Hackers likely associated with international crime syndicates have recently stolen more than $1 million from ATMs in the US using “jackpotting” attacks, said a Secret Service official speaking to Reuters.
The technique involves gaining physical access to a machine and using malware, specialized electronics, or both to take control and make it dispense hundreds of dollars at a time. The name jackpotting comes from the way the ATM’s are likened to slot machines paying out winnings.
Back in 2010, renowned hacker Barnaby Jack, who passed away in 2013, demonstrated jackpotting on an ATM at the Black Hat conference. It had until now been a problem in Europe, Asia, and Mexico, but security researcher Brian Krebs reports that the US Secret Service has started warning financial institutions that jackpotting attacks are taking place in the United States.
Attacks have been spotted across the country, ranging from the Pacific Northwest to the Gulf region to New England. There have been around six successful jackpotting incidents in the last few days.
The secret service alert says that hackers typically use an endoscope—the same kind physicians use—to locate the part of the ATM where they can attach their laptop. They then swap the machine’s hard drive with one infected with the Ploutus.D jackpotting malware. Once rebooted, the ATM appears out of service to customers but the criminals can remotely control it, forcing it to dispense cash that is then collected by other members of the gang.
Thieves appear to be targeting Opteva 500 and 700 series Diebold ATMs, which are said to be particularly vulnerable to jackpotting attacks, as are machines still running Windows XP.