13 Indicted in $2M Bluetooth Skimmer Scam

Thirteen men were indicted this week for allegedly using Bluetooth-enabled skimmers to steal more than $2 million from customers at gas stations across the Southern United States.

Thirteen men were indicted this week for allegedly using Bluetooth-enabled skimmers to steal more than $2 million from customers at gas stations across the Southern United States between 2012 and 2013.

Documents released on Tuesday by the offices of Manhattan District Attorney Cyrus R. Vance, Jr. claim that the four lead defendants attached small skimming devices to gas pumps at Raceway and RaceTrac stations in Texas, Georgia and South Carolina to steal credit card information.

Skimmers are devices criminals can clandestinely affix to the front of ATMs to glean credit and debit card information, along with corresponding PIN data without customers knowledge.

Skimmers can come in many forms; card readers can be attached to the front of an ATM’s credit card slot and in some cases a keylogger can be laid over the ATM’s pin pad to monitor users’ passcodes. In this case, the devices were implanted internally, making them practically invisible to drivers while pumping gas.

The devices were also Bluetooth-enabled, which made it so the men didn’t have to physically remove them to get user information, they could simply download the stolen card and PIN numbers wirelessly while doing something as arbitrary as filling their tank.

From March 26, 2012 to March 28, 2013 the defendants transferred the information to bogus cards and made a series of withdrawals and deposits to specialized bank accounts – 70 in total – across Manhattan. As part of the ruse, some men withdrew money at banks in Nevada and California as well, according to documents.

According to the DA, while approximately $2.1 million was stolen and subsequently laundered, the defendants kept each of their transactions to under $10,000 as to not raise suspicions and to “avoid any cash transaction reporting requirements imposed by law.”

Four men, Garegin Spartalyan, Aram Martirosian, Hayk Dzhandzhapanyan and Davit Kudugulyan are the lead defendants in the case. The men were arrested last March and now are being charged with a slew of crimes, 426 counts in all, money laundering, criminal possession of stolen property and grand larceny, just to name a few. Nine other men are also being charged in the case with felony counts of money laundering in either the second or third degree.

Skimmers and the cybercrime rings that use them have grown more advanced in recent years. If ATM users suspect a machine has been compromised, it’s usually best practice to give the credit card slot a shake as the devices are usually attached to the machine. In this case the skimmers were internal, meaning there was no way the customers at the gas stations knew they were vulnerable.

A skimming ring in 2012 extracted $200,000 from patrons at Wrigley Field in Chicago in 2012. In that case, service employees at Wrigley who were in on the scam swiped victims’ cards using a small reader. Elsewhere, a separate ring in 2010 was found to have planted skimmers with custom-made credit card slots at 200 gas pumps across Utah.

Suggested articles

Modern Cybercrime: It Takes a Village

Today’s financial cyber-rings have corporate insider and management roles — cybercrime is not just just for hackers and coders anymore.


Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.