Crooks use digger to steal ATMs in Northern Ireland as ATM physical attacks rise across the EU

ATM attacks using gas or solid explosives have spread to an eleventh EU country.
Written by Catalin Cimpanu, Contributor
ATM digger attack
Image: Screengrab from Twitter user Amanda Nunn

Over the past month, criminal gangs have been using diggers to break building walls and steal ATMs across Northern Ireland. Nine such incidents have happened already, with the latest being reported last night.

Reports from Irish news sites say crooks steal nearby digging equipment, which they use to knock down building walls, scoop the ATMs in the diggers' cups, and then place it in the back of a truck or van that had its roof cut off. The gangs involved in these attacks flee the scenes in their trucks and vans, leaving the digger behind.

Attacks, some of which have been recorded on CCTV cameras, last no more than a few minutes, giving crooks enough time to escape before police arrive on the scene.

Irish media reported ten digger attacks on ATMs this year, most of them in April, with nine successful [1, 2, 3, 4]. This is not the first time that criminal gangs have used diggers to steal ATMs. Similar incidents have been seen in New York in 2013.

Report: ATM physical attacks on the rise

News about these attacks broke in the same week that the European Association for Secure Transactions (EAST), a non-profit organization that tracks the EU financial sector, released an end-of-year report on ATM attacks across Europe during 2018.

The Northern Ireland digger attacks are what EAST would classify as an ATM physical attack. EAST said attacks on ATMs across Europe that involved physical brute force rose by 27 in 2018, compared to 2017.

This marked the fourth consecutive year during which physical attacks on ATMs across Europe had risen, a trend that started in 2015.

However, while physical attacks on ATMs in 2018 were up, most of them involved using crowbars or drills to break the ATM apart, or cars to ram the ATM out of the wall, and not diggers.

Some attacks involved the use of gas and solid explosives to blow up the ATM, and these attacks are currently what alarms EAST and EU law enforcement officials the most.

"Such attacks result in extensive collateral damage and can pose a risk to life," EAST said in a report published on April 9 this year.

Furthermore, while ATM explosive attacks were down three percent, which isn't a big number, EAST reported that this type of ATM attack had now spread from ten countries to an eleventh, showing that the tactic is growing in popularity in the EU.

In addition, explosive attacks are also more costly for banks because they inflict collateral damage to equipment or buildings, which can be significant and often exceeds the value of the cash lost in the ATM robbery.

ATM skimming and ATM malware attack numbers fell in 2018

But the EAST report also held some good news. ATM fraud attacks (which involve skimmer devices) and ATM logic attacks (which involved the use of ATM malware or hacks of the bank's central ATM network) were both down.

Attack numbers for ATM fraud attacks were down 36 percent, with losses down 30 percent, and ATM logic attacks were down 18 percent, with losses going down 70 percent.

EAST ATM report results
Image: EAST

An important note about the ATM malware and logic attacks was that the vast majority --156 of the 157 incidents reported in 2018-- was what law enforcement and security researchers are calling "black box" attacks.

Black box or "jackpotting" attacks, first appeared in Western Europe in 2013, and are a kind of logic-based attack which requires a device such as a laptop or other tool to be physically connected to an ATM.

Criminal groups often use drills to cut a hole in the ATM's case, connect to the internal cabling, and deploy malware or legitimate ATM firmware commands that make the ATM dispense cash.


According to a report published last fall by security experts from Positive Technologies, an ATM black box attack usually takes around 10 minutes to pull off, with most taking place in the middle of the night when consumers aren't around.

Positive Technologies said that 69 percent of the ATMs they tested were vulnerable to such attacks and that on 19 percent of ATMs, there were no protections against Black Box attacks at all.

Europol started cracking down on ATM black box criminal groups last fall, but the tactic is not employed by that many gangs, mainly because of the high skill level and custom hardware and software required to carry out such attacks.

The EAST report is available here. It was comprised using statistics provided by 21 European states, documenting incidents reported at 360,714 ATMs installed across the EU.

These are the worst hacks, cyberattacks, and data breaches of 2018

More cybersecurity coverage:

Editorial standards