Hidden Content
ATM users had their cards read and bank accounts pillaged.

A member of an ATM skimming ring has landed in jail after participating in a criminal scheme that netted $400,000 from banks across Massachusetts, New York, and New Jersey.
Bogdan Rusu, of Queens, New York, previously pleaded guilty for one count of conspiracy to commit bank fraud before US District Judge Esther Salas in Newark federal court, the US Department of Justice (DoJ) said on Tuesday.

ATMs are convenient ways to access funds and are found across cities worldwide. However, it is possible to use devices called "skimmers" -- often a combination of card reader and camera -- to obtain card numbers as well as PIN codes. These numbers can then be used in the manufacture of clone cards to make fraudulent transactions.
Between August 2014 and November 2016, Rusu and other members of the group compromised ATMs across the US, targeting a variety of banks and areas.

Card skimmers were installed to capture payment card information including account and PIN numbers, which were then transferred to devices controlled by the attackers for use in counterfeit payment cards.
Victims who had unwittingly used the compromised ATMs then discovered fraudulent transactions taking place. In total, at least $390,141 was stolen from victim bank accounts.
An investigation launched by police departments across Massachusetts and Boston, the US Secret Service, the District Attorney's Office, and others led to multiple arrests.

Rusu has been sentenced to five years in prison followed by three years of supervised release. 11 other defendants involved in the ATM skimming ring have pleaded guilty.
In October, US prosecutors unsealed an indictment revealing arrests linked to a massive ATM skimmer gang believed to be responsible for hundreds of criminal operations across at least 18 states leading to the theft of at least $20 million.
If found guilty, the 18 suspects -- tracked down and arrested across the US, Italy, and Mexico -- face decades behind bars under charges of bank fraud, access device fraud, wire fraud, and aggravated identity theft.

According to Positive Technologies, the average ATM takes no longer than 20 minutes to be hacked. After testing ATMs from NCR, Diebold Nixdorf, and GRGBanking, cybersecurity experts found the majority did not secure network access properly, some were susceptible to processing center communication spoofing, and, and others could be exploited for remote control.