Hackers hit the jackpot in US, can now drain ATMs of all their cash

What ATM hacking software looks like (FireEye — click for report.)

When ATMs were first invented, the obvious nightmare scenario involved someone figuring out how to walk around draining machines of all cash. Well, that nightmare has just arrived in the U.S. Hackers have figured out how to trick machines into spitting out all their $20 bills, hit-the-jackpot style, minuses the blaring sirens and lights. The attack is, appropriately enough, being called “jackpotting.”

Criminals had successfully hacked overseas ATMs for years, but until recently, U.S. machines had seemingly been spared. This grace period is now over. Security writer Brian Krebs reported in late January that the U.S. Secret Service has now warned U.S. banks about successful ATM hacks here.  Then Dustin Volz at Reuters got an on-the-record interview with a Secret Service official who confirmed there had been a half-dozen attacks recently netting criminals $1 million. Attacks ranged from the South to New England, he was told.

“It was just a matter of time until it hit our shores,” special agent  Matthew O‘Neill said to Reuters.

The attacks aren’t easy.  Krebs reports that criminals must first gain physical access to the machines, which they control using a combination of hardware and malicious software.   They then employ “cash out crews” who grab the money and run.

Many of the targeted machines are in less-secure physical environments, like stand-alone ATMs in retail stores, as opposed to bank ATMs located in or near secure brances.

“During previous attacks, fraudsters dressed as ATM technicians and attached a laptop computer with a mirror image of the ATMs operating system along with a mobile device to the targeted ATM,” said a Secret Service memo obtained by Krebs. 

The attack is potentially a big headache for banks, who stand to absorb the losses from jackpotting. Consumers need fear the usual issues, and take the standard precautions: make sure an ATM you use hasn’t been tampered with, so your account isn’t raided; and carefully inspect account statements for signs of fraud.  Otherwise, there isn’t much account holders can do to prevent jackpotting.


About Bob Sullivan 1295 Articles
BOB SULLIVAN is a veteran journalist and the author of four books, including the 2008 New York Times Best-Seller, Gotcha Capitalism, and the 2010 New York Times Best Seller, Stop Getting Ripped Off! His latest, The Plateau Effect, was published in 2013, and as a paperback, called Getting Unstuck in 2014. He has won the Society of Professional Journalists prestigious Public Service award, a Peabody award, and The Consumer Federation of America Betty Furness award, and been given Consumer Action’s Consumer Excellence Award.

Be the first to comment

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.