WASHINGTON—A coordinated group of hackers likely tied to international criminal syndicates has pilfered more than $1 million by hijacking ATM machines across the United States and forcing them to spit out bills like slot machines dispensing a jackpot, a senior U.S. Secret Service official said on Monday.
Within the past few days there have been about a half-dozen successful “jackpotting” attacks, the official said.
The heists, which involve hacking ATMs to rapidly shoot out torrents of cash, have been observed across the United States spanning from the Gulf Coast in the southern part of the country to the New England region in the northeast, Matthew O’Neill, a special agent in the criminal investigations division, told Reuters in an interview.
The spate of attacks represented the first widespread jackpotting activity in the United States, O’Neill said. Previous campaigns have been spotted in parts of Europe and Latin America in recent years.
“It was just a matter of time until it hit our shores,” O’Neill said.
Diebold Nixdorf Incand NCR Corp, two of the world’s largest ATM makers, warned last week that cybercriminals are targeting ATMs with tools needed to carry out jackpotting schemes.
The Diebold Nixdorf alert described steps that criminals had used to compromise ATMs. They include gaining physical access, replacing the hard drive and using an industrial endoscope to depress an internal button required to reset the device.
Exclusive, breaking: The US Secret Service is quietly alerting banks and ATM operators that for the first time ever ATM "Jackpotting" attacks — designed to empty ATMs of cash via malware and hardware — have hit ATMs in the United States https://t.co/PcpnZ8owFJ pic.twitter.com/ZDsyaRs4k4
— briankrebs (@briankrebs) January 27, 2018
A confidential U.S. Secret Service alert seen by Reuters and sent to banks on Friday said machines running XP were more vulnerable and encouraged ATM operators to update to Windows 7 to protect against the attack, which appeared to be targeting ATMs typically located in pharmacies, big-box retailers and drive-thrus.
While initial intelligence suggested only ATMs running on outdated Windows XP software were being targeted, the Secret Service has seen successful attacks within the past 48 hours on machines running updated Windows 7, O’Neil said.
“There isn’t one magic solution to solve the problem,” he said.
.@tomcostellonbc has the latest on “jackpotting,” the latest ATM scam to hit the US that you need to know about pic.twitter.com/V920x4liKX
— TODAY (@TODAYshow) January 29, 2018
A local electronic crimes task force in the Washington, D.C., metropolitan area first reported an unsuccessful jackpotting attempt last week, O’Neill said.
A few days later another local partner witnessed similar activity and “developed intelligence” that indicated a sustained, coordinated attack was likely to occur over the next two weeks, O’Neill said. He declined to say where that partner was located.
Jackpotting has been rising worldwide in recent years, though it is unclear how much cash has been stolen because victims and police often do not disclose details.
Recommended Video: