The Secret Service is warning banks about a hacking scheme called “jackpotting” that lets someone steal money from ATMs. It’s the first time this type of scheme has made its way to the United States.
To execute the cyberattack, a thief needs physical access to an ATM and will use malware, physical hacking tools, or both, to take control of the machine and force it to dispense cash quickly. If it works, cash pours out of the ATM like the hacker won a jackpot.
“Criminals have been able to find vulnerabilities in financial institutions that operate ATMs, primarily ATMs that are stand-alone,” the Secret Service said in a release shared with CNN Tech. “The targeted stand-alone ATMs are routinely located in pharmacies, big box retailers, and drive thru ATMs.”
At least six attacks have taken place within the last week. They ranged in location from the Pacific Northwest to the Gulf region to New England. Thieves have stolen over $1 million in attacks so far.
The Secret Service said criminals associated with jackpotting can be individuals or organized crime groups.
ATM makers Diebold Nixdorf and NCR Corporation confirmed they have alerted clients to the potential jackpotting attacks. A spokesperson for Diebold Nixdorf said older Diebold units are being targeted.
Similar jackpotting attacks spread through Latin America last year.
Jackpotting has also been reported in Europe and Asia. Independent security journalist Brian Krebs first reported the U.S. jackpotting threats.
In recent months, activity around ATM hacking and jackpotting has spiked on the dark web, according to Paulo Shakarian, CEO at threat intelligence firm CYR3CON. The dark web refers to networks of websites that require specific software to access. Some dark web sites are known for criminal activity.
Shakarian said his firm tracked an uptick in conversations around malware used for jackpotting and also noticed people talking on these forums about new ATM hacking hardware targeting specific machines. Shakarian also spotted a jackpotting guide available for sale on one dark web forum.
“Any one of those things by themselves might not lead you to believe that U.S. jackpotting is imminent,” he said. “But now you’re seeing multiple indicators that could be pointing to it.”
The Secret Service did not say how many jackpotting cases the agency has seen. The release noted the agency received reports about planned U.S. jackpotting attacks through its Electronic Crimes Task Force partners.