Browse archive

Latest news

Fighting cybercrime is on the right track

Google set to upgrade its SSL certs

IT security pros have trouble communicating with executives

Zeus variants are back with a vengeance

Facebook phishers target Fan Pages owners

Killer apps: The performance of networked applications

Is it time to professionalize information security?

Google researcher reveals another Windows 0-day

Twitter finally offers 2-factor authentication

DHS employees' info possibly compromised due to system flaw

Teens are into online sharing, but are also more privacy-aware

The dangers of downloading software from unofficial sites

Microsoft decrypts Skype comms to detect malicious links

Review: Logging and Log Management

Hacking charge stations for electric cars

Gang steals over $1M by exploiting Citigroup e-payment flaw

Posted on 31 October 2012.

Fourteen individuals were charged following a FBI-led investigation into the theft of over $1 million from Citibank using cash advance kiosks at casinos located in Southern California and Nevada.

According to an indictment unsealed last week, the defendants stole the money by exploiting a gap - which required multiple withdrawals all within 60 seconds - in Citibank’s electronic transaction security protocols.

According to court documents, the alleged scheme worked as follows: defendant Ara Keshishyan recruited conspirators who were willing to open multiple Citibank checking accounts. He then supplied his co-defendants with “seed” money, which was deposited into the recently opened accounts.

After the money was deposited into the checking accounts, Keshishyan and his conspirators would travel to nearly a dozen casinos in California, Las Vegas and Laughlin, where they used cash advance kiosks at casinos to withdraw (all within 60 seconds) several times the amount of money deposited into the accounts.

Apparently, Citi's account reconciliation systems to treat identical, near-simultaneous withdrawals as duplicates of a single withdrawal from an individual Citi Checking account.

The indictment alleges that, after the cash was collected from the casino “cages,” Keshishyan would typically give conspirators their “cut”—and keep the remainder of the stolen funds—which were often used to gamble. The casinos frequently “comped” the conspirators with free rooms due to their extensive gambling activity. As part of the alleged scheme, the defendants were also careful to keep both their deposits and withdrawals under $10,000 in order to avoid federal transaction reporting requirements and conceal their fraud.

All of the defendants are charged with conspiracy to commit bank fraud and conspiracy to illegally structure financial transactions to avoid reporting requirements, which is punishable by up to five years in prison, and a $250,000 fine.

In addition, defendant Keshishyan is charged with 14 counts of bank fraud, each of which is punishable by up to 30 years in prison and a $1,000,000 fine. The indictment also alleges forfeiture in connection with the crimes charged.