Abu Dhabi, UAEMonday 24 June 2019

'Jackpotting' hackers steal $1m from US ATMs

The heists, which involve hacking cash machines to rapidly shoot out torrents of dollars, have been reported across the United States

Axis Bank has opened an office in Sharjah, its fourth in the UAE. Danish Siddiqui / Reuters
Axis Bank has opened an office in Sharjah, its fourth in the UAE. Danish Siddiqui / Reuters

A coordinated group of hackers that is likely to be tied to international criminal syndicates has pilfered more than $1 million by hijacking ATM machines across the United States and forcing them to spit out bills like slot machines dispensing a jackpot, a senior US Secret Service official said on Monday.

Within the past few days, there have been about a half-dozen successful “jackpotting” attacks, the official said.

The heists have been observed from the Gulf Coast in the south to New England in the north-east, Matthew O‘Neill, a special agent in the criminal investigations division, told Reuters.

The attacks represented the first widespread jackpotting activity in the US, Mr O‘Neill said. Campaigns have been reported in Europe and Latin America.

“It was just a matter of time until it hit our shores,” Mr O‘Neill said.

Diebold Nixdorf and NCR, two of the world’s largest ATM makers, warned last week that criminals are targeting ATMs.

The Diebold Nixdorf alert described steps that criminals had used to compromise ATMs. They include gaining physical access, replacing the hard drive and using an industrial endoscope to depress an internal button required to reset the device.


Read more:

Close to Dh4 billion lost last year to UAE cybercrime

Deciphering Equifax’s failings after data hack should be lesson to us all on password protection


A confidential Secret Service alert seen by Reuters and sent to banks on Friday said machines running XP were more vulnerable and encouraged ATM operators to update to Windows 7 to protect against the attack, which appeared to be targeting ATMs typically located in pharmacies, big box retailers and drive-through businesses.

While initial intelligence suggested only ATMs running on outdated Windows XP software were being targeted, the Secret Service has seen successful attacks within the past 48 hours on machines running updated Windows 7, Mr O‘Neil said.

“There isn’t one magic solution to solve the problem,” he said.

A electronic crimes task force in the Washington, DC, metropolitan area first reported an unsuccessful jackpotting attempt last week, Mr O‘Neill said.

A few days later, another local partner witnessed similar activity and “developed intelligence” that indicated a sustained, coordinated attack was likely to occur over the next two weeks, Mr O‘Neill said. He declined to say where that partner was located.

Jackpotting has been rising worldwide in recent years, although it is unclear how much cash has been stolen because victims and police often do not disclose details.

Updated: January 30, 2018 11:03 AM