A federal judge this week sentenced a man in Springfield, Massachusetts, to prison because he hacked ATMs to make them spew money. It will be the first time someone in the U.S. goes to prison for this form of ATM hacking known as “jackpotting.”
The Department of Justice announced on Wednesday that 22-year-old Argenys Rodriguez will spend 12 months and one day in prison. The DOJ revealed in February it had charged Rodriguez and Alex Alberto Fajin-Diaz for their alleged involvement in a jackpotting scheme. Security blogger Brian Krebs reported a month earlier that the Secret Service had been informing banking institutions that hackers were installing hardware and software in ATMs that would make the machines empty out all their cash. Before then, jackpotting was only known to be a major problem outside of the U.S., particularly in Europe and Asia.
According to the DOJ, the hackers involved in Rodriguez’s scheme dressed as technicians and installed malware on an ATM, then others used the malware to jackpot the machines. Court documents show they used the Ploutus malware, which allows attackers to jackpot ATMs from a smartphone.
Police in Cromwell, Connecticut, found Fajin-Diaz and Rodriguez near an ATM that was spewing cash on January 27, after Citizen Bank investigators had alerted authorities of suspicious activity. Police searched the suspects’ car and found the tools needed to turn an ATM into a jackpot slot. The men had approximately $US5,600 ($7,754) in cash on them, but authorities soon found out the two men, along with other partners, had taken $US63,200 ($87,515) from the machine. Five days earlier, the operation had jackpotted $US63,820 ($88,374) from an ATM in Rhode Island.
Both Rodriguez and Fajin-Diaz, who is a Spanish citizen, pleaded guilty of conspiracy to commit bank fraud. Fajin-Diaz is still awaiting sentencing.
In addition to his prison sentence, Rodriguez will have two years of supervision and have to pay a restitution of $US121,355.38 ($168,045).