Definition
ATM jackpotting is a cyberattack type where a hacker forces an ATM to dish out significant quantities of cash. It’s like hitting a jackpot on a slot machine.
Attackers can use various tactics to compromise the systems. First, they can obtain physical access to the ATM by disguising themselves as maintenance technicians and introducing malware through USB or niche electronic gadgets that link directly to the system.
Furthermore, they may attempt to intercept and manipulate the communication between the ATM’s computer and the cash vending machine through a man-in-the-middle attack.
History of ATM Jackpotting
Jackpotting assaults started in Asia and Europe around the 2000s, garnering immense popularity because of their daringness. Initial jackpotting needed a more in-depth understanding of ATM structures, but solutions like ‘Plotus’, developed in Mexico around 2013, made it simpler to hack ATMs.
Jackpotting arose in the United States between 2017 and 2018, prompting law enforcement agencies to issue alerts and advice to financial firms. In exchange, ATM developers and financial firms upgraded their security by introducing sophisticated hardware encryption and more secure software, updating physical security measures, and applying behaviour analytics to spot anomalous trends.
How Does ATM Jackpotting Work?
ATM jackpotting requires physical access to an ATM. The attacker will also need a rogue device (a wireless hardware attack tool), such as a portable computer, that can cause harm, steal data, and disrupt the system’s normal operation.
Upon gaining access to the ATM system, the attackers remove the hard drive and any present antivirus programs. This allows them to install their malware, substitute the hard drive, and reboot the ATM. The whole process usually takes less than a minute.
ATM Jackpotting Methods
Malware-based Jackpotting
In this type of jackpotting, the attacker inserts a malware-infected USB device into the ATM’s USB port. The malware makes the system dish out cash, which the attacker collects.
The ATM will operate normally with other users, even with the malware installed. It only starts to dispense excessive cash when the attacker activates the malware.
The malware-based cash dispensers do not display withdrawal transactions on bank accounts. ‘Ploutus.D’ is a popular jackpotting malware example with several modifications that enable it to function smoothly on multiple ATM vendors.
Black Box Attack
In this case, the rogue devices are known as black boxes. They mimic the ATM’s internal computers, connect to dispensers, and dish out money. The black boxes also plug into the network cables and obtain cardholder information.
Despite ATMs having a maximum withdrawal limit per client or transaction, black box attacks act as the host system, making the machine instantly dispense all its cash.
How to Prevent ATM Jackpotting
Tips for Customers
- Use ATMs operated by well-known financial organizations, as they offer more security and evade those owned by malls, small enterprises, and retail stores.
- Be cautious of individuals queuing behind you at the ATM, as they may be a threat. Make sure you cover the keypad while entering your PIN.
- Examine your bank statements weekly or monthly for unsanctioned transactions and report any discrepancies instantly.
Tips for Banks
- Ensure the ATM’s antivirus software and other programs are always up-to-date.
- Turn off the ATM’s auto-start and restart features because they can be easily exploited.
- Track ATMs for anomalies, such as requests for large withdrawals from customers with empty bank accounts. Moreover, be wary of multiple failed sign-in trials, as this could mean the ATM is being targeted.
- Ensure there are security enforcers around the ATMs to prevent unlawful access easily.
- Adapt physical precautions such as installing alarms and locks in the ATM’s cabinet. This prevents criminals from accessing the ATM’s interior and confiscating its hard drive.