“A total of 58 such attacks were reported by ten countries, up from 15 attacks during 2015. ‘Black Box’ is the connection of an unauthorised device which sends dispense commands directly to the ATM cash dispenser in order to ‘cash-out’ the ATM. Related losses were down 39%, from €0.74 million to €0.45 million.”
The technique is very effective, it has been estimated that crooks have stolen €45 million using it since 2016.
The brute-force black box attack against an ATM starts by punching a hole into the machine’s casing, then the crooks connect a laptop to the exposed cables or ports and use it to issue commands to the ATM to dispense money.
The arrests were part of a still ongoing Europol operation conducted with law enforcement of numerous states in Europe. Below the details of the arrests:
“Our joint efforts to tackle this new criminal phenomenon resulted in significant arrests across Europe. However the arrest of offenders is only one part of stopping this form of criminality. Increasingly we need to work closely with the ATM industry to design out vulnerabilities at source and prevent the crime taking place,” said Steven Wilson, Head of Europol’s European Cybercrime Centre.
The crooks that were involved in the jackpotting ATM Black Box attacks are mainly from countries in Eastern Europe, such as Romania, Moldova, Russia, and Ukraine.
Let me suggest to read an interesting post that was written by the security expert Brian Krebs that is titled “Thieves Jackpot ATMs With ‘Black Box’ Attack” that describes this kind of attacks.
(Security Affairs – ATM Black Box attacks, jackpotting)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.