They allegedly used malware to cause ATM machines to eject cash like slot machines
The United States Department of Justice (DOJ) has charged two men with bank fraud after they allegedly hacked ATM machines causing them to eject all their cash reserves like a Vegas slot machine. The attack, known as “jackpotting,” is usually carried out by perpetrators dressed as repair technicians to deploy malicious software and/or hardware, while others then exploit the hack to withdraw the cash on demand.
The two men, 31-year-old Spanish national Alex Alberto Fajin-Diaz and 21-year-old Argenys Rodriguez from Massachusetts were arrested on January 27th. Investigators contacted police who found Fajin-Diaz and Rodriguez near a compromised ATM that was dispensing $20 bills. When police searched the men’s vehicle, they found “tools and electronic devices consistent with items needed to compromise an ATM” as well as more than $9,000 in $20 bills. According to ArsTechnica, an early investigation showed that the ATM dispensed as much as $50,000.
A report from security journalist Brian Krebs last week outlined a Secret Service alert going into more detail about how jackpotting works. Thieves posing as technicians use a medical endoscope to locate an internal section of the ATM where they can attach a cord to sync their laptop with the ATM’s computer. The ATM then displays an out of service notice and is able to be controlled remotely. The thieves can force the machine to disperse its cash, which is then collected by “money mules.” Standalone ATMs like those located in pharmacies and big-box retailers are most at risk.
2 Men Have Been Charged With ‘Jackpotting’ ATM Machines in New England
This video from the Black Hat USA conference in 2010 simulates a jackpotting attack:
According to the Hartford Courant, the two men allegedly impersonated ATM technicians and hacked a drive-up machine at the Citizens Bank in Cromwell, Conn. A police officer pulled over the two men in their car as they left the scene. A second police officer said he saw the ATM dispense a stack of $20 bills. The car they were driving was later connected to other jackpotting incidents in the region.
The Secret Service has confirmed that criminals have stolen $1 million in the U.S. through this type of attack and said the attacks are likely coordinated and possibly tied to international criminal syndicates. Though the memo said the majority of attacks have targeted stand-alone ATMs in pharmacies, big-box retailers, and drive-through ATMs that run on outdated software, there have also been successful attacks on ATMs running updated software.