Italian Police identified 12 people allegedly responsible for numerous ATM jackpotting attacks in multiple provinces, putting an end to a criminal operation that lasted seven months.
Jackpotting usually requires several attackers. It’s one of the more complex methods used to directly steal money from ATMs, but it also relies on vulnerable or poorly secured devices.
Usually, attackers open up the ATM and use a so-called black box containing dedicated hardware and software. It’s worth noting that attackers weren’t the developers of the black box. Criminals usually buy such devices off the black market and have no idea how they actually work — only where to plug them in.
Once the black box is connected to both the money dispenser and the PC running in the ATM, it can send commands asking the machine to release money. The police started to investigate the thefts in September, but the group was already hitting ATMs a few months prior.
Monza and Brianza, Milan, Bologna, Modena, Vicenza, Mantua and Parma are the provinces hit by the group. In total, 12 people are being investigated, and six have been apprehended already. Another three are detained in Poland, and the whereabouts of the others are unknown. The groups allegedly managed to steal more than €800,000.
A few months ago, Diebold Nixdorf issued a warning of a wave of jackpotting attacks against ATMs in many European countries, with the vast majority directed at ProCash 2050xe USB terminals.
“Attackers are focusing on outdoor systems and are destroying parts of the fascia to gain physical access to the head compartment,” said the old Diebold Nixdorf advisory. “Next, the USB cable between the CMD-V4 dispenser and the special electronics, or the cable between special electronics and the ATM PC, was unplugged.”