How far away the time of heist, firecracker in hand and mask on face. The fantasized cinematographic imagination of Mesrine and consorts is now doubled by a new Anglicism, the jackpotting. This new technique, which makes it possible to rob ATMs using a computer, has been wreaking havoc in France in particular since the end of last year. In Corrèze, in the Toulouse conurbation, in the Alps… This wave of attacks has filled the pages of local newspapers in recent months. But what exactly are we talking about?
What is that ?
the jackpotting appeared in France in 2016. This technique requires some IT expertise in addition to traditional ATM robbery tools. This involves opening, using a grinder for example, the distributor from the outside in order to access a terminal to connect a computer to the system. The idea is to manage to hack the latter in order to “spit the tickets” without unnecessary violence. So the good old ram car is over, make way for a “refined technique”, quips a police source to AFP. Another source contacted by Release understands that a certain type of ATM is often targeted. “These are distributors who present an outdated computer operating system with known flaws, explains this source. I think there are even online, turnkey kits that allow you to enter the system without too much difficulty.”
It is finally the traditional part of the work which seems to be the most difficult to organize for the thugs: location of the bank, identification of the ATM, neutralization of the surveillance cameras and the search for a window of action to not be spotted on the street. Maybe that’s why the bulk of attacks are in rural areas, or at least far from the city centers of large cities, more exposed to view. Bort-les-Orgues in Corrèze, Sainte-Florine in Haute-Loire, Labège in Haute-Garonne but also the North, the Paris region, the Bordeaux region and the Alps have recently been affected by these attacks. In Simorre, in the Gers, the attack on the only ATM in the village in November even deprived the inhabitants of cash for several weeks.
Who are the bad guys?
Various groups acting in France, no more than four or five, have already been identified by the investigators. Five people were indicted on Monday for acts of jackpotting. Judicial information has been opened for heads of theft and attempted theft in an organized gang, obstruction of the operation of a data processing system, access to and maintenance in such a system, possession of equipment intended to undermine such criminal system and conspiracy.
Initial investigations by the gendarmes of units from Centre-Val-de-Loire and Midi-Pyrénées had already made it possible, in November, “to identify a group from Eastern Europe likely to have committed 22 acts in the gendarmerie zone as in the police zoneexplains the National Gendarmerie to Release. The damage is estimated at more than 300,000 euros”. “The principals are Russian-speaking. On the other hand, the projected teams are multiple and varied with individuals who may be of several nationalities.explained Cécile Augeraud, head of the Central Office for the Fight against Computer Crime (OCLCTIC) to France Info in December.
How to prevent jackpotting?
Contacted by Release, most of the major French banking groups do not wish to comment on the subject for security reasons. Only Société Générale ensures that it does not have “had attacks recently on [son] park but it is a subject that we look at like other cyber risks with great humility…” Faced with these attacks, the group explains that it “deployed specific countermeasures that would be difficult to reveal to the general public”.
More talkative, the French Banking Federation (FBF) claims that attacks on distributors, whether successful or not, – all types combined – have “considerably” decreased since 2013, from “more than 300” per year at “about 70”. The FBF believes that this improvement is due to “the very close partnership action carried out by the services of the Ministry of the Interior in connection with the banking establishments. The protection of dabs has been reinforced by the establishments”.
So what about these recent attacks? A police source wonders if the cost of replacing obsolete protection systems would not be greater than the losses caused by these robberies. The FBF replies that “all banks prioritize IT investments over security, even if there is insurance in the event of an attack”. The federation wants to reassure by specifying that the French banks are mobilized “for the safety of customers, employees and infrastructure”.