A coordinated group of hackers likely tied to international criminal syndicates has pilfered more than $1 million by hijacking ATM machines across the United States and forcing them to spit out bills like slot machines dispensing a jackpot, a senior U.S. Secret Service official said on Monday.
Within the past few days there have been about a half-dozen successful “jackpotting” attacks, the official said.
The heists, which involve hacking ATMs to rapidly shoot out torrents of cash, have been observed across the United States spanning from the Gulf Coast in the southern part of the country to the New England region in the northeast, Matthew O’Neill, a special agent in the criminal investigations division, told Reuters in an interview.
The spate of attacks represented the first widespread jackpotting activity in the United States, O’Neill said. Previous campaigns have been spotted in parts of Europe and Latin America in recent years.
“It was just a matter of time until it hit our shores,” O’Neill said.
Diebold Nixdorf Inc and NCR Corp, two of the world’s largest ATM makers, warned last week that cyber criminals are targeting ATMs with tools needed to carry out jackpotting schemes.
The Diebold Nixdorf alert described steps that criminals had used to compromise ATMs. They include gaining physical access, replacing the hard drive and using an industrial endoscope to depress an internal button required to reset the device.
A confidential U.S. Secret Service alert seen by Reuters and sent to banks on Friday said machines running XP were more vulnerable and encouraged ATM operators to update to Windows 7 to protect against the attack, which appeared to be targeting ATMs typically located in pharmacies, big box retailers and drive-thrus.
While initial intelligence suggested only ATMs running on outdated Windows XP software were being targeted, the Secret Service has seen successful attacks within the past 48 hours on machines running updated Windows 7, O’Neil said.
“There isn’t one magic solution to solve the problem,” he said.
A local electronic crimes task force in the Washington, D.C., metropolitan area first reported an unsuccessful jackpotting attempt last week, O’Neill said.
A few days later another local partner witnessed similar activity and “developed intelligence” that indicated a sustained, coordinated attack was likely to occur over the next two weeks, O’Neill said. He declined to say where that partner was located.
Jackpotting has been rising worldwide in recent years, though it is unclear how much cash has been stolen because victims and police often do not disclose details.