Two Venezuelan nationals have been charged with federal crimes after authorities accused them of carrying out a major ATM hacking scheme in central Oklahoma. According to the Department of Justice’s Western District of Oklahoma, the suspects allegedly stole more than $235,000 from several ATMs by installing malware inside the machines.
The suspects have been identified as Ender Enrique Munoz Perez, 30, and Angel Raphael Medina-Taguaripano, 24. Investigators say the two men were involved in a cybercrime technique known as ATM jackpotting.
Authorities explained that the suspects allegedly accessed the internal computer systems of the ATMs and installed malicious software. Once the malware was activated, it allowed them to control the machines and command them to dispense cash. Officials say the scheme resulted in the theft of approximately $235,500 from machines across central Oklahoma.
Federal prosecutors said the suspects now face serious criminal charges. If convicted, they could face up to ten years in prison and fines of up to $250,000 for each count.
United states leads dismantlement of one of the world’s largest hacker forums — DOJ
How the ATM Jackpotting Scheme Worked
Cybersecurity experts say ATM jackpotting is a method used by criminals to make machines release all the cash inside them. The name comes from the idea of hitting a jackpot on a slot machine, where the machine suddenly releases a large payout.
A principal security engineer at Alias Cybersecurity, Tanner Shinn, explained that such attacks require a deep understanding of ATM machines and their systems. According to Shinn, the individuals involved in these operations usually have strong knowledge of how the machines work and how their internal software can be manipulated.
Investigators say the suspects first gained physical access to the ATM machines. Many machines use common manufacturer locks that are widely known within the industry. In some cases, keys for these locks can be purchased online. If the keys do not work, attackers can use tools designed to pick tubular locks, which can sometimes be opened within minutes.
After opening the ATM cabinet, the attackers could access the computer hardware inside the machine. Authorities say the suspects then installed malware that allowed them to control the machine’s cash dispenser. This software could send commands directly to the machine and trigger it to release money.
Experts say criminals sometimes carry their own hard drive that already contains the malware. They insert the drive into the ATM and run the malicious program. In other situations, attackers remove the original hard drive and install the malware on it if the drive is not encrypted. The drive is then placed back inside the machine so the malware can run when the system restarts.
Iran-linked hackers ramp up DDoS and malware attacks amid rising tensions
Investigators said this method allegedly allowed Ender Enrique Munoz Perez and Angel Raphael Medina-Taguaripano to withdraw large amounts of cash from multiple machines.
Security Weaknesses in ATM Machines
Cybersecurity specialists say ATM machines can become targets because many systems still rely on older technology. According to Tanner Shinn, some ATM computers continue to run operating systems such as Windows 7 or Windows 10, even though newer systems like Windows 11 are now available.
Older software may lack the latest security protections, which can create vulnerabilities that attackers may exploit. If ATM systems are not regularly updated, criminals may find ways to bypass security measures and install malicious software.
Another issue involves the physical security of ATM machines. Some machines still use simple locks that can be opened using commonly available keys or lock-picking tools. Shinn explained that criminals in such schemes may open the machines using keys designed for manufacturer locks, or they may pick weak tubular locks in a short amount of time.
Security professionals say banks and companies operating ATM machines can reduce risks by upgrading both the hardware and software used in the systems. Stronger locks can help prevent unauthorized access, while updated operating systems and encryption can help protect the machines internal computer system.
Authorities say the case involving Ender Enrique Munoz Perez and Angel Raphael Medina-Taguaripano focuses on the alleged theft of more than $235,000 from ATMs in central Oklahoma after malware was installed to control the machines and force them to dispense cash.
