Criminals Use New Software to “Jackpot” ATM Machines

Laura BednarCybersecurityLeave a Comment

ATM Jackpotting Attacks

Robbing a bank is no longer done with a ski mask and a getaway car as criminals are creating more complex methods to attack financial institutions. The latest method is known as “jackpotting” where an attacker gains access to the main controls of an ATM machine so they can command the machine to dispense massive amounts of cash.

In some instances, this type of attack has used proprietary software from Diebold Nixdorf, a financial and retail technology company that has also manufactured many voting machines. Gaining access to these controls not only puts banks at risk but also the customers who have both information and funds stored at the banking locations. If a plan is not created to prevent this type of crime, things may only elevate in severity with criminals going after more than just ATMs.

What’s the process for Hacking the ATM?

The attackers can “jackpot” in a variety of ways, but the method for this specific attack included a device known as a “blackbox.” This box runs part of the company’s proprietary software and is then connected to the ATM internal controls to allow the attackers to issue commands. To access the internal mechanisms, attackers either get access to a key that unlocks the ATM chassis or drill holes to break the physical locks to the internal computer.

How criminals were able to obtain the proprietary software for jackpotting is still unknown, with experts contending that it could be through an offline attack on an unencrypted hard disk within the company. Once they have access to the ATM, the criminals can control cash dispensing as fast as 40 bills every 23 seconds.

The blackbox itself can be a laptop, Raspberry or Arduino hardware that manipulates APIs in OS extensions. In some cases, the blackbox can be used to attach to network cables and record card information as it’s shared between the ATM and the transaction center. The device can then withdraw the maximum amount from those accounts.

What Does this Mean for Bank Users?

Luckily, at this time, Diebold claims that there is no indication that the thieves are using the software to steal card information. However, having proprietary data from a financial institution can only result in future cybercrime incidents. With inside data as to how a bank stores information or operates on a daily basis, it is only a matter of time before the criminals move towards a larger target than just a physical ATM.

With the recent pandemic, many bank lobbies are closed, leading people to the drive-through ATMs. Online banking has also been at higher risk during the pandemic as more people have adopted the idea of depositing and withdrawing money using their mobile device. Unfortunately, it doesn’t seem that physical banking machines aren’t safe either. Diebold advises consumers to:

  • Only use ATMs that belong to major banks
  • Block people from seeing you enter your PIN at the machine
  • Check your monthly statements to ensure everything matches up.

More Security for your Buck

It was speculated that the attackers, in this case, were able to obtain proprietary software form an unencrypted hard disk belonging to a banking company. Many cyberattacks can be prevented with the simple method of implementing encryption into the workplace. Our line of hardware encrypted SecureDrives are FIPS 140-2 Level 3 Validated for total security and protect sensitive information with military-grade protection and an epoxy coating.

Even if a hacker were to steal the drive, the device is impossible to reverse engineer and without a PIN number or wireless authentication via mobile app, no one except the admin on the drive can gain access. In addition, those who do experience data breaches, fraud, and malware can contact our digital forensics department to stop the attack, see what data was compromised, and who launched the attack. To learn more about our data security initiatives for financial institutions and more, call 1-800-388-1266.