Secret Service warning banks about ATM 'jackpotting'

David Louie Image
ByDavid Louie KGO logo
Thursday, February 1, 2018
Secret Service warning banks about ATM 'jackpotting'
EMBED <>More Videos

The Secret Service is warning banks about "jackpotting." This is when thieves make ATMs spit out cash like slot machines at 40 bills every 23 seconds.

SAN FRANCISCO (KGO) -- Thieves have discovered a new way to exploit older ATM's into spitting out every dollar they hold. It's called jackpotting because of the speed of the bills flying out, resembling how slot machines used to pay out coins.

The Secret Service has warned financial institutions to expect a wave of jackpotting over the next week to 10 days, based on its investigation of ATM crimes in several parts of the country.

The U.S. appears to be the latest target. In 2016, jackpotting yielded $13 million from ATM's. Twelve European countries and Mexico have also been hit recently.

Ahmed Banafa, from San Jose State's School of Engineering and an expert in the internet of things, says the thieves exploit free-standing ATM's operating Windows XP, which Microsoft no longer supports. The thieves first get inside the ATM to install malicious code or malware.

They do this either with a keyboard or by using an endoscope-style cable to plug into the processor. They dress as service technicians to minimize suspicion. Then, a second team arrives, punches in a code, and that triggers the ATM to empty its cash at the rate of 40 bills in 23 seconds.

Experts say the most vulnerable ATM's are those located in remote areas of convenience stores, liquor stores, restaurants or malls where the thieves can operate with little detection.

Here's what the Secret Service told ABC News about how jackpotting works:

Fraudsters pose as ATM technicians, even wearing uniforms and access the teller machine. They open it using a generic key that the Secret Service says is readily available for purchase on the internet. Once inside, they use a technical means -- installing a laptop computer and a cellphone into the machine -- to be able to remotely take over the machine and force it to discharge money. But to avoid detection, the bogus technician does not typically take the cash. That's left to a second co-conspirator.
The second co-conspirator, a "money mule," then goes to the compromised machine and calls the phony technician who initiates a withdrawal sequence remotely. "It runs until it is empty or the person standing at the ATM alerts the controller of the ATM to stop the withdrawal sequence because either law enforcement is nearby or for whatever reason they get spooked and want to leave the scene," O'Neill told ABC News.

The technician often returns to the empty machine to retrieve the laptop and cellphone, putting the ATM machine back like he was never there.