Here's What The World Of ATM Hacking Looks Like

Wired has been covering the ongoing investigation into recurring ATM pin thefts from Citibank accounts, and their latest article tracks how Ukrainian immigrants, a ringleader back in Russia, a hacked company named Fiserv that runs Citibank-branded ATMs in 7-Elevens, and an online payment service that also offers money laundering for a small fee all come together to steal your money. It’s an amazing look at how the U.S. tries to combat the threat of ATM-related theft.

[The] undercover operation… at one point had Eastern European hackers chasing a female FBI agent through the streets of New York, trying to mug her for ATM-card-programming gear.

“Stakeouts, Lucky Breaks Snare Six More in Citibank ATM Heist” [Wired Threat Level] (Thanks to Robbie!)
(Photo: Getty)


Edit Your Comment

  1. B says:

    Know what company makes the ATMs that are apparently so easy to break into? Diebold. I’m just sayin.

  2. BillsBurg says:

    At least the thieves were using Citibank ATMs with their Citi stolen card to avoid those pesky fees!

    Speaking of fees, you’d think with the amount the banks charge maybe they would start instituting biometrics at the ATM machines, fingerprint readers for starters. Heck I go to Busch Gardens here in Williamsburg and they use fingerprint scanners that are tied to tickets.

  3. What amazes me is how many different ways people have created scams to fool atm users and the machines themselves.

    The “card trap” is one that just kills me.


    Regulation E & Z to the rescue!

  4. 3drage says:

    This stuff is more rampant and much worse than anyone knows.

  5. Silversmok3 says:

    One more reason to never keep your spending money in a bank.

    NSF fees, cash-advance charges, account maintenance fees,and now Eastern European organized larceny….looks like the Bank of Serta is the only safe place for your money.

  6. Sudonum says:

    @B: I’m not Diebold fan, but in reading the article they specifically mentioned NCR machines, not Diebold.

  7. @Silversmok3: Not with all of the bedbugs around, bitches love the paper.

  8. dotcomrade says:

    Perhaps the folks at Citibank should update the “Citi Never Sleeps” ad campaign to include their 24-hour stakeout to catch ATM bandits! It seems the news reports of Citibank reducing ATM withdrawal limits back in January– without any advance notice–was just the tip of the iceberg…



    And how ironic that they encouraged customers to use Citibank branded ATMs in

    7-Eleven stores as “transactions made at these locations, will not be assessed an ATM surcharge.” Sure Citibank won’t assess a surcharge, but the Russian mob might, by draining your account.

  9. djanes1 says:

    The world of ATM hacking looks a lot like our world, but with the colors inverted.

  10. mammalpants says:

    damnit, i thought this was about ANTM.

  11. ninjatoddler says:

    I don’t think this mission was included in GTA IV.

  12. As this stuff continues to happen, banks remain tight lipped about the whole thing, refusing to be courteous to their customers in letting them know anything useful. Sure, they ‘followed all the notification regulations’, but please. Meanwhile, customers are continually inconvenienved and stressed out by their money vanishing and Citi losing money in paying the customers back. Doesn’t it occur to anyone there to do more than just the bare minimum? God forbid they admit there’s a problem.

  13. JessicaJessica says:

    In Europe you are required to enter a PIN code for all plastic transactions, whether they be by debit or credit. This helps to eliminate credit card fraud. In addition, all online transactions require the 3 digit special code on the signature side of the card. It hasn’t eliminated fraud completely, but it’s much, much less prevalent than in the US

  14. AD8BC says:

    I love that photo of the suspect (in the linked news article) Yuriy Ryabinin at the ham radio convention… this is the annual Dayton Hamvention in Dayton Ohio held each May, which I attend annually. As a ham radio enthusiast, not a bank fraud enthusiast.

    I bet that the FCC soon revokes his ham radio license.

  15. A.W.E.S.O.M.-O says:

    @JessicaJessica: Yeah, but the problem here was that THEY STOLE THE PINS. This is purely a back-end issue.

  16. Wormfather is Wormfather says:

    The banks dont care about this, their exposure is minimal. That just sucks. The banks need to do more to protect our money instead of just formulating ways to steal it.

  17. sirellyn says:

    The ridiculous part is that the government keeps instituting measures to make it harder for average people to actually save and invest money under the guise of protection from money laundering.

  18. Myrddraal says:

    The banks are FDIC insured so they don’t give a crap that the money was stolen. They only care about the bad publicity it might generate. The actual theft costs them nothing.

    However because the bank is FDIC insured the entire country gets to pay this Russian mobster.

  19. @Myrddraal:
    The banks are FDIC insured so they don’t give a crap that the money was stolen. They only care about the bad publicity it might generate. The actual theft costs them nothing.

    However because the bank is FDIC insured the entire country gets to pay this Russian mobster.

    I believe this is untrue. FDIC-insured deposits are only repayed if the bank fails.

  20. LordofthePing says:

    This is the bank’s fault for not providing security. Can’t blame the customer if some guy in Russia is hacking into Citibank and stealing account and pin numbers.

  21. Farquar says:


    This is why I love the interweb. So long as you make you statement boldly, with no equivocation, you can claim to know anything, and a fair number of people will believe it.

    Even if you are full of shit, and have absolutely no idea what you are talking about.

    Honestly, on this point the internets aren’t too unlike the bar exam.

  22. sgtdawg says:

    I stopped using ATMs a while back. I have never looked back. There are always going to be ways around any security. Nothing is ever secure, it is a game of numbers and convenience. I give up the convenience of ATMs, for the added security.

    Banks are not in the business of security, they are in the business of money. It does not make sense to spend more on security, then you could potentialy lose in a theft. That is why banking security will always be run to minimums. As long as they meet legal regluations and requirements, they will always base the security on potential monetary loss…to them. This could be in the form of lost customers, which is why they are tight lipped about security breaches. They report what is required, if that.