Europol cracks down on ATM black box attack scheme

The "black box" attacks compromise ATMs to dispense cash.
Written by Charlie Osborne, Contributing Writer

Europol has made 27 arrests in relation to an ATM jackpotting scheme, with more suspects being tracked across Europe.

This week, Europol's European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT) said that 20 European member states alongside Norway have come together to make a series of arrests and shut down ATM "black box" attacks across the region.

According to Europol, 27 arrests have already been made and more are on the horizon as a result of a two-year investigation into the cybercriminal scheme, which involves compromising ATM machines to dispense cash fraudulently.

Black box or "jackpotting" attacks, first appearing in Western Europe in 2015, are a kind of logic-based attack which requires a device such as a laptop or other tool to by physically connected to an ATM. Often, a drill or simply melting protective layers will be used to reach the innards of an ATM in order to relay commands from a compromising device to the dispenser and brute-force the machine to release cash within.

The European agency did not reveal any factual losses suffered by banks and other financial institutions due to the cybercriminals but said that the logic attacks caused "significant losses" likely to be in the hundreds of thousands of Euros.

According to a recent report from the European ATM Security Team (EAST), black box attacks were discovered in at least 10 countries last year. Overall ATM-related fraud is estimated to have climbed two percent between 2015 and 2016, up from €327 million to €332 million.

Arrests have been made in the Czech Republic, Estonia, France, the Netherlands, Romania, Spain and Norway, and most of those arrested originate from countries including Romania, Moldova, Russia, and Ukraine.

"Our joint efforts to tackle this new criminal phenomenon resulted in significant arrests across Europe," Steven Wilson, head of Europol's European Cybercrime Centre said. "However the arrest of offenders is only one part of stopping this form of criminality. Increasingly we need to work closely with the ATM industry to design out vulnerabilities at source and prevent the crime taking place."

See also: Ramnit botnet assaulted by Europol operation

In February, security researchers Sergey Golovanov and Igor Soumenkov revealed how it is possible to force an ATM to spew out cash fraudulently without any need to physically access the device.

The reasons why you should hide your IP address

Editorial standards