The FBI has made arrests of more than a dozen people charged with stealing more than $1 million at casinos and resorts through simultaneous withdrawals from Citibank cash-advance kiosks.
According to informationweek.com, recently unsealed documents stated that the crime gang "stole the money by exploiting a gap — which required multiple withdrawals all within 60 seconds — in Citibank's electronic transaction security protocols."
The article further cited court documents that explained how accused ringleader Ara Keshishyan, 29, recruited other members of the gang to open multiple Citibank checking accounts, which he filled with seed money. "When inside the casino, the conspirators, including Keshishyan, used cash advance kiosks at casinos in California and Nevada to withdraw — all within 60 seconds — several times the amount of money deposited into the accounts, by exploiting the Citibank security gap they discovered."
The cash-advance-kiosk attacks highlight how motivated attackers might benefit from even the tiniest information security misstep. "While advancements in technology have created a world of accessibility to users and a convenience for consumers, they have also left room for criminals to exploit even the smallest of loopholes," said FBI special agent Daphne Hearn in a statement. The flaw exploited by attackers has reportedly now been fixed, the article reported.
Read more about ATM kiosks.