By Ray Birch
ST. PETERSBURG, Fla.—Incidents of ATM “jackpotting” are finally being reported in the U.S., and one analyst says that credit unions need to take several steps to make sure they’re not a target for what is expected to be a growing crime.
Jackpotting involves a hacker installing malware on an ATM causing it to spit out all its money. The crime was first spotted overseas, and as CUToday.info has reported, it is now making its way to the U.S.
Jack Lynch, SVP chief risk officer for PSCU, said credit unions should be examining their ATM fleets and taking steps to not only block these attempts, but also take steps to encourage crooks to “go somewhere else.”
“Criminals take the path of least resistance,” said Lynch. “You don’t want to be that easy target.”
The prime targets for crooks, explained Lynch, are outdated ATMs with old Windows XP software.
“Those are the machines the crooks are targeting now,” said Lynch. “These machines have a lot more vulnerabilities plus the older software.”
Remote Locations
He also said that ATMs located in remote locations, away from the credit union and from anyone’s close oversight, are prime targets as well.
Lynch said jackpotting began overseas because many U.S. financial institutions have refreshed and upgraded their ATM fleets, selling the old machines to financial institutions outside the country, leading to a greater prevalence of outdated ATMs in Europe, for example.
Lynch explained that fraudsters execute jackpotting two different ways.
“One way is to install malware through the financial institution’s network ad take control of the ATM that way,” he said. “In this scenario a criminal remotely initiates a command for the machine to spit out money, and a crook—called ‘mule’—is standing by the machine to grab the money.”
He said this approach is more difficult for crooks to execute, and that PSCU is not aware of any such attempts yet in the U.S. But what has been reported in the U.S., said Lynch, is crooks drilling into older ATMs, typically in a remote location, linking into the machine’s computer, installing malware on the spot and then running off with the cash.
Lynch added that it is possible now for crooks to access a data line from the ATM and tie into the FI’s network, which can lead to other security concerns.
Lynch described how crooks have been attacking remote ATMs.
“They come to the machine, typically dressed as a service technician,” he said. “Since they are not in the branch environment, they can drill in through the front of the machine and take control. When they take control, to the FI it looks like the machine is out of service on the network. And no one is really around to suspect something is going on.”
Lynch said he still believes the incidences of jackpotting in the U.S. are very low.
What should credit unions do to address the threat?
Evaluate The Fleet
The first step, said Lynch, is to continually evaluate the CU’s ATM fleet, staff’s IT skills and the ATM monitoring processes.
“Review the fleet with a focus on your off-premises deployments,” said Lynch, adding that often off-site machines are less expensive, less sophisticated models, which are easier jackpotting targets. “So that thinking of spending less for off-premises machines needs rethinking. And look where these ATMs are located. Is it easy for a crook to inconspicuously work on the front of the machine or sit behind it and drill.”
Lynch said to consult with ATM vendors to make sure they have the latest firmware, software and patches to defend against this threat, and to make sure all machines are upgraded to Windows 7.
Back in 2010, at a cybersecurity meeting, a hacker demonstrated that this threat was real, recalled Lynch, saying that not a lot of people have paid attention. “These attacks are not going to stop, and will only accelerate as crooks are looking for other sources of cash as they turn their attention away from counterfeit cards.”