Hackers hit the jackpot in US, can now drain ATMs of all their cash
What ATM hacking software looks like (FireEye -- click for report.)
When ATMs were first invented, the obvious nightmare scenario involved someone figuring out how to walk around draining machines of all cash. Well, that nightmare has just arrived in the U.S. Hackers have figured out how to trick machines into spitting out all their $20 bills, hit-the-jackpot style, minuses the blaring sirens and lights. The attack is, appropriately enough, being called "jackpotting."
Criminals had successfully hacked overseas ATMs for years, but until recently, U.S. machines had seemingly been spared. This grace period is now over. Security writer Brian Krebs reported in late January that the U.S. Secret Service has now warned U.S. banks about successful ATM hacks here. Then Dustin Volz at Reuters got an on-the-record interview with a Secret Service official who confirmed there had been a half-dozen attacks recently netting criminals $1 million. Attacks ranged from the South to New England, he was told.
“It was just a matter of time until it hit our shores,” special agent Matthew O‘Neill said to Reuters.
The attacks aren't easy. Krebs reports that criminals must first gain physical access to the machines, which they control using a combination of hardware and malicious software. They then employ "cash out crews" who grab the money and run.
Many of the targeted machines are in less-secure physical environments, like stand-alone ATMs in retail stores, as opposed to bank ATMs located in or near secure brances.
“During previous attacks, fraudsters dressed as ATM technicians and attached a laptop computer with a mirror image of the ATMs operating system along with a mobile device to the targeted ATM," said a Secret Service memo obtained by Krebs.
The attack is potentially a big headache for banks, who stand to absorb the losses from jackpotting. Consumers need fear the usual issues, and take the standard precautions: make sure an ATM you use hasn't been tampered with, so your account isn't raided; and carefully inspect account statements for signs of fraud. Otherwise, there isn't much account holders can do to prevent jackpotting.
ORDER THE NEW EDITION OF GOTCHA CAPITALISM NOW! (Print edition also available)