Hackers target ATMs, stealing more than a million dollars in ‘jackpotting’ attacks: Secret Service

The U.S. Secret Service has warned that hackers have stolen more than a million dollars by compromising ATMs in several states as part of what the agency has called the first domestic cases of “jackpotting,” a type of attack that can make cash dispensers spew more than 100 bills a minute.

Federal financial crimes investigators began quietly notifying ATM makers last week about the rampage, and on Monday a senior Secret Service official publicly confirmed the rash of recent jackpotting attacks after word of the government’s warning started surfacing.

“What we’re finding is the attacks really started in a coordinated effort in December and well north of a million dollars has been taken,” Matt O’Neill, a special agent in the criminal investigations division, told ABC News.

The Secret Service became aware of the attacks after an electronic crimes task force in the D.C. area reported an unsuccessful jackpotting attempt last week, Mr. O’Neill told Reuters. Investigators soon after “developed intelligence” suggesting a sustained attack was about to occur, Mr. O’Neill said, and the Secret Service subsequently notified ATM makers last week and urged them to update any potentially vulnerable computer systems connected to their cash machines.

“The targeted stand-alone ATMs are routinely located in pharmacies, big box retailers, and drive-thru ATMs,” the Secret Service warning said, KrebsOnSecurity first reported. “During previous attacks, fraudsters dressed as ATM technicians and attached a laptop computer with a mirror image of the ATMs operating system along with a mobile device to the targeted ATM.”

Once physically connected to the targeted ATM, criminals have used a type of malware known as “Ploutus.D” to commandeer vulnerable cash machines, the warning said.

“In previous Ploutus.D attacks, the ATM continuously dispensed at a rate of 40 bills every 23 seconds,” the Secret Service warning said.

“That’s where you get the term jackpotting from because it is basically like a slot machine that you hit the jackpot — you are basically taking all of the money out of the ATM,” Mr. O’Neill explained to ABC News.

Investigators witnessed about a half-dozen successful jackpotting attacks within the last few days in states spanning the Gulf Coast to New England, Mr. O’Neill said Monday, Reuters reported.

Jackpotting attacks have been spotted abroad before, but both Mr. O’Neill and NCR Corp, one of the world’s largest ATM makers, said the recent cases were the first witnessed in the U.S.

“This should be treated as a call to action to take appropriate steps to protect their ATMs against these forms of attack and mitigate any consequences,” NCR warned customers last week.