With the support of Europol, the Polish authorities have arrested two individuals committing so-called ‘Black Box’ attacks against ATMs, in which criminals connect electronic devices to a cash machine and remotely force it to spew out all its cash.
The two suspects – both Belarusian nationals, were arrested in Warsaw on 17 July.
The investigation uncovered that these criminals committed dozens of ATM attacks in at least seven European countries, stealing an estimated €230 000 in cash. The criminals were always targeting the same brand and model of ATM.
The criminals would gain access to the ATM wires by drilling holes or melting parts of it in order to physically connect the machine to a laptop which was then used to send relay commands that caused the machine to dispense all its cash.
- Europol, supported by the Joint Cybercrime Action Taskforce (J-CAT), brought together the national investigators on both sides who have since been working closely together to prepare for the action day;
- Since then, Europol has provided continuous intelligence development and analysis to support the field investigators;
- Europol has been working closely with the ATM manufacturer targeted by these criminals, making the link with the different law enforcement authorities involved in the investigation.
This operation was carried out in the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT).
The following law enforcement authorities took part in the investigation:
- Poland: Provincial Police of Bydgoszcz and District of Żnin
- Germany: Federal Criminal Police Office (Bundeskriminalamt), Police Headquarters Brandenburg (Polizeipräsidium Brandenburg)
- Austria: Regional Criminal Police of Niederosterreich (Landeskriminalamt Niederosterreich)
- Switzerland: Federal Police (fedpol)
- Czech Republic: Bureau of Criminal Police and Investigation Service (Urad sluzby kriminalni policie a vysetrovani)
- Slovakia: Police Force of the Slovak Republic (Policajný zbor Slovenskej republiky)
In 2010 the European Union set up a four-year Policy Cycle to ensure greater continuity in the fight against serious international and organised crime. In 2017 the Council of the EU decided to continue the EU Policy Cycle for the 2018 – 2021 period. It aims to tackle the most significant threats posed by organised and serious international crime to the EU. This is achieved by improving and strengthening cooperation between the relevant services of EU Member States, institutions and agencies, as well as non-EU countries and organisations, including the private sector where relevant. Payment fraud is one of the priorities of the Policy Cycle.