In Germany 2017, there was a string of “Jackpotting” attacks on ATMs through which thieves would become millionaires. If you are not aware of what “Jackpotting” is, it is a technique through which thieves make use of some hardware to get all the cash out of the ATM without any credit card. This is done by physically opening the machine and injecting the malware. The name of the malware is ‘Cutlet Maker’.
Motherboard and the German broadcaster Bayerischer Rundfunk (BR) reveals new findings on this incident from 2017. Although a European agency said that such an incident has decreased in the early months of this year. The countries affected by this include Latin America, Southeast Asia, and the U.S. where this has become a serious concern for ATM manufacturers and the finance sector.
Motherboard while its investigation talked to a cybercriminal who has offered to sell the ‘Cutler Maker’ Malware. The conversation happened through an email where the price quoted for selling the malware was 10,000$. Plus, the cybercriminal also offered to provide support on how to make use of the malware for withdrawing cash along with the screenshots of the instruction manual in English and Russian. The manual also includes how to count banknotes in the ATM.
A late researcher Barnaby Jack himself demonstrate how malware works in an ATM. He has shown that the ATM displayed the word “Jackpot”, and spit out all the cash. This has happened at the annual Black Hat cybersecurity conference in 2010.
So far, from 2017, thieves have stolen 1.5 million dollars, according to Christoph Hebbecker, a prosecuting attorney for the German state of North Rhine-Westphalia.
Hebbecker further said that “Because of the similar nature of the attacks, he believes they are all linked to the same criminal gang. In some cases, the prosecutors have video evidence, but they have no suspects so far”
“The investigation is still ongoing,” Hebbecker said in an email in German.
“In general, we do not comment on dedicated, single cases,” Bernd Redecker, director of corporate security and fraud management at Diebold Nixdorf, said in a phone call. “However, we are of course dealing with our customers on jackpotting, and we are aware of these cases.” Diebold Nixdorf has also sold these ATMs to the U.S. market.
“You will see this across all vendors; this is not dedicated towards a specific machine, nor towards a specific brand, and definitely not a region,” Redecker added.
“In order to execute a jackpotting attack, you have to have access to the internal components of the ATM. So, preventing that first physical attack on the ATM goes a long way toward preventing the jackpotting attack,” David N. Tente, executive director of USA, Canada at the ATM Industry Association (ATMIA), said in an email.
So far across the different states of Germany, 82 cases of ATM cash out is recorded. This figure has stated by the spokesperson of German police officials. However, the attacks were not successful in all cases.
From all these official statements and incidents reported in Germany and the U.S., it is clear that ATM manufacturers have to increase and work toward improving security. The standard of ATMs should be raised. Banks should also increase secure access to ATMs.
Sources have reported that the machines used by the ATMs are based on old Windows OS and works too slow. Hopefully, such ATM attacks will be eradicated completely soon by the cyber authorities.