The FBI has arrested 14 people for exploiting a Citibank security protocol used to scam more than $1 million from the financial firm.
Ara Keshishyan, 29, of Fillmore, California, was charged with initiating the scam and recruiting accomplices. After creating new Citibank accounts, scammers visited casinos in California and Nevada to use cash advance kiosks from where they could withdraw several times the deposited amount within 60 seconds.
Keeping withdrawals below $10,000, they avoided federal transaction reporting requirements that would have prompted Citibank auditors to investigate the breach and alert authorities.
â€œWhen inside the casino, the conspirators, including Keshishyan, used cash advance kiosks at casinos in California and Nevada to withdraw (all within 60 seconds) several times the amount of money deposited into the accounts, by exploiting the Citibank security gap they discovered,â€ according to an FBI statement.
With all 14 scammers charged with conspiracy to commit bank fraud and illegal financial transactions, Keshishyan was charged with 14 counts of bank fraud. U.S. Homeland Security Secretary Janet Napolitano did issue a warning that banks are actively targeted by hackers, saying that most attacks happen in cyberspace rather than via physical access to devices.
“Right now, financial institutions are actively under attack,” said Napolitano. “We know that. I’m not giving you any classified information. I will say this has involved some of our nation’s largest institutions. We’ve also had our stock exchanges attacked over the last [few] years, so we know… there are vulnerabilities.“
Earlier this month, Wells Fargo, JP Morgan Chase, Bank of America and others were taken offline through a series of DDoS attacks and Napolitano feared they could spread to the nationâ€™s control systems.
“If you think that a critical systems attack that takes down a utility even for a few hours is not serious, just look at what is happening now that Mother Nature has taken out those utilities,” said Napolitano.