ATM manufacturers are warning that criminals are hacking into their devices using a method called “jackpotting”that has recently spread to the U.S. according to Reuters.
Both Diebold Nixdorf Inc and NCR Corp issued alerts, though they “did not identify any victims or say how much money had been lost.” NCR told Reuters that none of its equipment had been targeted, though Diebold Nixdorf warned that hackers were using the method to break into its Opteva-line ATMs, which are no longer being made.
The attacks were first noticed by security blog Krebs on Security, which noted the method was rife in Europe and Asia but had somehow avoided migration to the U.S. until now. Jackpotting is not an easy method, but the payoffs can be large. It requires hackers gain access to the device and the deployment of “malware or specialized electronics—often a combination of both—to control the operations of the ATM,” Krebs wrote.
“The targeted stand-alone ATMs are routinely located in pharmacies, big box retailers, and drive-thru ATMs,” a confidential Secret Service memo obtained by Krebs read. “During previous attacks, fraudsters dressed as ATM technicians and attached a laptop computer with a mirror image of the ATM’s operating system along with a mobile device to the targeted ATM.”
The Secret Service warning added that the attackers generally use an endoscope to locate an internal component of the ATM where they can attach the laptop and run malware, such as one dubbed Ploutus.D. They then contact co-conspirators who force the machine to dispense cash, sometimes “at a rate of 40 bills every 23 seconds.” Getting access to the ATM in the first place requires having a key or breaking the locks.
Many ATMs still running Windows XP are more vulnerable than those running newer OSes like Windows 7, Krebs added. According to Reuters, Russian firm Group IB says that in 2016 such attacks hit more than a dozen European countries, as well as Turkey and Taiwan.