Hackers are hitting the “jackpot” at American ATMs.
This week the Secret Service released guidance about a new cyberattack called “jackpotting,” in which hackers load malware in ATMs that forces the machines to spit out large volumes of cash on demand. Enterprising criminals have stolen $1 million worth of cash from machines throughout the United States in the last week, according to Reuters.
What makes jackpotting different from a normal hack is that it’s not remote. Hackers must gain physical access to the ATM, either by picking its locks, using a stolen master key or otherwise removing or destroying part of the machine. They then install specialized electronics in order to control it.
Most of the affected ATMs are standalone machines located in pharmacies, big box retailers or drive-through kiosks rather than inside banks. Many attackers have posed as ATM technicians.
Once hackers gain access to the machine, they target it with surgical precision—literally.
The Secret Service said most hackers use an endoscope (a slender flexible instrument doctors use to look inside the body) to locate the ATM’s internal hardware. They then attach a cord that allows them to sync their laptop with the machine’s operating system.
After they attach the malware, hackers contact co-conspirators who remotely access the ATMs and force them to dispense cash. So-called “money mules” are then dispatched to banks to collect the illegal dough, according to The Verge.
The ATM appears to be out of service to regular customers during the entire operation.
According to the blog Krebs on Security, the jackpotting hacks likely utilize a strain of malware called Ploutus.D. Using this method, the ATM dispenses 40 bills in 23 seconds.
Last year, security firm FireEye called Ploutus.D “one of the most advanced ATM malware families we’ve seen in the last few years.”
The Secret Service didn’t release any specific information on suspects but said the perpetrators range from individual, local criminals to large groups and organized crime syndicates. The agency said it had discovered the hack through its Electronic Crimes Task Force for cybercriminals.
While these are the first jackpotting attacks in America, Wired reported that similar hacks were reported in Europe as far back as 2010. Interest in jackpotting has also spiked on the dark web, and several sites have actually sold guides on how to perform the hack.
ATM makers Diebold Nixdorf and NCR released statements confirming they had alerted customers to the attacks. Older, front-loading ATMs are the main targets of jackpotting, according to Diebold.
“This should be treated as a call to action to take appropriate steps to protect ATMs against these forms of attack and mitigate any consequences,” an NCR statement read.
The Secret Service alert said ATMs running Windows XP software are particularly vulnerable. As such, operators should update to a version of Windows 7 as soon as possible.