ATM / POS Fraud , Fraud Management & Cybercrime

Polish Police Arrest Two Belarusians for ATM Hacking

Jackpotting Attacks Cause ATMs to Cash Out on Demand
Polish Police Arrest Two Belarusians for ATM Hacking
ATM hacking items seized by Polish police (Source: Poland's Bydgoszcz police department)

Coordinated police operations across seven European countries resulted in the arrest of two Belarusian hackers by Polish authorities for allegedly committing black box attacks against ATMs. Such attacks cause an ATM cash dispenser to dispense cash on demand.

See Also: OnDemand Webinar | Cloud applications: A Zero Trust approach to security in Healthcare

The two were arrested in Poland, after a Europol-led police investigation found that the criminals had allegedly committed dozens of ATM attacks across at least seven European countries, stealing an estimated $260,000 in cash. The criminals always targeted the same brand and model of ATM, Europol said (see: ATM Attacks: Terminal Fraud Dives in Europe During Pandemic).

"The arrested men, ages 26 and 29, are members of a group that uses black box devices to break into ATMs in several European countries, including Poland," says Poland's Bydgoszcz police department.

In black box attacks against ATMs, criminals access ATM wires by drilling holes or melting parts of the ATM to physically connect the machine to a laptop, which then sends relay commands that force it to eject all of its cash.

The Operation

Poland's Bydgoszcz police department says one of the attempts to break into an ATM in June caught its attention. Police found that the casing of an ATM had been damaged and its cables cut, and a black box device connected to it was transmitting cash withdrawal orders.

Polish police shared this information with police officers from Germany, Austria, Switzerland, the Czech Republic, Slovakia, the Netherlands and Denmark at a meeting in Europol’s headquarters in The Hague.

"The joint work of police from Bydgoszcz and Żnin made it possible to establish that using a similar method, there were at least 7 similar burglaries or attempts to make them in several provinces," the Bydgoszcz police department reports. "This international cooperation, coordinated by Europol officials … resulted in the personalization of group members, establishing one of the cars in which the criminals were driving and establishing the method and manner of their operation."

The two men were detained in a parking lot in the city of Bydgoszcz in Poland. During their arrest, the men, who were in a BMW X5, were found to have tools, telephones and laptops that could be used during ATM break-ins, and money that apparently had been stolen from ATMs was secured by the officials.

The police say that further investigation has begun. "Today, we know that the arrested could have made at least 13 burglaries into ATMs with the use of a black box. Not all of them ended in stealing money," the Bydgoszcz police department notes. "Police and prosecutors, in cooperation with Europol, will determine whether, and if so, where, the men detained in Warsaw committed crimes and who cooperated with them."

Previous Operations

A similar coordinated police operation in Europe in 2017 resulted in the arrest of 17 suspects as part of an EU-wide investigation into ATM black box attacks. Europol's European Cybercrime Center and the EU Joint Cybercrime Action Taskforce helped coordinate operations, which led to police in seven countries making arrests (see: Police Bust ATM Black Box Hacking Suspects).

The 28 European countries that participate in the European ATM Security Team, or EAST, report total black box losses in Europe increased from $1.3 million in 2019 to $1.5 million in 2020. But "most such attacks remain unsuccessful," EAST says (see: 'Black Box' and Physical Attacks Against ATMs Surge).


About the Author

Prajeet Nair

Prajeet Nair

Principal Correspondent

Nair is principal correspondent for Information Security Media Group's global news desk. He has previously worked at TechCircle, IDG, Times Group and other publications where he reported on developments in enterprise technology, digital transformation and other issues.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.