Skip to main content

Apparently a Way of Hacking ATMs Called 'Jackpotting' Has Spread to the US

Photo: AP
ATM manufacturers are warning that criminals are hacking into their devices using a method called “jackpotting”that has recently spread to the U.S. according to Reuters.
Both Diebold Nixdorf Inc and NCR Corp issued alerts, though they “did not identify any victims or say how much money had been lost.” NCR told Reuters that none of its equipment had been targeted, though Diebold Nixdorf warnedthat hackers were using the method to break into its Opteva-line ATMs, which are no longer being made.
The attacks were first noticed by security blog Krebs on Security, which noted the method was rife in Europe and Asia but had somehow avoided migration to the U.S. until now. Jackpotting is not an easy method, but the payoffs can be large. It requires hackers gain access to the device and the deployment of “malware or specialized electronics—often a combination of both—to control the operations of the ATM,” Krebs wrote.
“The targeted stand-alone ATMs are routinely located in pharmacies, big box retailers, and drive-thru ATMs,” a confidential Secret Service memo obtained by Krebs read. “During previous attacks, fraudsters dressed as ATM technicians and attached a laptop computer with a mirror image of the ATM’s operating system along with a mobile device to the targeted ATM.”
The Secret Service warning added that the attackers generally use an endoscope to locate an internal component of the ATM where they can attach the laptop and run malware, such as one dubbed Ploutus.D. They then contact co-conspirators who force the machine to dispense cash, sometimes “at a rate of 40 bills every 23 seconds.” Getting access to the ATM in the first place requires having a key or breaking the locks.
Many ATMs still running Windows XP are more vulnerable than those running newer OSes like Windows 7, Krebs added. According to Reuters, Russian firm Group IB says that in 2016 such attacks hit more than a dozen European countries, as well as Turkey and Taiwan.

Comments

Popular posts from this blog

IMPORTANCE AND ADVANTAGES OF SIWES

STUDENTS INDUSTRIAL WORK EXPERIENCE SCHEME (SIWES) The Industrial Training/Students Industrial Work Experience Scheme, IT/SIWES is a new Directorate under the Vice-Chancellor’s Office.  It was established on 20th April, 2012 The Students Industrial Work Experience Scheme (SIWES) is a skills training programme designed to expose and prepare students of universities and other tertiary institutions for the Industrial Work situation they are likely to meet after graduation.  It is also a planned and structured programme based on stated and specific career objectives which are geared towards developing the occupational competencies of participants (Mafe, 2009).  Consequently, the SIWES programme is a compulsory graduation requirement for all Nigerian university students offering certain courses. The Students Industrial Work Experience Scheme (SIWES), is the accepted training programme, which

How to Reset HP Elitebook 8460p BIOS/Administrator Password

Have you  forgotten HP Elitebook 8460p password , bios or administrator account password? How to do if both of them lost? It seems hard though there may be lots of ways that can solve it. But if we talk about it separately, such as in two parts,  HP elitebook password reset  would be not so difficult. Part 1: Reset HP Elitebook 8460p BIOS password Part 2: HP Elitebook 8460p Administrator password recovery Part 1: How to Reset Forgotten HP Elitebook BIOS Password? Generally, there are two ways to  reset forgotten BIOS password .  One  is forcing BIOS/CMOS to reset itself to its stored defaults by removing all power from it.  The other  is to use a program to either locate or identify the password, and reveal it to you or erasing the password clearly. And the most easiest and convenient method for erasing dynamic BIOS/CMOS settings is to remove battery directly from the motherboard. However, it applies to most motherboards besides HP Elitebook BIOS. Fortunately, HP Eliteb

Ethical Hacking - TCP/IP Hijacking

TCP/IP Hijacking is when an authorized user gains access to a genuine network connection of another user. It is done in order to bypass the password authentication which is normally the start of a session. In theory, a TCP/IP connection is established as shown below − To hijack this connection, there are two possibilities − Find the seq which is a number that increases by 1, but there is no chance to predict it. The second possibility is to use the Man-in-the-Middle attack which, in simple words, is a type of network sniffing . For sniffing, we use tools like Wireshark or Ethercap . Example An attacker monitors the data transmission over a network and discovers the IP’s of two devices that participate in a connection. When the hacker discovers the IP of one of the users, he can put down the connection of the other user by DoS attack and then resume communication by spoofing the IP of the disconnected user. Shijack In practice, one of the best TCP/IP hijack too