27 criminals involved in the Black Box attacks were identified in numerous countries in 2016 and 2017. Arrests occurred in Czech Republic (3), Estonia (4), France (11), the Netherlands (2), Romania (2), Spain (2) and Norway (3).
“Black Box” is a variant of ATM logical attack through connection of an unauthorised device that sends commands to the ATM cash dispenser to “cash-out” the ATM. Cyber-criminals gain access to the ATM Top Box usually by drilling holes or melting to physically connect an unknown Box or laptop, which then sends commands that cause the ATM to dispense all its cash, resulting in the loss of hundreds of thousands of Euros.
Europol's European Cyber-Crime Centre (EC3) organised four meetings during 2016 and 2017 at its headquarters in The Hague to tackle the rising ATM threat.
Some investigations are still on-going and further arrests are expected in the near future.
The EC3 Analysis Project Terminal stresses that most attacks are unsuccessful attempts since joint public and private cooperation is improving. The ATM industry is encouraged to implement proper protective measures against the threat.
Recent research from The European ATM Security Team (EAST) found that criminals carried out ATM Black Box attacks in 10 reporting countries in 2016. Fifty-eight of these attacks in 2016 were reported by its National Members.
“Our joint efforts to tackle this new criminal phenomenon resulted in significant arrests across Europe. However the arrest of offenders is only one part of stopping this form of criminality,” said Steven Wilson, head of Europol's European Cyber-Crime Centre, in a statement. “Increasingly we need to work closely with the ATM industry to design out vulnerabilities at source and prevent the crime taking place.”