LONDON: Hackers able to make ATMs spit cash like winning slot machines are now operating inside the United States, marking the arrival of “jackpotting” attacks after widespread heists in Europe and Asia, according to security news website Krebs on Security.
Thieves have used skimming devices on ATM machines to steal debit card information, but “jackpotting” augurs more sophisticated technological challenges that American financial firms will face in coming years.
“This is the first instance of jackpotting in the United States,” said digital security reporter Brian Krebs, a former Washington Post reporter. “It’s safe to assume that these are here to stay at this point.”
On his website, Krebs reported Saturday that the Secret Service has warned financial institutions about “jackpotting” attacks in the past few days, though specifics have not been revealed.
He cites an alert sent by ATM maker NCR Corp. to its customers:
“This represents the first confirmed cases of losses due to logical attacks in the U.S.,” the alert read. “This should be treated as a call to action to take appropriate steps to protect their ATMs against these forms of attack and mitigate any consequences.”
Krebs reported that criminal gangs are targeting Diebold Nixdorfmachines – the stand-alone kind you might see in a drive-through or pharmacy. He shared the ATM giant’s security notice. It described similar attacks in Mexico, in which criminals used a modified medical endoscope to access a port inside the machines and install malware.
Diebold Nixdorf spokesman Mike Jacobsen declined to provide the number of banks targeted in Mexico and the United States or comment on losses, according to Reuters.
Hackers have also been reported to remotely infect ATMs or completely swap out their hard drives. The Secret Service could not be immediately reached for comment about the nature of the reported U.S. attacks.