Cyber-criminals have been infiltrating cash machines and programming them to spit out volumes of cash in a hacking scheme called “jackpotting,” according to Diebold Nixdorf and NCR, two of the world’s largest ATM manufacturers. The companies told Reuters on Saturday that they had sent alerts to clients Friday following a string of jackpotting attacks at several U.S. ATMs.
NCR said that none of the hacks had targeted its ATMs but that the whole industry needs to be aware of the threat. And while jackpotting has taken place in other parts of the world over the last several years, these latest jackpotting incidents are the first to hit U.S. bank systems, NCR said in its alert.
“This should be treated by all ATM deployers as a call to action to take appropriate steps to protect their ATMs against these forms of attack,” NCR’s alert said.
Diebold Nixdorf’s alert described the steps that jackpotting schemes typically take, starting with gaining physical access to the machine, replacing the hard drive, and then resetting the device via internal controls. It said that law enforcement had warned the company that hackers were targeting one of its older ATM models, known as Opteva, which went out of production a few years ago.
The security news website Krebs separately issued an alert on jackpotting Saturday and said that the U.S. Secret Service had sent a confidential warning of ATM hacks to banks across the country. According to Krebs, the memo said that hackers target drive-through ATMs and the stand-alone ATMs found in pharmacies, retail stores, and other locations, and that the attacks first occurred in Mexico before emerging in the United States.
Cash machines in Thailand, Taiwan, and more than a dozen European nations suffered remote cyber-attacks in 2016, according to Russian cybersecurity firm Group IB.