Home Crime How Barclays ATMs Were Emptied

How Barclays ATMs Were Emptied


After four Barclays Bank of Kenya ATMs were reportedly emptied during the long Easter weekend, investigators have narrowed the analysis on two probabilities.

The robbers made away with Shs. 14 Millions without firing a single bullet or breaking into any of the ATMs.

The clever robbers choose on off site machines as this would take longer for the bank to notice. Off-site ATMs are not hosted next to or inside banking halls. They are located in high traffic areas where banks think they have a clientele base that would make financial sense.

The matter however is now being handled by Cyber Crimes Unit at the Directorate of Criminal Investigations.

After physical investigation by the team, they found all the ATMs in good order apart from Kenyatta National Hospital ATM.

This has lead the team to believe the ATMs were hacked into. The Bank team upon investigated absolved themselves from the robbery as all the affected ATMs were under the jurisdiction of G4S security company.


“The security company monitors the cash levels at all the ATMs in their jurisdiction and refill the cash magazines/ cassettes when the ATMs runs out off cash. This points to an inside job.” quotes an insider who could not be named due to sensitivity of the matter.

After follow up by our Newsline.co.ke investigators, it was found out that five G4s personnel has been arrested and are helping the investigators with crucial leads.

But how possible was the robbery? Bob Morrison – A cyber security analyst explain to our investigator.

“ATM jackpotting is the exploitation of physical and software vulnerabilities in automated banking machines that result in the machines dispensing cash.” said Bob.

“With physical access to a machine, ATM jackpotting enables the theft of the machine’s cash reserves, which are not tied to the balance of any one bank account. Thieves who are successful and remain undetected can walk away with all of the machine’s cash.” Bob Morrison

G4S CIT Van during a previous heist | Photo Tweeter

The culprits use a portable computer to physically connect to the ATM along and use malware to target the machine’s cash dispenser. In this bold public approach, an attacker will often use deception and weaker targets to limit risk, like dressing as service personnel to avoid scrutiny. Stand-alone ATMs in retail and service outlets are more likely targets, away from a bank’s tighter monitoring and security. Older machines, which may not be fully up to date, are also common targets. ATM owners are encouraged to apply all available updates.