Thieves take advantage of bank software bug to steal $1 million from cash advance machines without overdrawing accounts

// October 31st, 2012 // Hacking and Security


ATM machineCitigroup software includes a mechanism intended to prevent the same “cash advance kiosk” withdrawal from being posted twice to an account.  If near identical, near simultaneous transactions are submitted, the system is programmed to ignore all but one of the transactions.  Thieves in California and Nevada discovered the flaw and took advantage of it.

Alleged ringleader Ara Keshishyan recruited at least 13 people to make transactions from different cash advance kiosk locations in at least 11 casinos around California and Nevada.  The withdrawals were made against the same account with requests of the same amount submitted simultaneously at the cash advance kiosk.  The money was then transferred to other Citibank checking accounts.  The thieves would then withdraw the funds from the various Citibank checking accounts using ATM machines located throughout the casinos.  Withdrawals were kept below $10,000 to avoid detection.

The thieves netted more than $1 million for their efforts which they promptly spent at the casinos (and were subsequently granted “high roller” status for their once-in-a-lifetime gambling binge).

Geek wear at Ivy and Pearl Boutique

« « Previous Article: 5 Japanese Android mobile application developers arrested for embedding personal information-stealing malware in Android applications     » » Next Article: The hidden Deep Web (Undernet) easy HOWTO – road to enlightenment or highway to hell?

Leave a Reply

You must be logged in to post a comment.

%d bloggers like this: