Reports of ATM “jackpotting” have been circulating around the globe for years, but now it seems the newest form of technology-based thievery has made its way to the U.S.
Brian Krebs of Krebs on Security, a blog providing security news and investigative reporting on cybercrime, recently obtained a global security alert from ATM manufacturing giant Diebold Nixdorf explaining the criminal phenomenon known as ATM “jackpotting.” To pull off the crime, criminals must have direct contact with an ATM in order to install malware by way of infecting or entirely replacing the ATM’s hard disk.
The crime then bears fruit by way of the ATM dispensing loads of cash, typically at a later time and to a “money mule” so as to avoid suspicion, according to information received from the Secret Service by ABC News. The cash comes from the ATM itself rather than from the accounts within.
So far jackpotting crimes have occurred in Wyoming, Utah and Colorado giving thieves access to thousands of dollars, according to Krebs. The total amount “jackpotters” have stolen from ATMs in the U.S., and the specific location of those ATMs, have not been reported.
The alert states that the company was informed on Jan. 26 by U.S. authorities about the potential for jackpotting cases to make their way into the country within days.
While reports of the thefts have been circulating in Europe and Asia for years, according to Krebs, cases first began appearing on the West Coast in the U.S. late last year. However, of perhaps more interest to Arizonans, is that the report from Diebold Nixdorf states that these ATM thefts are making their way up through the U.S. from Mexico.
Krebs on Security obtained a Secret Service that said the crimes pose the biggest risk to stand-alone ATMs like those found at pharmacies, big box retailers and drive-thru ATMs.
The Diebold Nixdorf alert provided additional information that the ATMs at risk are front-load ATMs, since thieves are required to directly access the “internal infrastructure” by opening the machine. As such, these crimes are being committed by criminals posing as ATM repairmen. Rear-load ATMs are potentially also at risk, however because of their design accessing the required infrastructure would be “extremely difficult.”
Though cases of jackpotting are spreading through the U.S., Mohave State Bank Chief Operating Officer and Executive Vice President Randy Austin said that while he has been made aware of jackpotting, it has yet to influence Mohave State Bank directly.
“We haven’t changed anything that we’ve been doing in the past,” he said.
Suspicious activity has not been reported to the bank, and the precautions against ATM-related crimes it has always taken continue to suffice.
“Obviously we monitor our ATM activity,” Austin said.
Diebold Nixdorf suggests that monitoring ATM activity and controlling access to the areas by which technicians have physical access to ATMs are ways banks and ATM operators can help prevent jackpotting from affecting their businesses.
Keeping ATMs updated with the latest security measures and investigating suspicious activities “like deviating or non-consistent transaction or event patterns, which are caused by an interrupted connection to the dispenser,” are also ways to safeguard against jackpotting and to keep it from becoming as prevalent in the U.S. as it has been in other areas of the globe.