Jackpotting attacks on ATMs have been spreading through Europe and Asia for quite some time.
Recently, though, the Secret Service sent out an alert warning that jackpotting has reached the United States.
The alert was reported by Brian Krebs, who quotes several sources for this warning and cautions the public to be aware and careful of these attacks.
Here’s what to know about the ATM jackpotting attacks.
How does it work?
First, an attacker performs some basic scouting to figure out a way into the ATM. They usually target models with front-facing panels because they’re easier to access. To avoid detection and gain easy access to the machines, thieves have been posing as ATM technicians. They’ve also been using medical endoscopes to reach the insides of the ATMs.
Once the vulnerable area within the ATM is determined, the scammers attach their own computers to mirror the ATM’s software. The thieves will now install malware, which conveniently places the ATM under their control. At this point, the ATM will appear to be out of service for users and so scammers can force the machine to do their bidding from a remote location.
The criminals’ final step in this hack is to program the ATMs to spit out piles of cash and to send “money mules” to go and collect the cash for them.
Alternately, scammers may quietly bide their time and only take action a few days, or even a week, later. They will then return to the compromised ATM and program it to dispense all of its cash at once – which they will promptly pocket, of course.
What malware is at play?
Krebs’ report suggests that the malware being used in these attacks is Ploutus D, a malware that has been widely used in ATM hacks since 2013. However, this claim has not been verified.
Just this past spring, researchers working in Kaspersky Lab wrote about three relatively simple ways fraudsters can hack and remotely control ATMs. The scammers can use any of these methods, or they may be using Ploutus D, as Krebs believes.
Which ATMs are Vulnerable?
While every ATM in the country is at risk of being attacked, the fraudsters appear to be particularly targeting Diebold Nixdorf-made ATMs.
The Secret Service alert also warns that ATMs running Windows XP are “particularly vulnerable” and should be updated as soon as possible. Unfortunately, though the Windows XP Embedded support ended more than two years ago, many ATM owners neglect to install updates as advised, therefore placing their machines at greater risk for hacks.
What you can do?
ATM jackpotting targets the machine’s owners and generally does not affect the common citizen. However, you can do your part to stop these crooks by reporting any suspicious activity you see near an ATM.
Did you spot a technician who looks out of place? Is an ATM that worked just fine yesterday suddenly out of service? If so, alert the local authorities so they can take appropriate action.
While jackpotting might be relatively new to the U.S. and it’s not yet clear how widespread these attacks are, it’s always a good idea to exercise caution when using an ATM in a public setting. Here are some tips to remember the next time you use an ATM:
- Always cover the keypad with your free hand when inputting your PIN.
- If someone is lurking near the ATM for no apparent reason, do not use it.
- Be wary of signs that the ATM may have been tampered with, such as a new-looking keypad, a card reader that looks different than the rest of the machine, or an out-of-place security camera.
- Don’t use ATMs that are in unfamiliar neighborhoods or in stores you never frequent.
- If you’re withdrawing cash, be sure to secure your money in a wallet immediately after it’s dispensed. Don’t dawdle near the machine.
While the full impact of these jackpotting attacks is not yet evident, they are definitely not something the Secret Service is taking lightly. Do your due diligence to help stop the attacks, and always use caution when using an ATM in a public area.
Your Turn: Do you still use ATMs in public places? Have you ever had a less-than-perfect experience?
« Return to "The Nest (Eagle's Blog)"