After years of being used in Asian and European countries, the ATM scheme known as jackpotting has finally made its way to North America into countries like Mexico and the United States. Rather than swiping card data, ATM thieves use jackpotting to make the machines give over large amounts of cash and use a combination of malware and hardware to get away with it.
It's happening often enough for two of the world's largest ATM makers -- Diebold Nixdorf Inc and NCR Corp -- to make public statements about these criminals. While the two companies didn't say exactly how much had been lost, they did emphasize the severity of the issue. They even sent out alerts over the weekend to clients using their ATMs.
“This should be treated by all ATM deployers as a call to action to take appropriate steps to protect their ATMs against these forms of attack.”
“This should be treated by all ATM deployers as a call to action to take appropriate steps to protect their ATMs against these forms of attack,” the alert for NCR said.
Diebold Nixdorf used a separate statement on Friday to say that financial authorities in the United States warned the company that hackers were targeting its Opteva systems. The Opteva went out of production a few years ago, but its systems are still found in operation throughout a number of countries.
The U.S. Secret Service even issued a warning detailing what people should look for in terms of jackpotting. Attackers traditionally use an industrial endoscope to find a specific internal part of the ATM. Hackers then attach a laptop and run malware into the system. With a little bit of physical force and help from other members of the team, it doesn't take much for the hackers to hit their 'jackpots.' In total, the Secret Service estimates that the ATMs can be hacked "at a rate of 40 bills every 23 seconds."
Another one of the biggest issues with this hack comes not from the ATM manufacturers but the device's operators. Certain machines which have fallen prey to hackers have been running XP. The 16-year-old platform actually lost official support in 2014. All it would take is a simple system upgrade to Windows 7 or Windows 10 to protect against this malware. There's also the additional suggestion for switching to back-loading ATMs rather than common front-loading machines. However, ATMs range in cost from $2,500 to $10,000 per unit, and that typically doesn't include the accompanying software.
The trend is catching on quickly, and experts expect the problem to get significantly worse and more common before operators take notice and the threat gets smaller.