Incidents

He made a fortune by ATM jackpotting Las Vegas casinos. Real gambler & hacker

ATMs remain one of the favorite targets of multiple malicious users; especially in places where large numbers of these machines are concentrated, ensure ethical hacking experts. This time, the U.S. Department of Justice (DOJ) has accused a man of Venezuelan origin for the hacking of several ATMs, resulting in large amounts of cash being extracted.

“The authorities are committed to ending this practice, known as ‘jackpotting’, besides investigating and processing any hackers who try to illegally extract money from an ATM”, as well as continuing to work to correct security flaws on these machines,” the U.S. Attorney said.

The defendant, Jesus Ernesto Reyes, also known
as ‘Abraham Meza’, 42 years old, has been charged by a grand jury on six
computer fraud felonies. Leaked court documents mention that even the U.S.
Secret Service intervened in the investigation of these crimes, detecting
discrepancies between the amounts of money requested on the ATM interface and
the amount delivered by the machine.

According to ethical hacking specialists, jackpotting consists of the use of malware specially designed to exploit security flaws in ATM systems, causing the machine to deliver more money than requested. In most cases, jackpotting requires the use of an attack technique known as Man-in-the-Middle (MiTM), implanting a device at the ATM to facilitate hacking.

Court documents mention that, between February
18 and March 3, Reyes was spotted by the casino’s surveillance cameras while
placing an unidentified device behind one of these machines, located at the
Primm Valley Resort Chevron casino, in Nevada.

The DOJ claims that Reyes would have used
stolen or cloned credit cards to insert into the compromised machine and steal
the money. According to the documentation filed in court, each time the hacker
requested to withdraw $20 from the ATM, the machine delivered between $800 and
$1000 thanks to the malware used. The accused would have performed this
operation about 150 times, obtaining an amount close to $130,000; Reyes was
eventually arrested in California some time after he held the robberies.

Despite being a relatively old technique,
ethical hacking specialists from the International Institute of Cyber Security
(IICS) claim that jackpotting is still widely practiced. Recently, researchers at
security firm Kaspersky revealed the existence of a new malware, known as
ATMJaDi, focused on compromising the security of a perfectly delimited set of
ATMs; some employees at the targeted banks allegedly would have acted
complicity with the hackers. Sometimes hackers also require access to banking
networks to authorize fraudulent operations, which is achieved by injecting
specially designed malware variants.

Another method of attack against ATMs is card
cloning, a technique known as “skimming”, which even allows the theft
of other sensitive details by inserting a device into the card’s access slot at
ATMs. For hackers, the main drawback is that it is necessary to physically
compromise the ATM, exposing them to the view of banks’ surveillance systems, securing
ethical hacking experts.

To Top

Pin It on Pinterest

Share This