Browse archive

Latest news

(IN)SECURE Magazine issue 38 released

Collected data helped foil 50 terrorist plots, says NSA chief

65+ websites compromised to deliver malvertising

Customized spam uses cell phone users’ data against them

Facebook once again accessible via Tor

Oracle releases critical security updates for Java

Employees biggest IT threat to businesses

Google asks secret court permission to publish FISA numbers

Failed backups endanger revenue and productivity

How to detect hidden administrator apps on Android

Key obstacles to effective IT security strategies

CyanogenMod founder aims to thwart data-grabbing apps

Microsoft releases Enhanced Mitigation Experience Toolkit 4.0

Hacking charge stations for electric cars

Gang steals over $1M by exploiting Citigroup e-payment flaw

Posted on 31 October 2012.

Fourteen individuals were charged following a FBI-led investigation into the theft of over $1 million from Citibank using cash advance kiosks at casinos located in Southern California and Nevada.

According to an indictment unsealed last week, the defendants stole the money by exploiting a gap - which required multiple withdrawals all within 60 seconds - in Citibank’s electronic transaction security protocols.

According to court documents, the alleged scheme worked as follows: defendant Ara Keshishyan recruited conspirators who were willing to open multiple Citibank checking accounts. He then supplied his co-defendants with “seed” money, which was deposited into the recently opened accounts.

After the money was deposited into the checking accounts, Keshishyan and his conspirators would travel to nearly a dozen casinos in California, Las Vegas and Laughlin, where they used cash advance kiosks at casinos to withdraw (all within 60 seconds) several times the amount of money deposited into the accounts.

Apparently, Citi's account reconciliation systems to treat identical, near-simultaneous withdrawals as duplicates of a single withdrawal from an individual Citi Checking account.

The indictment alleges that, after the cash was collected from the casino “cages,” Keshishyan would typically give conspirators their “cut”—and keep the remainder of the stolen funds—which were often used to gamble. The casinos frequently “comped” the conspirators with free rooms due to their extensive gambling activity. As part of the alleged scheme, the defendants were also careful to keep both their deposits and withdrawals under $10,000 in order to avoid federal transaction reporting requirements and conceal their fraud.

All of the defendants are charged with conspiracy to commit bank fraud and conspiracy to illegally structure financial transactions to avoid reporting requirements, which is punishable by up to five years in prison, and a $250,000 fine.

In addition, defendant Keshishyan is charged with 14 counts of bank fraud, each of which is punishable by up to 30 years in prison and a $1,000,000 fine. The indictment also alleges forfeiture in connection with the crimes charged.