Jackpotting is an attack/technique to exploit ATMs to make them dispense cash without withdrawing it from a bank account – Now, U.S. ATMs are under Jackpotting attack.
The trend of hacking ATMs (automatic teller machines) is not new but with the passage of time, it is becoming a lot more persistent and sophisticated. In some parts of the world, cybercriminals use skimmers steal card data while in some places they prefer using explosives to crack open ATMs to steal cash.
In the United States, however, two of the largest ATM manufacturers Diebold Nixdorf and NCR Corp. have warned citizens to be aware of an attack in which hackers are taking over ATMs to steal cash in a technique that was never seen before in the country.
Dubbed ‘Jackpotting,’ the technique involves hackers to physically access the ATM, infect it with a malware/malicious software and use hardware including industrial endoscope which forces the machine to give away cash according to commands executed by hackers.
An endoscope made to work in tandem with a mobile device (Source: YouTube)
This was revealed by journalist Brian Krebs who got his hands on a confidential US Secret Service memo that reveals how jackpotting has hit the ATMs in the United States for the very first time. Before that, the attack was popular against ATMs in Asia and Europe.
The memo further reveals that once the hackers take over an ATM, the attack forces it to dispense money at the rate of 40 notes every 23 seconds and only stops once the machine is empty. Currently, the prime targets of Jackpotting are Big-box stores, pharmacies and drive-thru ATMs.
An alert [PDF] issued by Diebold gives in-depth details about the attack and how it can be prevented.
“In a Jackpotting attack, the criminal gains access to the internal infrastructure of the terminal in order to infect the ATM PC or by completely exchanging the hard disk (HDD). In recent evolutions of Jackpotting attacks portions of a third-party multi-vendor application software stack to drive ATM components are included. In cases where the complete hard disk is being exchanged, encrypted communications between ATM PC and dispenser protects against the attack,” the alert warns.
According to the warning issued by NCR, the company said none of their ATMs have been compromised however the attack itself is a big threat to the ATM industry in the country. “This should be treated by all ATM deployers as a call to action to take appropriate steps to protect their ATMs against these forms of attack,” said NCR.
Remember, for cybercriminals hacking an ATM machine is now a piece of cake since most of these machines are still running on Windows XP. Just a few months ago, a security researcher Leigh-Anne Galloway had demonstrated how one can hack an ATM by simply drilling a hole. She also highlighted the fact that since a majority of cash machines are Windows XP systems that are linked with a safe, therefore, the trick makes a varied range of machines vulnerable to hack attack.
Moreover, it is very easy for anyone to buy ATM malware on the Dark Web, therefore, there is a need of a complete overhaul of the ATM industry to make its devices secure against cyber criminals and protect banks and customers from losing their cash.
What how Jackpotting attack takes place
Image credit: DepositPhotos/BeeBright
