMV, ING, INTERPOL, NCR, TMD Security and Trend Micro for their invaluable work and contributions, without which this report would not be possible.  I continue to look forward to Europol’s engagement and cooperation with all of our partners within private industry and law enforcement in such endeavours, and our continuing fight against threats affecting the payment industry.”

Circulation of the document is restricted to Law Enforcement and to the banking and payments industry, which includes EAST Members (National and Associate).

17TH EAST EGAF Meeting

The 17th Meeting was chaired by Mr Otto de Jong and was attended by Europol and INTERPOL as well as by key representatives from Terminal Deployers, Terminal Vendors, Networks, Card Schemes, Security Equipment and Software Vendors and Forensic Analysts.

EAST EGAF is a regional expert group that focuses on regional and global payment terminal crime and fraud related issues, threats and counter-measures.  The Group, which meets three times a year in advance of each of the meetings of EAST National Members, enables in-depth and technical discussion to take place on Logical and Malware attacks, Card Skimming, Card Trapping, Cash Trapping and Transaction Reversal Fraud.

In addition EAST EGAF generates EAST Fraud Alerts for all EAST Members (National and Associate). In total 204 EAST Fraud Alerts have been issued, 3 to date in 2019.

EAST EGAF meetings are restricted to working group members and, to provide a wider platform for sharing/discussion, the Group is holding a half-day open seminar in London on 9th October 2019.  Registration for this is now open and more information can be found on the EAST Events website.