The U.S. Department of Justice (DOJ) has accused two men of bank fraud in connection with the alleged hacking of cash in ATM machines, causing them to throw all their cash reserves in the same way as a casino slot machine in Las Vegas. This type of attack, known as the “jackpotting,” is usually hacked by malware and/or hardware deployed as repair technicians, while others use the attack to extract cash.
ATM “jackpotting” — a sophisticated crime in which thieves install malicious software and/or hardware at ATMs that forces the machines to spit out huge volumes of cash on demand — has long been a threat for banks in Europe and Asia, yet these attacks somehow have eluded U.S. ATM operators.
On January 27, the two 31-year-old Spanish citizens from the state of Massachusetts Alex Alberto Fakindias and 21-year-old Argentine Rodriguez were arrested. Investigators contacted police officers who found out the falsifications of Fakindiarz and Rodriguez. According to the police, they took $20 bills near the ATMs. When the police searched the men’s vehicles, they found the same tools and electronics as those needed to black out the ATM and $20 in cash over $9,000.
In a report released last week by security correspondent Brian Krebs, a Secret Service alert mentions in detail how to use the “jackpot” attack technology. Thieves posing as technicians use the medical endoscope to find the internal parts of the ATM where they can connect the data cable to synchronize their laptop with the ATM’s PC. The ATM then displays a stop service notification and can be remotely controlled. Thieves can force ATM machine spit cash, and then use the manual collection of cash. Independent ATMs like pharmacies and large retailers are the most dangerous ATMs.
According to the U.S. Department of Justice, law enforcement agencies have been investigating ATM attacks in Connecticut, Hamden, Guilford and Rhode Island. Under U.S. law, bank fraud can be up to 30 years in prison.
