‘Jackpotting’ crime hits U.S. ATM for first time
On a chilly October night in a Denver suburb, two men entered a small credit union’s after-hours vestibule, pried open the ATM and took out the hard drive, then reconfigured the machine to spit out $24,000.
It was possibly the first case of “ATM jackpotting” in the U.S., a crime in which technology is manipulated to get the machine to dispense all the money it has.
Jackpotting has been around at least since 2009 and is widespread in emerging-market countries. Unlike most cyber crime, it requires physical access, which increases the chances of getting caught. The speed with which the culprits of the first U.S. attacks were snatched highlights tougher defenses in more-developed regions.
“ATM jackpotting is low-tech in nature, but there’s a higher risk of getting caught,” said Charles Carmakal, vice president of consulting at FireEye Inc., a cybersecurity firm.
Sergey Golovanov, a senior security researcher at Kaspersky Lab, said his firm had seen cases in Eastern Europe where as much as $200,000 was stolen from one ATM using the jackpotting method. U.S. financial institutions have already reacted to the threat, according to Financial Services Information Sharing and Analysis Center.
“When there’s a wall between the ATM screen and the rest of the ATM, it’s hard to get into the computer,” said Charles Bretz, director of payment services at the industry group.
About half a million ATMs operate in the U.S., almost a quarter of the total in use worldwide. The machines can hold around $100 billion at peak times.