ATMs remain one of the favorite targets of multiple malicious users; especially in places where large numbers of these machines are concentrated, ensure ethical hacking experts. This time, the U.S. Department of Justice (DOJ) has accused a man of Venezuelan origin for the hacking of several ATMs, resulting in large amounts of cash being extracted.
“The authorities are committed to ending this practice, known as ‘jackpotting’, besides investigating and processing any hackers who try to illegally extract money from an ATM”, as well as continuing to work to correct security flaws on these machines,” the U.S. Attorney said.
The defendant, Jesus Ernesto Reyes, also known as ‘Abraham Meza’, 42 years old, has been charged by a grand jury on six computer fraud felonies. Leaked court documents mention that even the U.S. Secret Service intervened in the investigation of these crimes, detecting discrepancies between the amounts of money requested on the ATM interface and the amount delivered by the machine.
According to ethical hacking specialists, jackpotting consists of the use of malware specially designed to exploit security flaws in ATM systems, causing the machine to deliver more money than requested. In most cases, jackpotting requires the use of an attack technique known as Man-in-the-Middle (MiTM), implanting a device at the ATM to facilitate hacking.
Court documents mention that, between February 18 and March 3, Reyes was spotted by the casino’s surveillance cameras while placing an unidentified device behind one of these machines, located at the Primm Valley Resort Chevron casino, in Nevada.
The DOJ claims that Reyes would have used stolen or cloned credit cards to insert into the compromised machine and steal the money. According to the documentation filed in court, each time the hacker requested to withdraw $20 from the ATM, the machine delivered between $800 and $1000 thanks to the malware used. The accused would have performed this operation about 150 times, obtaining an amount close to $130,000; Reyes was eventually arrested in California some time after he held the robberies.
Despite being a relatively old technique, ethical hacking specialists from the International Institute of Cyber Security (IICS) claim that jackpotting is still widely practiced. Recently, researchers at security firm Kaspersky revealed the existence of a new malware, known as ATMJaDi, focused on compromising the security of a perfectly delimited set of ATMs; some employees at the targeted banks allegedly would have acted complicity with the hackers. Sometimes hackers also require access to banking networks to authorize fraudulent operations, which is achieved by injecting specially designed malware variants.
Another method of attack against ATMs is card cloning, a technique known as “skimming”, which even allows the theft of other sensitive details by inserting a device into the card’s access slot at ATMs. For hackers, the main drawback is that it is necessary to physically compromise the ATM, exposing them to the view of banks’ surveillance systems, securing ethical hacking experts.