The Secret Service is warning banks about a hacking scheme called “jackpotting” that lets someone steal money from ATMs. It’s the first time this type of scheme has made its way to the United States.
To execute the cyberattack, a thief needs physical access to an ATM and will use malware, physical hacking tools, or both, to take control of the machine and force it to dispense cash quickly. If it works, cash pours out of the ATM like the hacker won a jackpot.
“Criminals have been able to find vulnerabilities in financial institutions that operate ATMs, primarily ATMs that are stand-alone,” the Secret Service said in a release shared with CNN Tech. “The targeted stand-alone ATMs are routinely located in pharmacies, big box retailers, and drive thru ATMs.”
At least six attacks have taken place within the last week. They ranged in location from the Pacific Northwest to the Gulf region to New England. Thieves have stolen over $1 million in attacks so far.
The Secret Service said criminals associated with jackpotting can be individuals or organized crime groups.
ATM makers Diebold Nixdorf and NCR Corporation confirmed they have alerted clients to the potential jackpotting attacks. A spokesperson for Diebold Nixdorf said older Diebold units are being targeted.
Similar jackpotting attacks spread through Latin America last year.
Jackpotting has also been reported in Europe and Asia. Independent security journalist Brian Krebs first reported the U.S. jackpotting threats.