ATM makers Diebold, NCR warn of “jackpotting” attacks on ATM machines in US

29 Jan 2018

Two of the world's largest ATM makers, Diebold Nixdorf Inc and NCR Corp have warned that cyber criminals are targeting US cash machines with tools that force them to spit out cash in hacking schemes known as ''jackpotting.''

The two ATM makers did not name any victims or say how much money had been lost. Recent years have seen criminals increasingly use jackpotting but thanks to the fact that victims and police often do not disclose details, the amount of cash stolen in not known.

The attacks were reported on Saturday by the security news website Krebs on Security, which said they had started in Mexico last year.

NCR said in a Friday alert that the cases were the first confirmed ''jackpotting'' losses in the US and added that its equipment had not been targeted in the recent attacks. It added that jackpotting still remained a concern.

''This should be treated by all ATM deployers as a call to action to take appropriate steps to protect their ATMs against these forms of attack,'' the alert said.

According to a different Friday alert from Diebold Nixdorf US authorities had warned the company that hackers were targeting one of its ATM models, known as Opteva, which have now gone out of production.

According to a confidential memo obtained by Krebs on Security, the ATMs targeted by the hacking include ones located in ''pharmacies, big box retailers, and drive-thru ATMs.''

''During previous attacks, fraudsters dressed as ATM technicians and attached a laptop computer with a mirror image of the ATMs operating system along with a mobile device to the targeted ATM,'' the memo said, according to Krebs on Security.

Commentators point out that a number of countries in Europe were hit by jackpotting attacks, which followed similar attacks in Taiwan and Thailand.