ATM ‘Jackpotting’ Is Spreading Across The World

ATM ‘Jackpotting’ Is Spreading Across The World

Have you ever walked up to an ATM and wished it would spew out thousands of dollars instead of you panicking if a $20 withdrawal will be rejected? It turns out that with some malware and custom hardware, it’s possible to turn an ATM into a poker machine that pays out every time. These attacks are widespread in Asia and Europe but they have hit the US, with the technology now becoming increasingly accessible.

Automated teller machines made by NCR and Diebold Nixdorf are the main targets. In many cases, the vulnerability is a result of the devices running Windows XP with an update to Windows 7 enough to thwart many of the attackers for now.

The attacks aren’t simple to execute. Krebs on Security said the attackers initially need physical access to the ATMs. They accomplish this by posing as ATM technicians. They install a compromised version of the ATM operating system which they can exploit. When this happens, the ATM looks to be out of order but can be remotely controlled to dispense cash.

According to the Secret Service in US – the law enforcement agency investigating this – the ATMs can dispense over 100 bills per minute until the machine is empty, thus netting the criminals thousands of dollars.

Although there’s no news of the same crime being perpetrated here, it’s reasonable to expect our banks and other ATM operators to be on the lookout.

As always, it is critical to protect the physical security of important assets. Jackpotting works because crooks are able to fool staff into giving them physical access to the ATMs. Without the installation of the customised software, the crime is not possible. It’s an object lesson for all of us. While logical security gets a lot of attention, physical security remains critically important.


  • Wait, what. You skipped something.
    “You need physical access to the machine to install a pirate OS”.

    I assume ATM’s don’t have a USB jack poking out the side awaiting OS updates. So you’d either need keys to the ATM or break the cover off it to get into the motherboard. Do ATM’s have a universal key to open them? how is a would-be attacker otherwise not working from the inside?

      • Who exactly are they socially engineering here? Convincing the dude at the 7-11 or wherever the ATM is located isn’t enough. They’d need the keys, which only the operator would have. At the point they’ve got those, can’t they just open up the ATM and grab the cash instead of going through the trouble of hacking the OS?

        • I expect access to the cash and to the tech are separate. Otherwise the folks that fill the machines with cash would have access to the firmware and vice versa.

          • Maybe they’re more careful with the cash keys than with the tech keys, but still seems a very roundabout way of doing it

Show more comments

Log in to comment on this story!