ATM wiretapping is on the rise, Secret Service warns

Drills are the weapon of choice for criminals who spy on your activities at the cash point.
Written by Charlie Osborne, Contributing Writer

The US Secret Service has issued a warning to banks due to a recent surge in incidents of ATM wiretapping.

According to a copy of the notice secured by Krebs on Security, the non-public alert states that multiple reports have been received relating to the ATM hacking tactic.

ATM wiretapping or eavesdropping is more complicated than many other attacks. In order to be successful, a criminal must drill a large hole in a cash machine and use a combination of magnets and devices to attach a skimmer directly to the ATM card reader.

This skimmer then harvests credit card information.

CNET: Forget debit cards. This is how you'll use your phone at the ATM

The hole is concealed with metal or a decal, and cameras are also embedded to capture PIN number input. They are often installed directly above a PIN card and disguised with a false fascia.

According to Krebs, an endoscope -- a thin, long tube with a camera at its end most commonly used in medical applications -- is often part of the criminal's kit, as it allows users to check inside a compromised ATM's innards to check the skimmer is in place.

The attack setup can demand days of tampering, which makes it not only risky, but difficult, and there is a delay between installing skimmers and cameras in order to make sure anti-tampering alarms stay dormant.

See also: US sentences to prison its first ATM jackpotter

However, this has not stopped criminals adopting the card skimming technique in larger numbers than before.

Sources speaking to the cybersecurity expert said that how-to documents which describe the possible ways to conduct these attacks are being shared widely. This may give threat actors the knowledge required to further ramp up ATM wiretapping attack rates in the future.

TechRepublic: For just $10, a hacker can attack your business via RDP: Here's how to stay safe

Originating in Russia, Europe, and Asia, jackpotting is another issue which has recently reached American shores.

Jackpotting relates to the physical damage caused to an ATM in order to install malware -- such as Ploutus.D -- and other payloads or logic attacks to drain a machine of cash and force it to uncontrollably release funds.

The problem has become severe and widespread enough to prompt IBM to open dedicated facilities to tackle weaknesses in ATM security.

The company has experienced a 300 percent increase in ATM testing requests since 2017.

Last month, US law enforcement sentenced its first jackpotter. After being caught red-handed, a 22-year-old was charged with involvement in jackpotting and was sentenced to one year and a day behind bars, followed by two years of supervised release and restitution amounting to $121,000.

The worst cyberattacks undertaken by nation-state hackers

Previous and related coverage

Editorial standards