Thieves now use malware to take control of ATMs

Photo (c) selensergen - Getty Images

'Jackpotting' is a new threat to these convenience machines

There's little doubt that ATMs have made consumers' lives easier. There is no reason to write a check at the bank when you need cash because an ATM is available 24 hours a day.

But this convenience for consumers is becoming increasingly risky for banks and other ATM operators, as the machines have become vulnerable to criminal ingenuity.

Law enforcement calls the crime "jackpotting." Cyber criminals essentially reprogram an ATM, giving them control so they can withdraw all of its cash. The threat first surfaced in Europe and Asia, but now the Secret Service says it's beginning to happen in the U.S.

Security blogger Brian Krebs reports jackpotting thieves gain physical access to an ATM, usually by posing as maintenance technicians, and load malware into the machines. After placing a sign on the machine telling consumers it is out of service, they return and enter a code that causes the ATM to spit out all of its cash.

Krebs says he reached out to ATM manufacturer NCR Corp. to find out if its machines have been victims. At the time, they had not.

Later, NCR issued a bulletin warning its customers about jackpotting attacks on other manufacturers' ATMs and predicting it would become an industry-wide issue in the coming months.

'Call to action'

"This should be treated as a call to action to take appropriate steps to protect their ATMs against these forms of attack and mitigate any consequences,” NCR Corp. warned.

Jackpotting poses no threat to consumers, but it could result in more restricted access to these convenient cash dispensers in the future. Krebs notes most jackpotting attacks are carried out against stand-alone ATMs, especially those in unsupervised locations.

In the future, ATM operators may rethink the placement of these machines or add additional levels of security.

Could your debt be reduced or forgiven? Take our financial relief quiz.