Two Cybercriminals Arrested for ATM Jackpotting Scheme

Federal authorities have unveiled details of a sophisticated cybercrime operation targeting financial institutions across four states, resulting in the arrests of two Venezuelan nationals linked to the violent Tren de Aragua criminal organization.

David Jose Gomez Cegarra, 24, and Jesus Segundo Hernandez-Gil, 19, face charges of bank theft and conspiracy following a coordinated investigation by the FBI and local law enforcement agencies.

The defendants allegedly orchestrated a series of ATM “jackpotting” attacks that netted over $297,000 from credit unions and community banks between October and November 2024.

The Mechanics of ATM Jackpotting

The cybercrime technique, known formally as “ATM logical attacks,” involves physical and digital components to override secure banking systems.

Per court documents, perpetrators first gain physical access to an ATM’s internal components using specialized keys or tools.

Once inside, they either infect the machine’s hard drive with malware or replace it entirely with a compromised drive containing pre-installed malicious software.

This digital takeover allows remote control of cash dispensing mechanisms, enabling unlimited withdrawals until the ATM’s currency reserves are depleted.

Prosecutors outline a multi-state timeline beginning on October 5, 2024, when surveillance footage captured Gomez-Cegarra’s vehicle approaching a Radius Federal Credit Union ATM in Kenmore, New York.

A conspirator exited the car, accessed the machine’s interior, and installed malicious hardware within 90 seconds.

Over subsequent hours, the group executed 37 unauthorized withdrawals totaling $110,440 from that single location.

The operation expanded rapidly:

• October 6: St. Malachy’s Federal Credit Union in Framingham, Massachusetts lost $63,200
• October 17: First National Bank of Dryden (NY) suffered $13,360 in losses
• November 11: Twin attacks on Community First Bank in Mount Vernon, Illinois drained $110,440

The White House’s recent designation of Tren de Aragua as a Transnational Criminal Organization proves critical to the case.

Investigators traced financial flows and communication patterns suggesting the jackpotting proceeds funded the gang’s broader operations, including human trafficking and narcotics distribution.

Forensic analysis of malware used in the attacks matches code fragments previously deployed in South American banking heists.

Investigation and Apprehension

A routine traffic stop in Mahomet, Illinois, on November 11 precipitated the arrests. Officers grew suspicious of Gomez-Cegarra and Hernandez-Gil’s conflicting travel explanations and Venezuelan identification documents.

Subsequent searches revealed modified ATM components, $18,450 in sequentially marked bills from the Mount Vernon heist, and encrypted communication devices.

The Western District of New York’s indictment leverages the FBI’s Cyber Task Force evidence linking biometric data, vehicle GPS histories, and cryptocurrency transactions.

U.S. Attorney Michael DiGiacomo emphasized that federal bank theft charges carry stiffer penalties than traditional robbery statutes, with each defendant facing up to 30 years when accounting for sentencing enhancements tied to terrorism designations.

Radius FCU President Carla Mitchell revealed that 83% of affected ATMs used outdated Windows XP-based controllers lacking partition encryption.

The National ATM Council has since issued urgent guidelines for:

• Biometric access controls for technician panels
• Real-time transaction monitoring algorithms
• Tamper-evident holographic seals on internal components

As the case proceeds to discovery, Secret Service data shows a 214% year-over-year increase in ATM logical attacks, signaling an urgent need for regulatory action.

The arrested individuals remain in custody without bail, with deportation proceedings pending resolution of criminal charges.

Collect Threat Intelligence on the Latest Malware and Phishing Attacks with ANY.RUN TI Lookup -> Try for free