ATM fraudster jailed for cyber attack

A second member of an eastern European crime gang has been jailed for his part in a £1.6 million malware attack on UK cash machines.

Teofil Bortos, 36, from Newham, London, was jailed for seven years at the Old Bailey on Thursday (January 14) after admitting conspiracy to defraud.

Bortos’ primary role was to drive to various locations to conduct reconnaissance of ATM sites and identify possible targets for malware installation.

His sentencing comes ten months after Grigore Paladi was jailed for five years for similar offences.

Both men were part of a gang that targeted 51 cash machines in standalone public places across the UK over the 2014 May Bank Holiday weekend.

A number of the machines were located in London, with others at various locations across the country, including Bognor Regis, Brighton, Liverpool and Portsmouth.

Once Bortos had identified the machines, they were physically broken into and infected before large amounts of cash were withdrawn.

The malware subsequently deleted itself, making it difficult to identify the cause of the theft. However, the physical nature of the attacks meant customer data was not compromised.

Detective Inspector Matt Mountford, head of the London Regional Fraud Team (LRFT), said: “Teofil Bortos was a key part of a gang that executed a well-planned, highly sophisticated attack on cash machines located across the UK.

“His sentencing shows people who commit crimes of this nature can expect exactly the same treatment as those involved in more traditional types of theft.”

Last week Europol announced that, in conjunction with a number of authorities, it had disrupted an international criminal group responsible for ATM malware attacks.

The operation – one of the first in Europe against this kind of threat – resulted in multiple house searches in Romania and Moldova and the arrest of eight individuals.

The criminals used Tyupkin ATM malware that allowed them to manipulate and illegally empty ATMs across Europe, including the UK.

The group was involved in large scale ATM “Jackpotting”. Jackpotting refers to the use of a Trojan horse – a piece of malicious computer code disguised to look harmless – to target an ATM, allowing the attackers to empty the ATM cash cassettes.

Wil van Gemert, Deputy Director of Operations at Europol, said: “The sophisticated cybercrime aspect of these cases illustrates how offenders are constantly identifying new ways to evolve their methodologies to commit crimes.

“To match these new technologically savvy criminals, it is essential, as it was done in this case, that law enforcement agencies cooperate with their counterparts via Europol to share information and collaborate on transnational investigations.”