High-tech thieves are upping their game to pilfer ATMs.
Diebold Nixdorf, a major American ATM supplier, said it is seeing an increasing number of ATM jackpotting attacks where the thieves are connecting devices that contain proprietary software to control the ATM. The news was first reported by Ars Technica.
Jackpotting traditionally refers to hooking up an external “black box” to dispense funds illegally.
This black box jackpotting is different. “At this stage of our investigations it appears that this device also contains parts of the software stack of the attacked ATM,” Diebold Nixdorf said in an alert. The software stack typically refers to key proprietary software components needed to operate a computing device.
For example, in recent incidents happening in “in certain European countries,” attackers break through the fascia of the ATM in order to access the “head compartment,” the company said. Then the cable between the dispenser and the ATM’s electronics is unplugged. Then the cable is connected to the black box of the attacker “in order to send illegitimate dispense commands” using the software stack, the company said.
“We have no evidence that our company’s software was used to facilitate this attack, as our investigation with law enforcement is still ongoing,” Di ebold Nixdorftold Fox News in a statement.
In some past attacks on ATMs, criminals are able to spit out 40 bills every 23 seconds, a Secret Service alert from 2018 said, according to a report from Krebs On Security.
“Once the dispense cycle starts, the only way to stop it is to press cancel on the keypad. Otherwise, the machine is completely emptied of cash,” according to the Secret Service alert.
That report went on to say that targeted ATMs are often located in pharmacies, big-box retailers, and drive-thru ATMs, citing a confidential Secret Service alert sent to financial institutions.
In some past attacks, “fraudsters dressed as ATM technicians and attached a laptop computer with a mirror image of the ATMs operating system along with a mobile device to the targeted ATM,” according to Krebs.
“Jackpotting is and has been a global problem that can affect ATMs anywhere. In the States, we have seen jackpotting attacks as early as in 2010,” Diebold Nixdorf told Fox News in a statement.