13 more arrests of ATM explosive gang members

German authorities, together with Dutch and Belgian counterparts, have arrested thirteen members of a Dutch gang linked to 21 ATM explosive attacks against cash machines in Germany.  The gang stole over €1.6 million as a result of the attacks, and collateral damage to equipment and buildings was in excess of €4 million.

The arrests took place on 28 June with over 100 Police officers involved in Germany (North Rhine Westphalia) and the Netherlands.

  • 8 arrests were made in the Netherlands
  • 3 arrests were made in Germany
  • 2 arrests were made in Belgium

These arrests follow another successful police operation in May 2022.

Europol’s European Serious Organised Crime Centre supported the investigation from the onset by bringing together the national investigators from Germany and the Netherlands to establish a joint strategy and to organise the intensive exchange of evidence needed to prepare for final phase of the investigation.

Threat To Life

Law enforcement is increasingly concerned about the heavier explosives that criminals are using to gain access to the ATM safes. The explosions are putting the lives of local residents and bystanders at risk: the surrounding buildings can collapse, or fragments of the explosion can hit passers-by.

In some cases, the perpetrators escape the crime scene in powerful motorised vehicles at speeds of up to 250 km/h, causing a serious risk to public safety.

Cross Border Cooperation

The EAST Expert Group on ATM and ATS Physical Attacks (EGAP) is a cross-border European specialist expert forum for discussion of ATM, ATS and CIT related physical attack trends, attack methodologies and counter-measures, threat protection, and for the provision of regularly updated lists of manufacturers of ATM protective devices.  The Group meets twice each year to enable in-depth and technical discussion to take place. The 17th EAST EGAP Meeting took place on 2nd March 2022.  Information exchange linked to the prevention of ATM explosive attacks is a key focus of the Group.

ATM explosive attack gang members arrested in successful Police operation

On 17 May 2022 three people were arrested in the Netherlands in connection with a series of ATM explosive attacks in Germany.  The arrests, which took place in Haarlem and Vianen, followed the arrests of 3 other members of the same criminal group on 30 March 2022 in Hessen, Germany.

This gang is believed to have targeted 8 ATMs in Germany between October and November 2021, stealing over €958,000 in cash.  Typically these attacks took place in the early hours of the morning – to access the cash the gang blew open the ATMs with explosives.  These explosions caused nearly €1 million in collateral damage to the buildings where the ATMs were located and the criminals showed reckless disregard for the safety of people in the vicinity of the attacks, or living nearby.

International Police Operation

The arrests were made by the Dutch Police (Politie Noord-Holland), working together with the German Police Directorate of Hochtaunus (Polizeidirektion Hochtaunus)Europol coordinated the operation (Op Pfeil/Pentagon), which was the culmination of many months of meticulous planning between the German and Dutch authorities.  Europol brought together the national investigators, who have been working closely together with Europol’s Serious Organised Crime Centre, to establish a joint strategy to take down the criminal gang. On the action day a Europol mobile office was deployed to Haarlem to facilitate the extensive exchange of information and evidence, and to support with the analysis of the seized electronic devices.

Police Appeal

In addition to the 6 members arrested so far, law enforcement is seeking to identify a seventh member of this gang.  The German Prosecutor General’s Office Frankfurt am Main are urging members of the public with information to come forward. Anyone who has any knowledge of these fugitives’ whereabouts should get in touch with any information that can help to track down the fugitives.

For more information click here

Cross Border Cooperation

The EAST Expert Group on ATM and ATS Physical Attacks (EGAP) is a cross-border European specialist expert forum for discussion of ATM, ATS and CIT related physical attack trends, attack methodologies and counter-measures, threat protection, and for the provision of regularly updated lists of manufacturers of ATM protective devices.  The Group meets twice each year to enable in-depth and technical discussion to take place. The 17th EAST EGAP Meeting took place on 2nd March 2022.  Information exchange linked to the prevention of ATM explosive attacks is a key focus of the Group.

ATM jackpotting attacks fall in Europe

EAST has published a European Payment Terminal Crime Report covering 2021 which highlights a fall in ATM jackpotting attacks.

ATM JackpottingATM malware and logical attacks against ATMs were down 74% (from 202 to 52). All the reported attacks were aimed at ATM jackpotting, either using black box attacks or malware. A black box attack is the connection of an unauthorised device which sends dispense commands directly to the ATM cash dispenser, to ‘cash-out’ or ‘jackpot’ the ATM. Related losses fell from €1.2 million to €0.7 million).

EAST Executive Director Lachlan Gunn said, “This fall in ATM malware and logical attacks is great news and reflects the hard work that has been put in by the industry and law enforcement to address the issue. Most such attacks remain unsuccessful. A recent trend is a shift from logical black box attacks to malware attacks aimed at ATM jackpotting. When executed similar holes are made in the ATM fascia and so it can be difficult to work out which type of attack took place. Our Expert Group on All Terminal Fraud (EGAF) is focussed on countering such attacks, with close cooperation between industry partners and law enforcement. EGAF is working with Europol right now to update a document entitled ‘Guidance & recommendations regarding logical attacks on ATMs’, which has been a key tool in the fight against such attacks.”

Terminal related fraud attacks were down 8% (from 6,523 to 5,969 incidents). All fraud types were down except for cash trapping at ATMs, which increased by 14% (from 1,829 to 2,086 incidents). Total losses of €198 million were reported, down 9% from the €218 million reported in 2020. Most losses remain international issuer losses due to card skimming, which were €166 million.

ATM related physical attacks were up 6% (from 3,722 to 3,947 incidents). Attacks due to ram raids and ATM burglary were down 40% (from 749 to 447 incidents). ATM explosive attacks (including explosive gas and solid explosive attacks) were down 32% (from 923 to 629 incidents). Losses due to ATM related physical attacks were €10 million, a 55% decrease from the €22 million reported during 2020. 64% of these losses were due to explosive attacks, which were down 56% from €14.59 million to €6.35 million.

A summary of the report statistics under the main headings is in the table below.

The full Crime Report is available to EAST Members (National, Global and Associate)

National & Global Fraud Intelligence sharing – 5th Interim EAST Meeting

The fifth Interim Meeting of EAST National and Global Members took place on Wednesday 6th October 2021. Due to the Covid-19 situation, it was conducted as a virtual meeting. The meeting was chaired by Veronica Borgogna from AXEPTA BNP Paribas.  The key focus was on the sharing of global, regional, and national, payment and terminal fraud intelligence.

Law enforcement overviews were provided by Europol, the Gulf Cooperation Council Police (GCCPOL), the United States Secret Service (USSS) and INTERPOL.  Two presentations were made by Europol: one from the European Cybercrime Centre (EC3) covered recent successful cross-border operations; the other covered Physical ATM attacks across Europe.  The GCCPOL presentation covered payment and fraud issues seen by their 6 member countries focussing on Technological Fraud (crimes committed using different forms/types of machines and technology) and Non-Technological Fraud (conducted directly against the victim). The USSS presentation covered Covid-19 pandemic relief fraud and the INTERPOL presentation covered recent issues relating to financial crimes in the LATAM region.

Private sector fraud intelligence updates were received from 28 countries, either directly or via regional/global updates by Citi, HSBC and Worldline.  Regional Updates were also provided for ASP, MENA and LATAM. Each update covered Fraud Types, Fraud Origin, Due Diligence and Physical Attacks (ATM, ATS and CIT).  The importance of raising consumer awareness to counter the rising threats related to social engineering remains a key issue.

EAST Fraud Update 3-2021 will be produced early next month, based on the country updates provided at the Interim EAST Meeting.  EAST Fraud, Payment and Physical Attack Updates are available on the EAST Intranet to EAST Members.

The next meeting of this group, scheduled for 9th February 2022, will hopefully be the 1st EAST Global Congress, which is planned as Hybrid Meeting.  This is dependant on the prevailing status of the Covid-19 pandemic and the meeting will revert to a virtual Interim Meeting if required.

ATM Explosive Attacks fall in Europe

EAST has published a European Payment Terminal Crime Report covering the first 6 months of 2021 which shows a significant fall in ATM explosive attacks.

While overall ATM related physical attacks were up 2% (from 1,829 to 1,873 incidents), mainly driven by a rise in vandalism, ATM explosive attacks (including explosive gas and solid explosive attacks) were down 52% (from 505 to 241 incidents).  Attacks due to ram raids and ATM burglary were down 42% (from 405 to 234 incidents).  Losses due to ATM related physical attacks were €4.9 million, a 61% decrease from the €12.6 million reported during the same period in 2020.  35% of these losses were due to explosive attacks, which were down 58% from €7.6 million to €3.2 million.

EAST Executive Director Lachlan Gunn said, “The first 6 months of this year have been influenced by the Covid-19 pandemic, although travel restrictions have eased across Europe. This significant fall in explosive attacks at ATMs is welcome news for all of us, given the destructive nature of such attacks and the resultant risks to life and property. However, the prize remains an attractive option for criminals and the average cash loss per successful solid explosive attack is now estimated at €40,877. To address the issue our EGAP expert group has worked closely with Europol and other Law Enforcement Agencies, and all parties remain vigilant to the threat.”

ATM malware and logical attacks against ATMs were down 74% (from 129 to 33) and all but one of the reported attacks were Black Box attacks. A Black Box attack is the connection of an unauthorised device which sends dispense commands directly to the ATM cash dispenser, to ‘cash-out’ or ‘jackpot’ the ATM. Related losses were down 37% from €1.0 to €0.63 million. Most such attacks remain unsuccessful.

Terminal related fraud attacks were down 24% (from 3,631 to 2,775 incidents). Card skimming fell to another all-time low (down from 321 to 279 incidents) and transaction reversal fraud (TRF) at ATMs decreased by 100% (down from 108 to zero incidents). Total losses of €102 million were reported, down 6% from the €109 million reported during the same period in 2020. Most losses remain international issuer losses due to card skimming, which were €86 million.

A summary of the report statistics under the main headings is in the table below.

 

The full Crime Report is available to EAST Members (National, Global and Associate)

ATM Explosive Attack OCG taken down by Police

An organised crime group (OCG) specialised in ATM explosive attacks has been taken down by a coordinated cross-border police operation.  9 suspects were taken into custody after the action by a joint investigation team (JIT) between the Dutch and German authorities.  The 18-month investigation was coordinated by Europol and Eurojust.

The criminals produced step-by-step tutorials on how to blow up ATMs and have been linked to at least 15 ATM attacks in Germany.  The ATMs were blown open using homemade improvised explosive devices (IEDs), posing a serious risk to life.  During one test run by the criminals, one suspect died and another was seriously injured.

Some key facts relating to the investigation are:

  • It was initiated in February 2020 after authorities in Osnabrück, Germany, identified suspicious orders of ATMs from a German company.
  • Special surveillance measures were put in place, which led the investigators to Utrecht, the Netherlands, where a 29 year-old individual and his 24 year-old accomplice were running an illegal training centre for ATM attacks.
  • The pair was ordering different models of ATMs and recording tutorials on how to most effectively blow them up.
  • Links were also established between this criminal organisation and at least 15 ATM attacks in Germany. The total damage, including both the losses and the property damage, is estimated at approximately €2,150,000.

The investigation culminated in a series of police raids on 28 September for which two Europol experts were deployed in the field.  Seven house searches were carried out in the Netherlands in the triangle of Utrecht, Amsterdam and the Hague, resulting in the arrest of three suspects.  These three individuals are currently in custody in the Netherlands and are to be extradited to Germany.

Given the cross-border nature of this case, a Joint Investigation Team (JIT) was set-up in April 2021 between the Dutch and German authorities with the assistance and financing of Eurojust.  Furthermore, the Agency organised the judicial cooperation and supported the execution of European Investigation Orders (EIOs).

In addition, an Operational Taskforce (OTF) was set up between Europol, Germany and the Netherlands to pool investigative resources and expertise.  In the framework of this OTF, 18 operational meetings were held at Europol to prepare for the final phase of the action.

ATM explosive attacks are a growing concern, as they often put innocent lives in danger.  In order to prevent and tackle this type of crime, close cooperation between law enforcement and the ATM industry is paramount.  Europol and the European Crime Prevention Network (EUCPN) have worked on a number of recommendations to prevent physical attacks against ATMs.

The EAST Expert Group on ATM and ATS Physical Attacks (EAST EGAP) is a European specialist expert forum for discussion of ATM,  ATS and CIT related physical attack trends, attack methodologies and counter-measures, threat protection, and for the provision of regularly updated lists of manufacturers of ATM protective devices.

The EAST EGAP meets twice each year to enable in-depth and technical discussion to take place.  The Group held its 16th Meeting on 1 September 2021.  To date it has published 46 Physical Attack Alerts for EAST members, 35 of which relate to ATM Explosive Attacks (22 Explosive Gas and 13 Solid explosive).

EAST EGAP holds 16th Meeting

The 16th Meeting of the EAST Expert Group on ATM and ATS Physical Attacks (EGAP) took place on Wednesday 1st September 2021.  Due to the Covid-19 situation, it was conducted as a virtual meeting and was chaired by Graham Mott of the LINK Scheme.

  • Europol gave a central assessment of the ATM physical attack situation in Europe
  • National Threat Assessments were shared by representatives from 19 countries:
CountryUpdate(s) Given By
AustriaCriminal Intelligence Service
BrazilTecBan
BulgariaNational Police
CroatiaMUP Croatia
Czech RepublicCriminal Police
FranceGendarmerie - OCLDI
GermanyBKA
GreeceHellenic Police
HungaryNational Bureau of Investigation
IrelandAn Garda Siochana
ItalyMIB
LuxembourgService de Police Judiciare
NetherlandsNational Police
PolandNational Police
PortugalPolicia Judiciare
South AfricaSABRIC
SpainGuardia Civil / National Police / Autonomous Police of Catalonia
SwitzerlandFederal Office of Police (FEDPOL)
United KingdomSaferCash / West Midlands Police (ROCU)

Experts from the following organisations also participated in the meeting:  ATM Safe, Barclays, Cyprus Police, Danish National Police, Feerica S.A., Gunnebo, Guarda Nacional Republicana, HSBC, Mactwin Security, Malta Police Force, NatWest Group, National Bureau of Intelligence (HU), National Bureau of Investigation (FI), NCR, Oberthur Cash Protection, Policia de Seguranca Publica,  Scotia Security Group, Spinnaker.

EAST EGAP is a European specialist expert forum for discussion of ATM,  ATS and CIT related physical attack trends, attack methodologies and counter-measures, threat protection, and for the provision of regularly updated lists of manufacturers of ATM protective devices. The latest lists can be downloaded from the ‘Stained Banknotes’ page on this website (bottom of page).

The Group meets twice each year to enable in-depth and technical discussion to take place. The areas covered include:

  • The latest incidents and criminal MOs
  • The collection and distribution of best practice guidelines
  • The evolution of threats and counter-measures
  • Lessons from and on law enforcement

National & Global Fraud Intelligence sharing – 4th Interim EAST Meeting

A fourth Interim Meeting of EAST National and Global Members took place on Wednesday 9th June 2021. Due to the Covid-19 situation, it was conducted as a virtual meeting. The meeting was chaired by Graham Mott from the LINK Scheme.  The key focus was on the sharing of global, regional, and national, payment and terminal fraud intelligence.

Law enforcement overviews were provided by Europol, the Gulf Cooperation Council Police (GCCPOL), the United States Secret Service (USSS) and INTERPOL.  Two presentations were made by Europol: one from the European Cybercrime Centre (EC3) covered recent successful cross-border operations; the other covered Physical ATM attacks across Europe.  The GCCPOL presentation covered payment and fraud issues seen by their 6 member countries focussing on Technological Fraud (crimes committed using different forms/types of machines and technology) and Non-Technological Fraud (conducted directly against the victim. The USSS presentation covered US Fraud Trends (2020/2021), along with prevention/detection techniques, and the INTERPOL presentation covered recent issues relating to financial crimes, money laundering, and asset tracing.

Private sector fraud intelligence updates were received from 31 countries, either directly or via regional/global updates by Citi, HSBC and Worldline.  Each update covered Fraud Types, Fraud Origin, Due Diligence and Physical Attacks (ATM, ATS and CIT).  A key issue, highlighted by most of the countries, continues to be the importance of raising consumer awareness to counter the rising threats related to social engineering.

EAST Fraud Update 2-2021 will be produced during July, based on the country updates provided at the Interim EAST Meeting.  EAST Fraud, Payment and Physical Attack Updates are available on the EAST Intranet to EAST Members.

The next meeting of this group, scheduled for 6th October 2021, will also be a virtual Interim meeting.  The 1st EAST Global Congress is now scheduled to be held in February 2022, dependant on the prevailing status of the Covid-19 pandemic.

Terminal fraud attacks in Europe drop during the Covid-19 pandemic

Terminal fraud attacks in Europe drop during the Covid-19 pandemicEAST has published a European Payment Terminal Crime Report covering 2020 which shows that terminal related fraud attacks have dropped significantly during the Covid-19 pandemic.

Terminal related fraud attacks were down 64% (from 18,217 to 6,523 incidents). Card skimming fell to another all-time low (down from 1,496 to 656 incidents) and transaction reversal fraud (TRF) at ATMs decreased by 97% (down from 9,054 to just 250 incidents). Total losses of €218 million were reported, down 14% from the €249 million reported during 2019. Most losses remain international issuer losses due to card skimming, which were €183 million.

EAST Executive Director Lachlan Gunn said, “2020 was a highly unusual year due to the Covid-19 pandemic, and crime and fraud patterns changed accordingly.  While it is good news to see such a significant fall in terminal fraud attacks, there is concern that explosive attacks at ATMs have only fallen by 6%, and that related losses are up by 39%.  The average cash loss for a solid explosive attack is estimated at €28,218, and collateral damage to equipment and buildings can be significant.  There are also major safety issues.  Despite national lockdowns and border closures, mobile organised crime groups continued to operate across Europe.

ATM related physical attacks were down 19% (from 4,571 to 3,722 incidents).  Attacks due to ram raids and ATM burglary were down 33% (from 1,122 to 749 incidents).  ATM explosive attacks (including explosive gas and solid explosive attacks) were down 6% (from 977 to 923 incidents).  Losses due to ATM related physical attacks were €22.4 million, a 1% increase from the €22.1 million reported during 2019.  47% of these losses were due to explosive attacks, which were up 39% from €10.49 to €14.59 million.

ATM malware and logical attacks against ATMs were up 44% (from 35 to 129) and all the reported attacks were Black Box attacks.  A Black Box attack is the connection of an unauthorised device which sends dispense commands directly to the ATM cash dispenser, in order to ‘cash-out’ or ‘jackpot’ the ATM.  Related losses were up 14% from €1.09 to €1.24 million.  Most such attacks remain unsuccessful.

A summary of the report statistics under the main headings is in the table below.

The full Crime Report is available to EAST Members (National, Global and Associate)

EAST EGAP holds 15th Meeting

The 15th Meeting of the EAST Expert Group on ATM and ATS Physical Attacks (EGAP) took place on Wednesday 3rd March 2021.  Due to the Covid-19 situation, it was conducted as a virtual meeting and was chaired by Graham Mott of  the LINK Scheme.

The meeting was attended by 54 key representatives from Law Enforcement, Terminal Deployers, ATM Networks and Security Equipment Vendors.

  • Europol gave a central assessment of the ATM physical attack situation in Europe.
  • The ECB gave an update on the latest bank notes in circulation, cash usage statistics, and Intelligent Banknote Neutralisation Systems (IBNS) used in the Euro area.
  • National Threat Assessments were shared by representatives from 17 countries:
CountryUpdate(s) Given By
AustriaCriminal Intelligence Service
BrazilTecBan
FinlandAutomatia / National Bureau of Investigation
FranceGendarmerie - OCLDI
GermanyBKA
GreeceHellenic Police
HungaryNational Bureau of Investigation
IrelandAn Garda Siochana
ItalyMIB
LuxembourgService de Police Judiciare
NetherlandsNational Police
PolandNational Police HQ
PortugalPolicia Judiciare / Policia de Seguranca Publica
RomaniaRomanian Police - CID
SpainGuardia Civil / Autonomous Police of Catalonia
SwitzerlandFederal Office of Police (FEDPOL)
United KingdomSaferCash / West Midlands Police (ROCU)

Experts from the following organisations also particpated in the meeting:  ATM Safe, Barclays, Cennox, Diebold Nixdorf, Feerica S.A., Gunnebo, HSBC, Malta Police Force, NCR, Oberthur Cash Protection, Payment Services Austria (PSA), Petersen-Bach A/S, Professional Witnesses Group,  Spinnaker, Swedish Police, TMD Security.

EAST EGAP is a European specialist expert forum for discussion of ATM,  ATS and CIT related physical attack trends, attack methodologies and counter-measures, threat protection, and for the provision of regularly updated lists of manufacturers of ATM protective devices. The latest lists can be downloaded from the ‘Stained Banknotes’ page on this website (bottom of page).

The Group meets twice each year to enable in-depth and technical discussion to take place. The areas covered include:

  • The latest incidents and criminal MOs
  • The collection and distribution of best practice guidelines
  • The evolution of threats and counter-measures
  • Lessons from and on law enforcement