Prosecutors of the Directorate for Investigating Organized Crime and Terrorism (DIICOT) have detained eight persons, Romanian and Moldovan nationals, accused of being part of a grouping that has hacked with help of a computer virus several ATMs belonging to some banks in Romania, Hungary, the Czech Republic, Spain and Russia.
According to a DIICOT release, the grouping has activated for almost one year, from December 2014 to October 2015.
The prosecutors say the hacking method – ‘Jackpotting’ – applied to certain automatic teller machines (NCR-type terminals), which were not inwalled into the bank, thus allowing easy manipulation. The target ATMs were those with electronic modules (including the computer) that could be opened and tilted using an universal key, and had CD-ROM units – a necessary component for installing and introducing a virus of the “ulssm.exe” type; the virus was set to run properly only during the weekends. The alarm systems were annihilated by applying adhesive tape on the micro relay / alarm sensor. After extracting the cash, the virus was automatically wiped out by its user, leaving only traces of the soft for subsequent identification.
The virus allowed cash releases without using bank cards. Money was withdrawn gradually, 4,000 lei at a time.
The DIICOT mentions that an agreement was signed to shape a common investigation team among Romania, the Republic of Moldova and the United Kingdom, with logistic support and financing from the European Union’s Judicial Cooperation Unit (Eurojust).