Posted on 12/20/2025 9:43:16 PM PST by Red Badger
Federal prosecutors say the Biden‑era border crisis produced one of the most brazen cybercrime cases in years. The Department of Justice charged 54 alleged members of the Venezuelan terror gang Tren de Aragua with using sophisticated malware to loot millions from U.S. ATMs and funnel the cash back to their criminal network.
The U.S. Attorney’s Office for the District of Nebraska unsealed two sweeping indictments charging 54 individuals for their alleged roles in a nationwide ATM “jackpotting” conspiracy tied to the violent Venezuelan criminal organization Tren de Aragua (TdA). Prosecutors say the group deployed sophisticated malware to force ATMs across the United States to dispense cash, stealing millions of dollars and funneling the proceeds back to TdA leadership.
The first indictment, returned December 9, 2025, charges 22 defendants with crimes including conspiracy to provide material support to terrorists, conspiracy to commit bank fraud and bank burglary, computer‑related fraud, and money laundering. Prosecutors allege that TdA used the jackpotting scheme as a revenue stream to support its broader criminal activities, which span drug trafficking, extortion, kidnapping, and acts of violence throughout the Western Hemisphere.
On President Donald Trump’s first day in office, he designated TdA as a Foreign Terrorist Organization, bringing powerful legal and financial tools to bear, Breitbart Texas reported. More recently, the U.S. Department of War began engaging suspected TdA narco-trafficking boats.
(Excerpt) Read more at breitbart.com ...
FROM BRAVE AI:
ATM jackpotting is a cyber-physical crime where attackers exploit vulnerabilities in automated teller machines (ATMs) to force them to dispense large amounts of cash on command, often described as “hitting the jackpot” like a slot machine.
This attack combines physical access and cyber techniques, typically involving the installation of malware or a “black box” device, such as a Raspberry Pi, connected to the ATM’s internal cash dispenser or USB port.
Once connected, the attacker can send unauthorized commands to the machine to dispense cash without requiring a card or PIN.
The most commonly used malware in these attacks is Ploutus, which first appeared in Mexico in 2013 and has been linked to losses exceeding $450 million globally.
A variant known as Ploutus-D was first observed in 2017 and is capable of remote control via SMS, allowing attackers to trigger cash dispensing without being physically present.
The malware is designed to delete evidence of its presence to avoid detection, making it difficult for bank staff to identify the breach.
In December 2025, the U.S. Department of Justice announced the indictment of 54 individuals in a large-scale ATM jackpotting conspiracy linked to Tren de Aragua (TdA), a Venezuelan gang designated a foreign terrorist organization by the U.S. State Department.
The operation, which relied on recruiting individuals to deploy Ploutus malware across the U.S., reportedly resulted in 1,529 incidents since 2021 and losses of approximately $40.73 million by August 2025.
The stolen funds are alleged to have been used to fund terrorist activities and other criminal operations.
Attackers often conduct reconnaissance to identify vulnerable ATMs, typically standalone machines in low-traffic or isolated locations, and may dress as service personnel to avoid suspicion.
The process involves either replacing the ATM’s hard drive with a preloaded malicious one or inserting a USB drive containing the malware.
Once deployed, the malware enables a “money mule” to dispense thousands of dollars in minutes using a master key, a physical keyboard, and an activation code provided by the operation’s leader.
Other malware families involved in such attacks include Anunak (also known as Carbanak), which allows remote control of infected ATMs and can capture keystrokes and screen activity to steal card data.
While physical access is the most common method of infection, some advanced attacks involve compromising the bank’s internal network to install malware remotely.
To prevent jackpotting, banks are advised to implement robust security measures, including regular software updates, disabling auto-boot functions, securing the ATM’s head compartment, using surveillance systems, and monitoring for suspicious activity such as tampering or unauthorized devices.
The U.S. Secret Service and other agencies have issued warnings and advisories to manufacturers and financial institutions to strengthen ATM security.
AI-generated answer. Please verify critical facts.
RE:
...to support its broader criminal activities, which span drug trafficking, extortion, kidnapping, and acts of violence throughout the Western Hemisphere.
I would have expected to see the sort of authentication and authorization mechanisms in ATMs that would prevent this sort of thing.
I’m sure, though, that now that it’s costing banks money we’ll see them added.
Maybe, after they’ve figured out how to do it, we can add the same security to our voting machines?
Those indulging in this particular criminal activity not only need to be served with American justice, but have it served in such a way as to provide a very blunt lesson to others wishing to follow in the same criminal footsteps. In other words, justice beyond normal methods like jail sentences.
They deal in death, so the punishment should fit their crimes.
34 countries have the death penalty for illegal drug smuggling. We should do the same............
Attackers exploit vulnerabilities in automated teller machines
ATM’s technology at it’s lowest.
Test retest and test again until you get it right.
Our local credit union has ATM’s that have a real person communicating with the customer. He or she may be inside the building or in Omaha or India............
Technology that works
Fotes in a voting machine to dollar bills in an ATM, not that much difference.
The process involves either replacing the ATM’s hard drive
= = =
If they can get inside to replace the hard drive, why not empty the cash at that time?
I suspect the money is quarantined from the hard drive, so you can do repairs without having easy access to the money, ie an armored portion of the ATM. I don’t know how they are constructed, but I suspect the money is in a secured area inside the device.
"I'm not a skank" comes to mind.
Squish, go see God.
This and every other fraud/theft against public institutions and government is paid for by the average consumer in the form of higher interest rates, prices, and taxes.
Just another tax from the Left.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.