Secret Service warns US ATMs are being targeted by 'Jackpotting' hack

Javier Stokes
January 30, 2018

According to a confidential memo obtained by Krebs on Security, the ATMs targeted by the hacking include ones located in "pharmacies, big box retailers, and drive-thru ATMs". The art of so-called ATM jackpotting, where ATMs are hacked to start doling out dollars-no PIN required-has been around for a while now (MIT's Technology Review has been warning about this since 2010), but the Secret Service only recently sounded the alarm. This is actually a real-life hack known as "jackpotting" and is prevalent in regions like Europe and Asia, and now it seems that it has started to creep into the U.S. as well.

After investigating a report of a jackpotting attack in recent days, the Secret Service quickly determined a more coordinated set of attacks was about to be launched in the next seven to 10 days.

Reports are emerging in the U.S. of cyberattacks on ATM machines known as "jackpotting" attacks - whereby fraudsters install malicious software and technological equipment on ATMs, forcing the machines to release large sums of money. Vulnerabilities are then exploited - often made possible when ATM operating systems are outdated or unpatched - allowing for brute-force attacks against the system.

Euro Hits $1.25 after 3 Years
The dollar hit a three-year low against the euro on Thursday morning, before Draghi's press conference, to $1.24 for €1. Fears remain that the strong euro could dampen inflation and endanger the work done by years of unprecedented stimulus.

The Secret Service says that the criminals - masquerading as ATM service technicicans - use endoscope medical devices to look inside cash machines and find the spot where they can attach a cord to link a laptop to the ATM's computer. "This represents the first confirmed cases of losses due to logical attacks in the US". An alert was sent out Friday to inform the banking community of the potential attack and how they might protect themselves from being victimized. The robberies are known as "jackpotting". The firm's advisory (.PDF) says that the jackpotting method can be stopped if the latest firmware updates are applied.

The U.S. Secret Service is warning banks about the practice, which consists of fraudsters dressing up as ATM technicians and use a key that is capable of accessing any ATM.

Other reports by

Discuss This Article