ATM jackpotting may sound reminiscent of a casino endeavor, but in reality, it involves the illicit extraction of cash from ATMs and deviates significantly from the dramatic scenes portrayed in movies. Unlike the cinematic depictions where criminals employ ropes and vehicles to forcibly remove the ATM, jackpotting operates in a more covert manner. Curious about how these attacks unfold? Continue reading to discover the details.
What exactly constitutes ATM jackpotting?
Defining ATM jackpotting ATM jackpotting is a fraudulent practice executed by cybercriminals to illicitly withdraw funds from automatic teller machines through the use of highly sophisticated malware. In contrast to resorting to brute force to access cash, perpetrators focus on exploiting the ATM’s most vulnerable point—the system itself—given that breaching the vault poses the greatest challenge.
How ATM Jackpotting Operates
To execute an ATM jackpotting scheme, one must physically access the ATM and possess a rogue device—a wireless hardware attack tool, such as a portable computer, designed to cause harm, steal information, and disrupt normal network operations without authorization. Once unauthorized access to the internal computer of the ATM is achieved, the perpetrators extract the hard drive and uninstall any existing antivirus software. With the removal of antivirus protection, the hackers can then install their malware, replace the hard drive, and reboot the ATM. The entire jackpotting process typically takes less than a minute. ATM jackpotting manifests in two main forms:
Malware-Based Jackpotting
This variant employs a USB device laden with malware, which is plugged into the ATM’s USB terminal. While the malware remains dormant, other users can use the ATM normally. Activation of the malware by the hacker prompts the ATM to dispense cash, collected by a designated individual acting as a middleman between the ATM and the hacker. Typically, off-site ATMs only rely on CCTV cameras for security, allowing threat actors and their accomplices to conceal their identities during the operation. Notably, these malware-induced cash dispensions do not register as withdrawal transactions on any bank accounts. A notable example is the “Ploutus.D” malware, capable of seamlessly running on ATMs from over 40 different vendors across 80 countries.
Black Box Attack
In this scenario, rogue devices known as black boxes mimic the ATM’s internal computer. These devices, ranging from laptops to Raspberry Pi, are relatively easy to acquire or construct. The black box can be employed in two ways: directly mimicking the internal computer of the ATM, connecting to the dispenser, and instructing it to release cash; or connecting to network cables to capture cardholder information exchanged between the ATM and the transaction center responsible for processing transactions. Although ATMs have withdrawal limits per transaction or customer, black box attacks exploit their ability to pose as the host system, compelling the ATM to dispense all its cash at once.
Famous ATM jackpotting examples
The reach of organized crime knows no boundaries, evident in the escalating sophistication of ATM jackpotting attacks across the globe. Below are two prominent instances of such attacks that successfully extracted substantial sums from ATMs worldwide.
Ploutus ATM Malware
In 2013, Mexico witnessed the initiation of a large-scale ATM jackpotting attack, marking a pivotal moment in cyber heists. A formidable group of hackers strategically targeted over 450 ATMs, orchestrating the theft of a significant amount of cash totaling approximately $40 million. Investigation revealed the presence of the notorious Ploutus ATM malware, subsequently recognized as one of the most sophisticated families of ATM malware.
The Carbanak Gang
Termed the most substantial bank robbery in modern history, the Carbanak gang executed a global heist netting an estimated $1.2 billion. This intricate cyberattack relied on multi-layered strategies, including social engineering tactics such as spear phishing attacks. The hackers successfully gained complete control over the domain controller and the entire banking network. The ill-gotten gains were cashed out through two primary methods: firstly, by transferring funds to various personal accounts worldwide, with employed money mules later emptying these accounts using debit cards. The second method was even more dramatic, as the gang, equipped with remote control capabilities, compelled ATMs to dispense cash at their command.
How to Safeguard Yourself from ATM Jackpotting Attacks
Regrettably, individuals often find it challenging to shield their bank accounts from ATM fraud, particularly when criminals deploy ATM skimmers—devices designed to illicitly capture cardholders’ information, including stripe data, card numbers, PIN codes, and even emerging authentication methods like biometric data. Despite this threat, one can mitigate such risks by adhering to straightforward guidelines:
• Utilize automatic teller machines affiliated with reputable banks and financial institutions, steering clear of ATMs associated with shopping malls or those established by regular businesses.
• Refrain from disclosing your PIN code to anyone standing behind you during ATM transactions.
• Regularly review your monthly bank statements to identify and rectify any unauthorized transactions promptly.
• Transition most of your financial activities to online banking and establish appropriate limits for cash withdrawals and other operations. Additionally, employ a Virtual Private Network (VPN) for enhanced security during online banking transactions.