What Is ATM Jackpotting? Mexican Crime Wave to Spread to U.S. ‘Within Days’

atm jackpotting malware bank robbery
A gold-colored ATM commemorates the location of the world's first cash machine, installed in 1967 outside a branch of Barclays Bank in Enfield, London. REUTERS/John Sibley

ATM manufacturers have issued a global security alert over so-called jackpotting attacks, warning that hackers may exploit a security vulnerability with cash machines to steal large sums of money.

On January 26, U.S. authorities warned financial services company Diebold Nixdorf that a potential wave of attacks would spread from Mexico to the United States “within the next days.”

If successful, criminal gangs could be in line for a major payday by using a security exploit that experts say targets the Opteva 500 and 700 series of Diebold Nixdorf ATMs.

A confidential memo sent out by the Secret Service, which was seen by cybersecurity analyst Brian Krebs, warned that “cash out crews” dressed as technicians infected ATMs with malware that allows them to take command of the cash dispenser.

ATM malware jackpotting free money ATM jackpotting allows hackers to steal money from certain models of cash machines. JEAN-SEBASTIEN EVRARD/AFP/Getty Images

“As in Mexico last year, the attack mode involves a series of different steps to overcome security mechanisms and the authorization process for setting the communication with the dispenser,” the alert from Diebold Nixdorf says. “This communication authorization needs to be used when the mainboard of the hard disk has to be exchanged for legitimate reasons.”

Related: Bank robber hackers steal millions of dollars in silent heists across U.S. and Russia

Due to the nature of the attacks, it is possible to prevent them by putting physical measures in place that limit criminals’ ability to interact with ATMs.

"What is interesting about these attacks is that they require considerable physical access to the ATM itself, meaning that there is a high risk of getting caught, and there are far less complex attack vectors that could have been chosen,” Leigh-Anne Galloway, a cybersecurity resilience lead at cybercrime company Positive.com, said in a statement to Newsweek.

“The attack can mostly be mitigated by limiting physical access to the ATM, the service area and requiring physical authentication by maintainers,” she continued. “We have seen quite an increase in logical attacks over the last couple of years, and this is certainly one of the most novel. ATMs are still a critical link in communities, providing access to banking services for many people who may have never visited a branch itself.”

Join the Discussion