You know those scenes in films or TV where someone in a casino gets flooded by coins, usually because of a slot machine malfunction? The scenario may now be happening in real life but with far worrying consequences. Not to mention a yield more directly useful than casino coins. Security-focused website KrebsOnSecurity reports that the ATM jackpotting crime that has been hitting banks hard in Europe and Asia have now landed on US shores. It’s still officially hush-hush, but when the US Secret Service is involved, it’s pretty much a given.
It’s really like hitting the jackpot, at least for the thieves. Rather than simply tearing an ATM apart, “jackpotting” uses the more technologically savvy methods of hacking the machine to get the loot. You leave fewer evidence behind. And it probably feels more satisfying considering you’re acting out robberies only seen in heist or spy films.
It’s not as easy as remotely hacking a computer though. The thieves first need to have physical access to the ATM. Then they can use software or specialized electronics to control the ATM. Usually both are used in combination. Once set up, they can then control the ATM to spit out huge volumes of cash at the bank’s expense.
According to a leaked Secret Service alert sent to banks and financial institutiuons, the criminals are targeting front-loading standalone ATMs found in pharmacies, drive-thru ATMs, big box retailers, and the like. Exactly like a heist film, they masquerade as ATM technicians in order to hook up a laptop to the ATM to proceed with gaining access to the machine.
On the technical side of the attacks, it seems that the perpetrators are using the jackpotting malware Ploutus.D that has been around since 2013. They are also only targeting specific machines from ATM vendor Diebold Nixdorf, specifically Opteva 500 and 700 ATMs, most likely because they already posses the firmware for those machines.