What Is ATM Jackpotting? Cybercrime Hits U.S. Cash Machines, Millions Already Lost

ATM Jackpotting

What Is ATM Jackpotting?

U.S. cash machines are at risk due to an ATM hack known as “jackpotting,” which could see machines drained of all their cash by thieves. So what is ATM jackpotting? The term refers to a process by which a hacker is able to physically or remotely assume control of a bank machine and have it dispense cash out continuously.

The cybercrime losses we’re talking about here could be huge for banks should the attacks become more widespread. As it stands, U.S. cybercrime is still largely relegated to online hacking, but jackpotting has reportedly become more popular in recent times, with physical hacks of ATMs taking place across the nation.

So we have the answer to “What is ATM jackpotting?” but how does it actually work?

There are a number of methods that criminals use to hack an ATM. All involve some sort of jackpotting malware, which essentially corrupts the ATM and allows the hacker to withdraw funds, with some going as fast as 40 bills every 23 seconds.


In a physical attack, which is the type being reported in the U.S., the thieves will physically remove or otherwise find a way to reach the interior ATM computer. One tool that hackers are known to employ is an endoscope in order to suss out where the computer is within the machine. They then hook it up to their own computer and install malware, allowing them to corrupt the machine.

Two major makers of ATMs have been targeted so far in the U.S. attacks: Diebold Nixdorf and NCR Corporation.

At the moment, the U.S. Secret Service is warning financial institutions to be aware that the attacks are taking place on U.S. soil with increasing frequency.

The attacks were first reported by KrebsOnSecurity who had begun hearing rumors of these attacks hitting the U.S. about a week ago.

Diebold Nixdorf and NCR Corp Warn of Jackpotting Hacks in the U.S.

On January 26, NCR sent an advisory to its customers, saying that it had been in contact with the Secret Service (who were pursuing this U.S. cybercrime) who told them about jackpotting attacks.

“While at present these appear focused on non-NCR ATMs, logical attacks are an industry-wide issue,” the NCR alert reads. “This represents the first confirmed cases of losses due to logical attacks in the US. This should be treated as a call to action to take appropriate steps to protect their ATMs against these forms of attack and mitigate any consequences.”

“The targeted stand-alone ATMs are routinely located in pharmacies, big box retailers, and drive-thru ATMs,” reads a confidential Secret Service alert sent to multiple financial institutions. “During previous attacks, fraudsters dressed as ATM technicians and attached a laptop computer with a mirror image of the ATMs operating system along with a mobile device to the targeted ATM.” The alert was obtained by KrebsOnSecurity.

Security firms have described these attacks as some of the most sophisticated they have ever seen.

The ATM makers are naturally concerned about the jackpotting hack, but other reports have come in that U.S. authorities are closing in on the suspects involved in these robberies.

The Secret Service said that ATMs in the Pacific Northwest, West, South, and New England have been targeted.

This sci-fi bank robbery is likely one of many new and increasingly complex ways that hackers and thieves are looking to use our growing reliance on technology against us.


First ‘Jackpotting’ Attacks Hit U.S. ATMs,” DrebsOnSecurity, January 27, 2018.

Federal law enforcement closing in on ATM “jackpotting” thieves,” CBS News, January 28, 2018.


Categories: Crime