2 million stolen from gas station ATMs with Bluetooth-enabled skimmers

Pierluigi Paganini January 24, 2014

A criminal organization hit gas station ATMs located in South America. The gang used Bluetooth-enabled skimmers to steal 2 million dollars from customers.

Here we are again to write on another huge Credit Card theft that hit ATMs located at Gas Stations  in Texas, Georgia, and South Carolina. US prosecutors have charged 13 members of a criminal gang accused of stealing $2 million from customers,  the gang used a Bluetooth-enabled skimmers hidden inside pump ATMs.

The  Bluetooth-enabled skimmers used is an undetectable device are able to capture credit card data, this information were used to clone customers’ card  and use them to  draw cash  from ATMs in other states.

The skimmers were installed internally ATMs and was not detectable by visual inspection, criminals used Bluetooth channel to take the stolen card information. Be aware, the criminals captured also customers PIN from the gas pumps, the cloned card were used to withdraw money from the ATMs in New York. The criminals preferred to hit Gas Station ATMs, and not the bank ATMs, that are generally better protected.

Between March 2012 and March 2013, the gang has stolen $2.1 million from ATMs in California, Manhattan and Nevada, the criminals adopted the necessary precautions to avoid detection, for example making transaction under the $10,000 threshold used to trigger control fraud.

Bluetooth data skimmers


The criminals have spread the stolen amount in at least 70 different bank accounts to make harder its localization.

“By using skimming devices planted inside gas station pumps, these defendants are accused of fueling the fastest growing crime in the country. Cybercriminals and identity thieves are not limited to, any geographic region, working throughout the world behind computers.” “Each of the defendants’ transactions was under $10,000. They were allegedly structured in a manner to avoid any cash transaction reporting requirements imposed by law and to disguise the nature, ownership, and control of the defendants’ criminal proceeds. From March 26, 2012, to March 28, 2013, the defendants are accused of laundering approximately $2.1 million.” said Manhattan District Attorney Cyrus R. Vance. 
All the defendants are charged with Money Laundering, four members of the gang (Garegin Spasrtalyan, age 40, Aram Martirosian, age 34, Hayk Dzhandzhapanyan, age 40, and Davit Kudugulyan, age 42) considered as the leaders are charged with Money Laundering theft and possession of a forgery device and forgery instruments.
The principal problems in a data breach is persecution of criminals that operate on a large-scale, in many cases like the attack against Target retailer, the data are sold on the underground market instead directly used by the thieves. Law enforcement has also noted that cyber criminals speculated on the sale of stolen credit card data with supplementary information (e.g. Geographic region) to increase the value of commodities.
Technological evolution is favoring criminals that could adopt for their illegal activities devices, like Bluetooth-enabled skimmers, even more sophisticated and had to detect, investigators believe that the attacks against gas station have gone undetected for a long period.

 If you do not take more security measures, such as the use of credit card based on a microchip, the risk to users can be greatly enhanced.


[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs –  Credit Card data theft, Bluetooth skimmers)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment