‘Jackpotting’ Hacking Attacks Hit U.S. ATMs

male hands using smart phone while typing on ATM

United States-based ATMs are being targeted by a method of hacking called “jackpotting.” Huge amounts of cash are being looted by the criminals.

In a shocking revelation, it has been disclosed that over $1 million could have been siphoned off from ATMs in the United States over the past couple of months.

Hacking teams reportedly compromised the machines and deployed malware to cough up huge amounts of cash.

This kind of heist is being described as “jackpotting,” and though such cases were being reported from other parts of the world, ATMs in the U.S. have come under attack only recently.

The attacks in the U.S. were initially reported by Brian Krebs, a well-known cybersecurity researcher and journalist.

Hacking Process Involves Both Physical & Remote Execution

According to cybersecurity experts and intelligence officers, hackers generally target easily accessible ATMs that have lax security.

They act as if they are technicians and once they reach the machine, they physically open it and plant a hard disk after disconnecting the machine’s disk.

This is where the remote controlling takes over and the malware is deployed to instruct the ATM to dispense the cash. Once they collect the cash in a bag, they quickly remove their hard disk and vanish.

The malware being used by these hacking teams has been referred to as Ploutus-D.

This is how the thefts have been taking place, whether it is in Taiwan, Mexico, Europe or Asia. In the first such incidence recently reported from Wyoming in the U.S. and the subsequent cases in other cities, very similar modus operandi had been employed.

U.S. Secret Service Issues Warnings

The Secret Service in the United States has already issued warnings to banks and other financial institutions that operate over 400,000 ATMs across the country that their cash vending machines could be running the risk of being hacked. Officials advised them to take suitable action.

The warning appears to have specified the “jackpotting” hacking attack.

Is the Hacking Machine-Specific?

The hacking teams appear to be targeting older generation ATMs made by Diebold Nixdorf. The reason could be that these machines are easier to open and access for replacing the hard disk with the mirror disk that they are carrying, whereas the newer models don’t permit such easy manipulation.

However, other experts contend that Ploutus-D can be suitably rewritten to attack practically any make or model of ATM anywhere in the world.

Some Gray Areas Do Remain

Some intelligence experts argue that the real issue could also lie elsewhere. According to them, the banks order and buy the machines and feel the responsibility that protecting the ATM should be that of the machine manufacturer.

Either due to cost considerations or for other administrative reasons, the upkeep of the hardware and software of the ATMs leaves a lot to be desired.

In reality, the only solution for the banks to prevent the hacking episodes on their ATMs is to improve the physical locking of the machines and upgrade to software that can take on malware like Ploutus-D.

Who’s Behind the Jackpotting Attempts?

Hacked ATM while inserting credit card showing hoody hacker on the screen

Cash vending machines are at risk of being hacked

It appears these ATM hacking attacks could be sourced from hackers south of the U.S. border. Jackpotting attacks were first spotted in Mexico five years ago. It’s possible that the same hacking teams behind these attacks have now moved to the U.S. to further perpetrate their crimes.

Now that the Federal Bureau of Investigation has taken hold of the cases and some of these people have been arrested, they may be able to advance the investigations to find out if any organized groups are involved in the jackpotting attacks.

They may even end up solving the crimes in some of the other countries where similar heists have been reported.

But ultimately, the banks and the other financial institutions which own these ATMs will have to assume full responsibility for the safety and security of the machines so that their customers can continue to receive the seamless service that was originally intended.

Even more intriguing is the fact that the information about jackpotting as a crime has been in the public domain for around six years, and if it has taken this long for the crime to occur in the U.S., there may be other reasons for these hacks.

Leave a Reply