London Authorities Nab Suspect in $2.6Mn ATM Heist

Cyber-hits on ATMs are getting more frequent, but the authorities seem to be catching up: A man in the UK has been arrested in conjunction with a significant $2.6 million cash machine heist.

An eastern European organized crime gang is believed to be behind the theft, and is suspected to have used malware as part of a two-pronged strategy to steal the funds from 51 ATMs in several stand-alone public places, including in Blackpool, Brighton, Doncaster, Liverpool, London, Portsmouth and Sheffield.

Over the May Day holiday weekend this year, when streets were busy and crowded, each machine was systematically and physically broken into and infected with malware before large amounts of cash were withdrawn. Detectives believe the malware subsequently deleted itself, making it difficult to identify the cause of the attacks. The physical nature of the attacks meant customer data was not compromised.

The attack is becoming a pattern—Kaspersky Lab recently warned of an uptick in combined physical/cyber-attacks on ATMs.

“Over the last few years, we have observed a major upswing in ATM attacks using skimming devices and malicious software,” explained Vicente Diaz, principal security researcher at Kaspersky Lab. “Now we are seeing the natural evolution of this threat with cyber-criminals moving up the chain and targeting financial institutions directly.”

The London Regional Fraud Team (LRFT), a specialist unit containing detectives from British Transport Police, City of London Police and the Metropolitan Police Service, has now arrested one such alleged perpetrator, a 37-year-old man at a house in Portsmouth.

“An extensive, intelligence-led investigation has uncovered what we believe is an organized crime gang systematically infecting and then clearing cash machines across the UK using specially created malware,” said DI Dave Strange, head of the LRFT, in a statement. “Cyber-enabled crime presents a major threat to our public and private sectors, and to an increasing number of citizens. The only way to tackle this is by law enforcement and counter-fraud agencies working in alliance, which is exactly what the London Regional Fraud Team and National Crime Agency have done over several months, culminating in today’s arrest.”

The as-yet-unnamed man was arrested on suspicion of conspiracy to defraud and is currently in custody. Meanwhile, an address in Edmonton, London is also being searched as part of the operation.

Nigel Kirby, deputy director for the NCA's Economic Crime Command, added that "The NCA provides specialist support to partners to present a collaborative response to serious and organized crime. This operation represents a significant disruption against a sophisticated criminal enterprise who used specialist malware to target cash points and steal large quantities of cash."

What’s Hot on Infosecurity Magazine?