In Kyiv, a criminal group that specialized in secretly infiltrating the service parts of ATMs and further infecting the operating system of ATMs with malicious software code, which led to the unauthorized withdrawal of funds, was neutralized. Ukrainian banks suffered damage in the amount of more than 5 million hryvnia, and similar cases of infection of ATMs took place in the Lviv and other regions of Ukraine.
Employees of the Cyber Police Department of the National Police of Ukraine, together with employees of the Carpathian Cyber Police Department and the Darnitsky UP GUNP (Police Department of the Main Directorate of the National Police) received permission to conduct searches at places of residence, places where virus software was developed and in cars.
And already on May 13, 2016, it was quickly established that this group of people was preparing for the next infection of an ATM in the city of Kyiv, and it was decided to detain the criminals red-handed.
So, in the city of Kyiv, at 6 Grishko Street, cyber police officers carried out a set of measures and four members of the criminal group were detained in the act.
6 minute video available:
After carrying out procedural measures at the crime scene, 10 authorized searches were carried out in the city of Kyiv, Kyiv and Lviv regions. More than 20 pieces of computer equipment and about 50 bank cards issued both in the names of the defendants and foreign persons were discovered and seized.
In addition, parts of ATMs (displays, receipt printers, cassettes, card readers and hard drives) were seized at the place of residence of the detainees. Draft records and accounting records confirming illegal activities, POS terminals, as well as a device for reading/writing technical information on magnetic tapes of bank cards were seized.
What is noteworthy is that two ATMs were seized, which were purchased by criminals for the purpose of testing malicious code and improving it. As you can see in the photo above, ATMs or parts thereof previously belonged to the Ukrainian bank Nadra, which had its banking license revoked in mid-2015. The bank's property was sold at electronic auctions and in other ways. Apparently, this is how the criminals acquired the ATMs of this bank.
All detainees are citizens of Ukraine. One of the attackers is from the Lviv region, the others are from the Lugansk and Dnepropetrovsk regions. Law enforcement officers suspect the detainees of involvement in 30 cases of money theft throughout Ukraine. The malicious software, according to the Cyber Police, was developed by the attackers themselves. However, I would like to remind you of a similar situation - infecting ATMs with viruses and detaining criminals. Then the opinion was voiced that not only Diebold ATMs are susceptible to vulnerabilities (the Wincor Nixdorf ProCash ATM is pictured above), and virus software can be sold on underground forums. As we see, this actually happened.
Employees of the Cyber Police Department of the National Police of Ukraine, together with employees of the Carpathian Cyber Police Department and the Darnitsky UP GUNP (Police Department of the Main Directorate of the National Police) received permission to conduct searches at places of residence, places where virus software was developed and in cars.
And already on May 13, 2016, it was quickly established that this group of people was preparing for the next infection of an ATM in the city of Kyiv, and it was decided to detain the criminals red-handed.
So, in the city of Kyiv, at 6 Grishko Street, cyber police officers carried out a set of measures and four members of the criminal group were detained in the act.
6 minute video available:
After carrying out procedural measures at the crime scene, 10 authorized searches were carried out in the city of Kyiv, Kyiv and Lviv regions. More than 20 pieces of computer equipment and about 50 bank cards issued both in the names of the defendants and foreign persons were discovered and seized.
In addition, parts of ATMs (displays, receipt printers, cassettes, card readers and hard drives) were seized at the place of residence of the detainees. Draft records and accounting records confirming illegal activities, POS terminals, as well as a device for reading/writing technical information on magnetic tapes of bank cards were seized.
What is noteworthy is that two ATMs were seized, which were purchased by criminals for the purpose of testing malicious code and improving it. As you can see in the photo above, ATMs or parts thereof previously belonged to the Ukrainian bank Nadra, which had its banking license revoked in mid-2015. The bank's property was sold at electronic auctions and in other ways. Apparently, this is how the criminals acquired the ATMs of this bank.
All detainees are citizens of Ukraine. One of the attackers is from the Lviv region, the others are from the Lugansk and Dnepropetrovsk regions. Law enforcement officers suspect the detainees of involvement in 30 cases of money theft throughout Ukraine. The malicious software, according to the Cyber Police, was developed by the attackers themselves. However, I would like to remind you of a similar situation - infecting ATMs with viruses and detaining criminals. Then the opinion was voiced that not only Diebold ATMs are susceptible to vulnerabilities (the Wincor Nixdorf ProCash ATM is pictured above), and virus software can be sold on underground forums. As we see, this actually happened.
