Crime doesn’t pay, but sometimes it looks like it does, especially when hackers make an ATM spit out cash. The art of so-called ATM jackpotting, where ATMs are hacked to start doling out dollars–no PIN required–has been around for a while now (MIT’s Technology Review has been warning about this since 2010), but the Secret Service only recently sounded the alarm. That’s because while criminals have been using the hack in Asia and Europe for years, ATM jackpotting only recently became a threat in the United States, according to the blog Krebs on Security.
The hack goes something like this:
- ATMs run on software that goes through a motherboard, which is protected only by a door with a lock that is easily opened with a key purchased online.
- Once the door is open, hackers first have to unplug the ATM from the network so it can’t report the hack.
- From there, they simply upload software (malware, technically) through the motherboard’s USB port to tweak the device and start making it rain.
According to the Secret Service, most ATM jackpotting is done by teams–a hacker and cohort who stops by the ATM to withdraw thousands of free dolla, dolla bills. According to Krebs on Security, thieves have been targeting stand-alone ATMs, like the ones found in pharmacies, big-box retailers, and drive-thru ATMs. In case you were worried about hackers stealing your hard-earned cash, so far that’s not the case. The hackers target the ATM itself, not an individual bank account.
Warning: This is not a how-to guide.