First 'Jackpotting' Attacks Hit US ATMs

Brian Krebs, reporting for Krebs on Security: ATM "jackpotting" -- a sophisticated crime in which thieves install malicious software and/or hardware at ATMs that forces the machines to spit out huge volumes of cash on demand -- has long been a threat for banks in Europe and Asia, yet these attacks somehow have eluded U.S. ATM operators. But all that changed this week after the U.S. Secret Service quietly began warning financial institutions that jackpotting attacks have now been spotted targeting cash machines here in the United States.

To carry out a jackpotting attack, thieves first must gain physical access to the cash machine. From there they can use malware or specialized electronics -- often a combination of both -- to control the operations of the ATM. On Jan. 21, 2018, KrebsOnSecurity began hearing rumblings about jackpotting attacks, also known as "logical attacks," hitting U.S. ATM operators. I quickly reached out to ATM giant NCR Corp. to see if they'd heard anything. NCR said at the time it had received unconfirmed reports, but nothing solid yet.

slot machines make it hard to open with out settin

[Joe_Dragon]

slot machines make it hard to open with out setting off an alert so why do AMT have less of that stuff?

But why??

[CrimsonAvenger]

So, if I have physical access to the machine, I can install software that lets me loot the machine.

Or, if I have physical access to the machine, I can just take all the money out of the machine without bothering with the software install.

I'm failing to see this as a serious new threat to ATM's....

Re:But why??

[beelsebob]

What makes you think you can take money out of the machine without the software install?

Cracking safes, quickly and quietly with no one noticing is really hard. Sticking a USB stick with some malware on it into a port and leaving, without anyone noticing is pretty trivially easy.

Re:But why??

[Baron_Yam]

I imagine you need an 'inside man' - maybe the person who reloads the cash dispenser and unloads the collection bin, but maybe not if the computer hardware is secured in a separate lock box. Anyway, you need somebody with physical access to compromise the machine.

THEN you go and use the ATM to get cash... but remember you're on camera, and your transactions are logged, right? So what you probably want is the ability to have the machine spit out extra money when you enter a particular code (which hopefully you can do with a camera watching the suspicious activity) during an otherwise perfectly legitimate transaction.

And you want to time it so you do it immediately after the machine has been reloaded, so you have the maximum possible time before the machine runs out of cash before it should and an investigation starts. And then you want to never hit that ATM again, or your risk of getting caught skyrockets.

So you need two conspirators and you get one payout that needs to be limited so you don't get caught. You're going to clear a few hundred with a single attempt or maybe have it 'accidentally' slip you an extra bill over many visits. Certainly you're not going to make enough to justify the risks - the inside man is risking their presumably steady legitimate employment in addition to jail.

So who is doing this and why?

Re:Windows XP in ATMs

Windows XP is no more childish or retarded than Linux or any other OS. If someone has physical access to a computer it makes no difference what operating system it is running.

Re:Pro tip from Europe...

[Baron_Yam]

1) You meant to say 'Romani', a distinct ethnic group that isn't actually bound to the nation of Romania.

2) Still racist. Yep, there's higher crime rates with the Romani, probably because they're not particularly interested as a cultural group in integrating into their larger community. Which may be due to racists like you, who discriminate against them and remove the opportunity from many of those who would integrate if they could. Chicken and egg.

3) People who describe other people as 'filthy animals' are rarely the best of humanity. You're dehumanizing others as a justification for treating them like shit. Aren't you a wonderful person?

Re:slot machines make it hard to open with out set

[jittles]

slot machines make it hard to open with out setting off an alert so why do AMT have less of that stuff?

The story I read earlier said that they're somehow able to replace the hard drive on some NCR ATMs without opening the device. However, the system doesn't just boot back up with the new HDD after that. They actually use an industrial endoscope to find a button inside of the device that lets it reset without opening it up. So it sounds like the device will alarm if you open it, but is poorly designed and you can replace key components and reset it without having to actually open it.

Re: Windows XP in ATMs

[MightyYar]

Yeah, we used Windows Embedded for years in an industrial product. There were two drivers. The first was a well-tested library that we needed was most commonly used in Windows. The vendor was willing to build for Linux, but we would be the first users and didn't like the risk. The second driver was, believe it or not, USB thumbdrive support. At the end of the 90s, floppies were too small, so we transitioned to superdrives (compatible with floppies, but capacity was up to 120MB). Only one vendor made these drives, though, and soon they were end of life. The only good alternative was to support thumbdrives. But Linux back then was very hit-or-miss for thumbdrive support. Windows worked with nearly everything our customers threw into it.

Ironically (or not), the USB support is where we've had virus problems with Windows Embedded.

Linux USB support is now just fine, so we've transitioned to Linux. But Windows Embedded was fine - it let you only install the services you needed, so the vulnerability profile was much smaller than "kitchen sink" Windows.

Re: Windows XP in ATMs

[webnut77]

Linux users bashing Windows...

Wait. I thought it was Microsoft that bashed Windows with Ubuntu.