ATM HACKING is no longer a news or a new trend. With the advancement in ATM devices like diebold atm, defcon atm and wincor nixdorf atm, it is not really easy to cheat an ATM machine.

Hacking ATMs, also known as Jackpotting, is an activity that speaks to our imagination, conjuring up visions of ATMs that spit out money into the street for everyone to pick up. There are three known attacks or ways to hack into ATM. These are the (digital) attacks that matter most and require a serious look from anyone protecting an ATM.


As long as there are ATMs, hackers will be there to drain them of money. In James Cameron’s sci-fi film “Terminator 2,” a young John Connor hooks a fancy piece of gear into an ATM. His high-tech hacking device isolates a PIN number, and soon the ATM is spitting out $300 of someone else’s money, a nice pile of cash to fuel an afternoon of teenage delinquency. “Terminator 2” may be science fiction, but ATM skimming is the real deal; in 2010 more than $200,000 was stolen from four Bank of America ATMs in Long Island, New York [source: Schultz].


3 Ways to Spot a Hacked ATM.

It’s easy identifying hacked or compromised ATM. Watch out for this things

  • Hidden Cameras
  • Fake Keyboard
  • Fake Card Reader


3 Known Ways/Method to Hack ATM.

Although ATM-targeted “jackpotting” malware—which forces machines to spit out cash—has been on the rise for several years, a recent variation of the scheme takes that concept literally, turning the machine’s interface into something like a slot machine. One that pays out every time.


  1. Rogue keyboard access.
  2. Weak or unencrypted disk drive.
  3. Traditional network breach.


  • Rogue Keyboard Access

An easy to execute attack is that of attaching a keyboard to an ATM and then proceed to perform a classical ‘break out’. The most interesting aspect of this attack is that depending on the ATM configuration an attacker does not need to elevate her privileges to be able to jackpot the ATM.

The first part of the attack which consists of attaching the keyboard can be performed in a variety of ways, for example:

  • Open the ATM using jiggle keys or other key opening tools
  • Drill a hole in the ATM near the USB or PS/2 port
  • Open the ATM by removing the screws that hold the side or back plates in place
  • The next step is to physically attach the keyboard to the ATM computer either by USB or PS/2 port

When the keyboard has been attached the attacker can proceed to what during most penetration tests is called a ‘break out’ assignment. This usually includes finding key combination or functionality which enables an attacker to execute custom commands on the ATM with the goal of achieving code execution.

At this point during the attack an attacker can choose to find and abuse existing functionality to jackpot the ATM or load custom code on the ATM to achieve the same objective.

Actions like privilege escalation, backdooring of the ATM and lateral movement through the ATM network are optional and depend on the configuration of the ATM as well as the goal of the attacker.


  • Weak or unencrypted disk drive

Another easy to execute attack is that of accessing the disk of an ATM and directly tamper with the files on the disk to achieve code execution. This attack also enables an attacker to fully understand the target environment, there is almost no reason to perform the entire attack on site. An attacker can steal the disk, prepare the attack, come back and execute the attack in a highly efficient manner.

The first part of the attack consists of gaining access to the disk. This can be achieved by for example:

  • Open the ATM using jiggle keys or other key opening tools
  • Open the ATM by removing the screws that hold the side or back plates in place
  • Searching the internet for ‘backups’ or ‘images’ of the disk kept by third parties responsible for maintaining the ATM (This implies unlawful actions like accessing password protected FTP or HTTP servers).

The next part of the attack involves establishing if additional actions are necessary before the data can be accessed on the disk. There are multiple scenarios possible:

  • The disk is unencrypted and can be directly accessed
  • The disk has been encrypted in a flawed manner
  • The disk has been strongly encrypted

If the disk is unencrypted an attacker can read and modify any file on the disk. If the disk has been encrypted in a weak manner an attacker can undo the encryption and access the disk to read or modify any file on the disk. Often seen flaws that enable attacker to perform these type of attacks are:

  • Decryption key resides on a different partition or USB key
  • Decryption key is derived from hardware IDs
  • Decryption key is obfuscated during the boot process

The above ways of implementing disk encryption can in most cases by bypassed by an attacker that has stolen the disk (and has paid attention to any USB sticks present). Lastly if the disk has been strongly encrypted, for example by:

  • Receiving the decryption key from a network server
  • Using a TPM chip

an attacker is forced to increase their investment to obtain access to the disk. Keep in mind that fully preventing access to the disk is almost impossible in most cases. The reason for this is the fact that it is almost always a business requirement that an ATM transparently boots into the operating system.

What does this exactly mean? It means that when you have configured an ATM in this way is becomes an acceptable risk if an attacker manages to obtain access. A couple of ways an attacker could obtain access are, some of these attacks imply other type of misconfiguration present:

  • Direct memory access attacks
  • Virtualization of the disk
  • Sniffing the hardware communication


  • Traditional network breach

The last easy to execute attack is that of attempting to breach the ATM from the network perspective. This overlaps with a traditional network based penetration test that is often performed by organizations. A caveat with this attack is that there is no reason why an attacker would limit the attack to only the ATM, since the backend part of the network is also accessible.

The first part of the attack consists of gaining access to the network which can be wired and / or wireless. For the wired part of the network an attacker has a variety of options:

  • Unplug the network cable on the ATM or the router side
  • Cut the network cable and apply new plugs

For the wireless part of the network an attacker also has some options:

  • Crack the WiFi password
  • Setup a rogue WiFi access point
  • Setup a rogue 3G access point

The next part of the attack involves looking at the network traffic to determine the targets as well as obtain information about potential weaknesses.

When the targets have been established regular penetration testing techniques are used to attempt and obtain access to the ATM or the backend servers:

  • Port scans
  • Vulnerability scans
  • Credential brute force attacks
  • Man-in-the-middle attacks
  • Fuzzing of proprietary protocols

These attacks can result in reading sensitive information or code execution on the ATM or the backend servers. The latter one increases the impact of this attack since usually multiple ATMs are connected to one backend server.



atm hacking – Russian Imps


Now, you’ve known how this things work so it’s time for business. Maybe you are new to the deep web but this is a life changing opportunity .

We are a professional carding team with a large ring around the globe. With over 2 million ATM infected with our malware and skimmers, we can grab bank card data which include the track 1 and track 2 with the card pin. We in turn clone this cards using the grabbed data into real ATM cards which can be used to withdraw at the ATM or swipe at stores and POS. We sell this cards to all our customers and interested buyers worldwide, the card has a daily withdrawal limit of $2500 on ATM and up to $500,000 spending limit on in stores.






Email: [email protected]

ICQ: billiondollarhack

WICKR: Bighack



Here are links to recent stories about atm hacking so you know this whole things works and you’ve missing out all your miserable live.


A New Breed of ATM Hackers Gets in Through a Bank’s Network.





One thought on “ATM HACKING”

  1. I’m in the UK.
    I got my card shipped to me after 4 days. I managed to withdraw 8750 GBP from my card before it began to decline. Anyone else experiencing same ? Is there something I’m not doing correctly .
    I want to order a 100K card but first i need to be sure I am doing it correctly

Leave a Reply

Your email address will not be published. Required fields are marked *