Many companies featured on Money advertise with us. Opinions are our own, but compensation and
in-depth research may determine where and how companies appear. Learn more about how we make money.

  1. Banking
  2. Banks

Everything You Need to Know About ‘Jackpotting,’ a New Cyber Attack Targeting ATMs

Published: Jan 30, 2018 6 min read
Hand of young woman inserting credit card into cash machine
Eugenio Marongiu - Cultura RF/Getty Images

ATM “jackpotting” — the installation of malicious software and hardware onto ATMs — has finally hit the U.S. for the first time.

Here’s what we know about the latest cyber crime wave and how to protect yourself as a consumer:

What is ATM jackpotting?

ATM jackpotting, also known as “logical attacks,” simply means that cyber thieves physically install malware onto ATMs, giving them control over how much money gets dispensed at any given time.

The malware installers have been clever, using endoscopes (narrow, tube-like medical devices with cameras on the ends typically used to see inside the human body) to look inside each ATM. Once they find a place to attach a computer cable, they sync their laptops to the machine's computer, according to the website run by Brian Krebs, an independent security expert.

Should consumers be worried?

The short answer is no, according to security experts.

"This is not an attack that jeopardizes consumer information or funds," Krebs told Money.

Richard Hummel, senior technical lead at cyber security firm FireEye, agreed the average consumer should not be worried.

"The biggest issue they would have is an ATM not having any funds in it after someone withdraws everything," Hummel said.

Two of the world’s largest ATM makers — Diebold Nixdorf Inc. and NCR Corp. — warned customers that hackers were targeting the machines, but didn’t identify any potential victims or discuss what the financial losses could be, according to Reuters.

So far, there have no been reports of individual accounts being compromised but, according to CNN, a Secret Service memo from mid-January reported at least six attacks have occurred in almost every area of the country in the the last week and more attacks have been planned across the U.S.

The most concerning aspect of the hacks at this point is the level of success the hackers have had accessing the ATMs and the possibility of future compromises, Hummel said.

"If they're able to get access to the ATMs, even if they don't steal funds, there's a chance they could always install other components they could then later access. There's plenty of other ATM malware that will lie dormant for a period of a time that an attacker can use to withdraw funds over time," he said.

We don't know how much money has been stolen

Krebs told Money "three individuals who were arrested in November and charged with executing ATM jackpotting attacks have been accused of stealing tens of thousands of dollars" from machines on the West Coast.

Total losses from all of the separate hacks are unknown at this time, but CNN estimates it's more than $1 million in the U.S. string of attacks alone.

Whether future attacks are preventable may depend on individual companies taking action to upgrade their ATMs and software in the machines. ATMs with Windows XP are "especially vulnerable" to attacks, Krebs said.

"Upgrading to an operating system that isn't 17 years old would be a good idea," he added.

Hummel suggested increasing physical security around existing ATMs as one of the simplest and fastest solutions to the ongoing jackpotting attacks.

"For every single of one these attacks, the perpetrators need good physical access and need a portion of time where they can either pick the lock or use some type of key they may have bribed from someone," he said.

The Secret Service issued a warning about the attacks

The Secret Service's confidential memo sent out this month warned financial institutions about the spread of jackpotting.

The memo stated that stand-alone ATMs in “pharmacies, big-box retailers and drive-thrus” have been the most common targets so far.

The attacks started in Mexico

The first reported attack of ATM jackpotting was in 2013 in Mexico. The malware, called Ploutus, was identified as one of the most advanced ATM malware families in recent years, according to FireEye.

One of the reasons the attacks took longer to spread to the U.S. is because it may have been easier to get away with physically stealing ATMs and bribing individuals in Latin America than in the U.S., Hummel said.

"It seems like they're moving to the U.S. to see how successful they can be here," he said, adding that the attacks appear to be coordinated and well-orchestrated.

This particular type of cyber crime has been seen for years in Europe as well as in Asia. But it turns out one of the first instances of ATM jackpotting wasn't actually a crime. Famed "white hat" hacker Barnaby Jack, who passed away in 2013, demonstrated how ATM vulnerabilities could be exploited in an effort to raise awareness about jackpotting.