HOW TO DETECT, PROTECT & PREVENT A BLACK BOX ATTACK
Like any new criminal activity, evidence demonstrates that if the perpetrators succeed in their latest venture, the number of repeat incidents will not only rise but spread across borders as details of the crime are made known. Like a virus, many crimes will accelerate rapidly to ensure the criminal will achieve the maximum return on their trade before a tried and tested solution can be implemented to counter the threat. ‘Jackpotting’ an ATM is one such criminal activity which is on an upward curve with reports across Europe, Latin America and now recently reported in the United States.
WHAT IS JACKPOTTING?
Classed as a ‘logical attack’ Jackpotting is the act of hacking an ATM and forcing the machine to rapidly dispense cash from within. One of the easiest ways to perpetrate this crime is to gain entry to the inside of an ATM often by making a small hole in the front fascia and attaching a phone or Laptop (Black Box) to certain wiring, modules or directly to the PC within the machine. Once attached the criminal can literally take control of the machine and initiate the dispense command as many times as they wish.
Often referred to as a “Black Box Attack” due to the association of the criminal attaching their electronic devices loaded with readily available software to the ATM, the act of Jackpotting an ATM in this way can be carried out in only a matter of minutes, reducing the risk of capture or interruption.
ATM manufacturers have provided several security alerts informing of the activity on some of their models, suggesting the crime is widespread across many different makes and models, with criminals well trained and knowledgeable on how each machine operates.
Early reports suggested that Jackpotting attacks were only possible on machines running the older Windows XP operating systems. These were quickly overshadowed by reports of similar attacks being reported in the US on those running the more up to date Windows 7.
AN ORGANISED AND EFFICIENT CRIME
This type of ATM crime was reported as long ago as 2013 in South America but has only recently seen an acceleration of incidents across Europe, Asia, Latin America and into the United States. Many attacks are conducted in typical clandestine style with machines targeted for their remote locations. However, as various ATM’s hold differing amounts of cash at any one time, criminals understand which machines to target. This understanding has even seen activities conducted on an almost ‘heist-like’ style, with criminals dressing as ATM engineers in higher populated areas.
The variety of ATM crimes has always proven to be undertaken by a mixture of solo criminals, amateur gangs and international criminal organisations, the latter accelerating the complexity and delivery of the crime. Jackpotting attacks appear to be primarily the driver of the organised gangs, with both technology and deployment being very much well organised and efficiently actioned.
With many of the tools used to carry out attacks being high-tech devices like endoscope cameras (the purview of many a spy movie) and specialised malware, this type of crime is a significant evolution in the attacks facing the ATM industry.
HOW TO DETECT & PROTECT AGAINST BLACK BOX JACKPOTTING?
Protecting an ATM from this type of attack is possible, with both ATM manufacturers and independent security companies offering solutions to help arm ATM owners with ideas and applications. Cennox, a leading ATM services business, developed their own effective solution in response to their first reported incident raised to them by a customer.
The Cennox solution, Top Box, is designed to detect the moment an attack occurs before the criminal gains access to the inside of the ATM. This is achieved through strategic sensors able to identify an attacker’s attempt to drill into the ATM. Once detected, the Top Box solution is able to deploy an intelligent response to the attack by firstly raising the alarm, either audibly to signal to the criminal their efforts are detected or through existing alarm systems within the Bank or ATM. Simultaneously, the Top Box device cuts power to the ATM’s cash dispenser thus preventing it from issuing any notes. In addition, to deter the most committed criminal, their solution also includes a physical protection element of internal reinforcement to slow down the attacker. This steel plated addition is prebuilt and designed for each model of ATM making installation a quick and efficient process.
Further security solutions are also available with the Cennox Top Box solution, including the activation of Ink Dye devices, security smoke and ATM tracking devices all connected through their intelligent control unit.
MORE DETAILS ABOUT JACKPOTTING
- Reuters (Jan 2018) 'Jackpotting' hackers steal over $1 million from ATMs across U.S.: Secret Service https://www.reuters.com/article/us-usa-cyber-atm/jackpotting-hackers-steal-over-1-million-from-atms-across-u-s-secret-service-idUSKBN1FI2QF
- Krebs on Security (Jan 2018) First ‘Jackpotting’ Attacks Hit U.S. ATMs https://krebsonsecurity.com/2018/01/first-jackpotting-attacks-hit-u-s-atms/
- Fortune (Jan 2018) ‘Jackpotting’ Targets US ATMs to make them spit out Cash http://fortune.com/2018/01/28/jackpotting-atms-cash/
MORE ABOUT CENNOX
Cennox provide solutions for leading brands in the Banking, Retail, Commercial & Airline industries. With headquarters in the UK, USA & Europe, Cennox delivers nationwide solutions to support our clients .
OUR MISSION: To develop the solutions today that will support our customers tomorrow. To lead the industry with our spirit of innovation, invention & inspiration.
OUR VISION: To deliver an attractive end-to end service model for our customers. Utilising our in-house teams, Cennox aims to be the leading go-to company where service excellence is delivered as standard - without compromise to quality.