ATM hackers may have found a new home in the U.S., according to a recent report.

The number of so-called “jackpotting” attacks – getting ATMs to spit out all of the cash inside – in regions including the U.S. and Latin America has gone up, according to a joint investigation by Motherboard and German broadcaster Bayerischer Rundfunk. Large-scale ATM cash-out hacking had mostly been an overseas criminal enterprise.

The U.S. is a "quite popular" target for ATM hackers, a source told Motherboard. These types of cash-out crimes have been around for a while, as noted in a report from Trend Micro, a cybersecurity firm.


In 2013, a cybergang stole $45 million from ATMs around the world, the BBC reported. More than $12 million were taken from cashpoints in Japan using cloned ATM cards in 2016. The notorious Carbanak gang has stolen as much as $1 billion from banks around the world, including schemes that cash out ATMs.

Last year, hackers broke into computers at an Indian bank and walked off with $11.5 million in unauthorized ATM withdrawals — an incident that happened after the FBI issued a warning about the imminent scheme.

Krebs on Security, a cybersecurity publication, described how it works. “Just prior to executing on ATM cash-outs, the intruders will remove many fraud controls at the financial institution, such as maximum withdrawal amounts and any limits on the number of customer ATM transactions daily.”

With jackpotting, criminals use malware or hardware to get an ATM to dispense cash — sometimes into the hands of waiting “mules,” according to Trend Micro's report. “ATM attacks continue to reap financial rewards for their perpetrators, which means we should not expect them to let up.”

A major weak point is that many ATMs are essentially ancient Windows machines, with a source telling Motherboard "these are very old, slow machines."