ATM

ATMs have always been a site of potential theft, but previously, the main threat was consumers getting their PINs stolen. Now, a sophisticated hacking technique called “jackpotting” that threatens the ATM itself has appeared in the United States for the first time.

In jackpotting, thieves install either software or hardware onto front-loading ATMs that force them to spit out cash on demand, essentially turning these ATMs into slot machines. The attacks have occurred in Europe and Asia since an infected ATM was first demoed at a hacking conference in 2010, but somehow, the United States has not had any jackpotting attacks, until this year.

First reported by the security-focused site Krebs on Security in mid-January, the U.S. Secret Service has contacted financial institutions that jackpotting has been spotted in the United States.

According to a confidential Secret Service alert obtained by Krebs, “The targeted stand-alone ATMs are routinely located in pharmacies, big box retailers, and drive-thru ATMs. During previous attacks, fraudsters dressed as ATM technicians and attached a laptop computer with a mirror image of the ATMs operating system along with a mobile device to the targeted ATM.”

Diebold ATM restart
Diebold ATMs are at risk. 

Currently, the ATMs targeted all seem to be an older, out-of-production model, Opteva, manufactured by Diebold Nixdorf, as Reuters has reported.

How It Works

According to the Secret Service alert, hackers typically repurpose an endoscope, the medical instrument usually used by doctors to peer into the human body, to find the the internal portion of the ATM where they can connect using a cord to sync their laptops with the internal computers of the ATM.

Once connected, the ATM will read as “out of service” to customers, and the machine can be remotely accessed via SMS or an externally connected keyboard.

In previous attacks, says the Secret Service alert, “the ATM continuously dispensed at a rate of 40 bills every 23 seconds,” until it is emptied of cash — or someone on site manually stops it by pressing cancel on the keypad.

So-called “money mules” are the ones that actually carry out the attack and take the money, which can happen within minutes.

The Secret Service recommends that ATM operators update their ATM software from Windows XP to Windows 7 to prevent this type of attack.

It’s good advice for the rest of us as well