How Barclays ATM heist was executed.
Flying Squad officers last evening were searching for a Toyota Probox caught on camera with three men believed to be the cybercriminals who stole more than Sh11 million from four ATMs in Nairobi.
The details emerged as police uncovered the sophisticated technology the criminals used to empty the ATM machines.
This loss and the possibility of others could turn into a nightmare for the banking industry in Kenya.
Already, banks are grappling with online hacking that is estimated to have cost the Kenyan economy more than Sh20 billion in 2017 alone.
The high-tech crime known in cybercrime lingo as ATM jackpotting has been used to steal more than Sh100 million in the US over the last one year.
The Barclays heist was the first major case of ATM jackpotting in Kenya since the crime hit the US last year, the police say.
The Star has established that officers have obtained CCTV footage from the city where a young man was caught boarding a Probox, believed to be a taxi in South B with a rucksack.
Police suspect the man, estimated to be aged between 25 and 30, were part of a cyber gang that emptied three ATMs belonging to Barclays bank of the millions of shillings during the Easter holidays.
In ATM jackpotting, thieves instal malicious software and/or hardware at ATMs that force the machines to spit out huge volumes of cash on demand.
To carry out a jackpotting attack, thieves first must gain physical access to the cash machine.
From there they can use malware or specialised electronics - often a combination of both - to control the operations of the ATM.
Brian Krebs, an American investigative journalist, explains in an online article how criminals have been stealing millions of shillings from banks in the US through ATM jackpotting.