Two men charged in jackpotting scheme that drains ATMs in minutes

Share this…

As much as $50,000 taken from infected machine in Connecticut, prosecutors say. Two men have been charged with stealing as much as $50,000 through “Jackpotting,” a crime that causes malware-infected ATMs to rapidly empty their cash reserves to waiting accomplices.

Alex Alberto Fajin-Diaz, 31, of Spain, and Argenys Rodriguez, 21, of Springfield, Massachusetts, allegedly dressed as ATM repair technicians and approached a machine at the Citizen’s Bank in Cromwell, Connecticut, on January 27, according to a criminal complaint filed in US District Court in Hartford. After accessing the inside of the machine, prosecutors said, two additional males then approached the same ATM. An early investigation by Citizens Bank officials later showed that the ATM was drained of more than $50,000.

Citizens Bank investigators quickly detected some sort of anomaly while the ATM heist was in progress and called the Cromwell Police Department. Patrols who responded to the location allegedly found Fajin-Diaz and Rodriguez inside a white, two-door Honda Accord that had been captured in video surveillance of the breached ATM. As a police officer was questioning the men, he heard the ATM making sounds that are typical when it’s dispensing money. The machine proceeded to dispense 40 $20 bills.


According to the complaint, police who searched the Accord ultimately found screwdrivers, pliers, Allen wrenches, an electronic device, cables, and wires. The car also contained a bag filled with a large number of $20 bills, prosecutors said. Both men also had a large number of $20 bills in their pockets, the complaint said.

“Based on what I learned, these tools and electronic devices are consistent with the items needed to compromise an ATM… to dispense its cash contents,” Molly Reale, a special agent with the US Secret Service, wrote in the complaint.

A Honda Accord matching the same description was caught on surveillance video at a Citizens Bank ATM in Providence, Rhode Island, five days prior to the Cromwell incident. The two men in the car were also dressed as ATM repair technicians. Two other males then approached the ATM, where they spent a “considerable amount of time.” The complaint said ATMs in Hamden, Connecticut, and Guilford, Connecticut, were similarly attacked in the days before the attack on the ATM in Cromwell.

Word of the arrests comes a week after security reporter Brian Krebs reported what are believed to be some of the first jackpotting attacks to take place in the US. Those attacks used malware known as Ploutus.D to infect ATMs made by Diebold Nixdorf. Krebs published a follow-up postreporting that three suspects had been arrested in November after being caught in surveillance video Jackpotting ATMs in Wyoming and Utah. It’s not clear what connection may exist between the two defendant groups or between the crimes they’re alleged to have committed.

According to a release published Monday by federal prosecutors in Connecticut, Fajin-Diaz and Rodriguez were arrested on state charges and made an initial court appearance on Monday on federal charges. Bank fraud charges carry a maximum term of imprisonment for 30 years. It’s not clear if either suspect has submitted a plea.