Europol has arrested 27 members of an international conspiracy that sought to commit ATM “Black box” attacks across Europe and parts of Scandinavia.
On 18 May, Europol’s European Cybercrime Centre (EC3) announced the arrests were a collaborative effort with the Joint Cybercrime Action Taskforce (J-CAT). In total, 18 European countries cooperated with the United Kingdom, Norway, and the United States to bring the nearly three dozen individuals to justice. Nearly half of the arrests (11) occurred in France, with others conducted in Estonia, Czech Republic, Norway, Spain, Romania, and the Netherlands.
Europol has not ruled out the possibility of further arrests.
Those apprehended by law enforcement so far allegedly participated in what are known as ATM Black box attacks. These offensives are a form of jackpotting in that criminals use them to steal large sums of money from ATM terminals. To accomplish their nefarious purposes, these criminals use Black boxes, unauthorized devices which are designed to physically connect to a target ATM’s inner components so that the terminal will spit out cash. Crooks can’t achieve that connection from a machine’s exterior. Instead they must melt or drill into the ATM’s top box to attach their device.
Black box attacks first appeared in Western Europe in 2015. At that time, national members of the European ATM Security Team (EAST) reported 15 attacks. That number grew to 58 in 2016–a 287 percent increase in just one year.
Given this rising threat, EC3 is looking to do everything it can to address Black box attacks. Steven Wilson, head of Europol’s European Cybercrime Centre, says industry actors play a key role in this effort:
“Our joint efforts to tackle this new criminal phenomenon resulted in significant arrests across Europe. However the arrest of offenders is only one part of stopping this form of criminality. Increasingly we need to work closely with the ATM industry to design out vulnerabilities at source and prevent the crime taking place. This industry and law enforcement cooperation combined with the work with banks and prosecutors can make a major difference in stopping this growing form of crime.”
To confront the swelling tide of all ATM attacks, some quiet and some loud, ATM industry actors need to first and foremost reconsider physical access to machines. For example, institutions should place their terminals in a secure location with adequate lighting and surveillance camera coverage. They should also make sure ATM top boxes are secured with an access lock.
Once industry actors have implemented these safeguards, they should move on to offline and online protective measures. For some recommendations, please check out Europol’s guidance and recommendations document.