Gang steals over $1M by exploiting Citigroup e-payment flaw
Posted on 31 October 2012.
Fourteen individuals were charged following a FBI-led investigation into the theft of over $1 million from Citibank using cash advance kiosks at casinos located in Southern California and Nevada.


According to an indictment unsealed last week, the defendants stole the money by exploiting a gap - which required multiple withdrawals all within 60 seconds - in Citibank’s electronic transaction security protocols.

According to court documents, the alleged scheme worked as follows: defendant Ara Keshishyan recruited conspirators who were willing to open multiple Citibank checking accounts. He then supplied his co-defendants with “seed” money, which was deposited into the recently opened accounts.

After the money was deposited into the checking accounts, Keshishyan and his conspirators would travel to nearly a dozen casinos in California, Las Vegas and Laughlin, where they used cash advance kiosks at casinos to withdraw (all within 60 seconds) several times the amount of money deposited into the accounts.

Apparently, Citi's account reconciliation systems to treat identical, near-simultaneous withdrawals as duplicates of a single withdrawal from an individual Citi Checking account.

The indictment alleges that, after the cash was collected from the casino “cages,” Keshishyan would typically give conspirators their “cut”—and keep the remainder of the stolen funds—which were often used to gamble. The casinos frequently “comped” the conspirators with free rooms due to their extensive gambling activity. As part of the alleged scheme, the defendants were also careful to keep both their deposits and withdrawals under $10,000 in order to avoid federal transaction reporting requirements and conceal their fraud.

All of the defendants are charged with conspiracy to commit bank fraud and conspiracy to illegally structure financial transactions to avoid reporting requirements, which is punishable by up to five years in prison, and a $250,000 fine.

In addition, defendant Keshishyan is charged with 14 counts of bank fraud, each of which is punishable by up to 30 years in prison and a $1,000,000 fine. The indictment also alleges forfeiture in connection with the crimes charged.





Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //