February 6, 2018

ASU professor helps combat cyberattacks though intelligence-gathering

ATM machines across the country are being targeted by a wave of criminals in search of an illegal high-tech payday. The Secret Service calls this phenomenon “jackpotting,” and are warning U.S. bank attacks are imminent.

It’s a modern day version of a bank robbery, but no weapons are used — only malware, a small device or two and a special key that can be purchased on the Internet. When cyberattackers take control of the machine, cash spews out of the ATM like a Las Vegas jackpot.

It’s a crime that Paulo Shakarian, an entrepreneurial professor at ASU’s School of Computing, Informatics and Decision Systems Engineering, is quite familiar with. Shakarian directs the Cyber-Socio Intelligent System Laboratory for the university, which specializes in cybersecurity, social network analysis and artificial intelligence. Additionally, he is the CEO of CYR3CON, which creates software that uses machine learning to find actionable intelligence for cybersecurity. ASU Now spoke to Shakarian about this new crime and how to prevent future attacks.

Man dark sports jacket
Paulo Shakarian

Question: “Jackpotting” got its start in Asia, Europe and Central America and has taken a year to reach our shores. Why do you think it started there?

Aanswer: Well, one can only really guess at the reasons why a certain type of attack affects one company/country/locale and not another. But some things to consider are:

A.) Is there local hacker expertise relevant to a certain ATM model to make the attack profitable? For any attack to occur, there has to be a hacker who understands the target system and enough of the target system to make it worthwhile.

B.) Are there other attacks that are more profitable or less risky? While jackpotting was previously not seen in the U.S., credit card skimming was very popular, and this can provide better profits (a credit card skimmer can capture hundreds of cards before going detected) and lower risk (i.e. not every device accepting a credit card has a camera watching).

Q: This crime appears to be cyclical and runs in waves. Why is that?

A: Cybercrimes of various types are cyclic because of an inherent cat-and-mouse nature. When a certain attack gets popular, more people start to do it. We see this repeatedly with hacker communities on the dark web latching on to recent exploits and malware. Then, once the popularity reaches a certain level, more and more network defenders put in protective measures. This in turn makes the attack less profitable, so the hackers move on to the next thing.

Q: Is consumer information at risk with this particular crime?

A: Not really, jackpotting deals with affecting the local machine and tricking it to disperse money — not money that is connected to a given account. However, a related attack called skimming does involve stealing personal information. 

Q: In addition to tighter security around ATMs, what do you see as a long term solution to jackpotting?

A: The best long-term solutions for these types of attacks is to gather information about what the hackers are discussing from places like the deep web/dark web — as this allows us to understand where they are headed in terms of target selection.