Though its nickname evokes big wins at a casino or lottery, “jackpotting” is instead a malicious cyberattack that has the U.S. Secret Service issuing warnings and banks on high alert.
A method by which criminals use hacking tools to force ATMs to spit out thousands of dollars in cash, jackpotting has been around for years. But its first verified cases in the U.S. were reported in the past week, ATM makers Diebold Nixdorf and NCR Corporation confirmed to Reuters and other news outlets.
Jackpot schemes, also called “logical attacks,” have threatened European and Asian banks in the past, but are now potentially threatening American ATMs, investigative blog Krebs on Security reported Saturday.
An anonymous source told security journalist Brian Krebs, and The Washington Post reported Saturday, that the breach led the Secret Service to issue a confidential alert about jackpotting to banks in the U.S. And Krebs reported that the recent attacks targeted mostly stand-alone or drive-thru ATMs, according to the Secret Service warning.
A 2016 report by Bank Info Security regarding jackpotting in Europe said hackers can steal the cash without physical contact with the ATMs, using just a mobile phone. However, according to Krebs’ report, the jackpotting attacks confirmed by Diebold Nixdorf and NCR do require physical access, as well as malware and sometimes a device called an endoscope, which physicians use to observe the inside of the human body.
“During previous attacks, fraudsters dressed as ATM technicians and attached a laptop computer with a mirror image of the ATMs operating system along with a mobile device to the targeted ATM,” the Secret Service memo reportedly reads.
The amount of total cash stolen via jackpotting schemes is unclear because the details of these crimes are often not disclosed publicly, Reuters reported.