| Recurring |
one_organization, multiple_organization |
(a) The software failure incident related to ATM jackpotting attacks has happened again at the organization Diebold Nixdorf. The company mentioned that in recent incidents in certain European countries, attackers were able to access the ATM's head compartment and connect a black box containing parts of the software stack of the attacked ATM to send illegitimate dispense commands [102828].
(b) The software failure incident of ATM jackpotting attacks has also happened at multiple organizations. The article mentions that jackpotting is a global problem that can affect ATMs anywhere, and jackpotting attacks have been seen in the United States as early as 2010 [102828]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase can be seen in the article where high-tech thieves are using external devices containing proprietary software to control ATMs in jackpotting attacks. Diebold Nixdorf mentioned that the attackers break through the fascia of the ATM to access the "head compartment" and connect a black box to send illegitimate dispense commands using the software stack of the ATM [102828].
(b) The software failure incident related to the operation phase is evident in the article where criminals are able to exploit vulnerabilities in ATMs to dispense cash illegally. In some past attacks, fraudsters dressed as ATM technicians and attached a laptop computer with a mirror image of the ATM's operating system to the targeted ATM, enabling them to carry out the attack [102828]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system: The software failure incident described in the articles is primarily within the system. The ATM jackpotting attacks involve connecting external devices containing proprietary software to control the ATM. Diebold Nixdorf mentioned that the device used by the attackers contains parts of the software stack of the attacked ATM, indicating that the attack involves exploiting vulnerabilities within the ATM's software [102828].
(b) outside_system: The software failure incident also involves factors originating from outside the system. For example, in some past attacks, fraudsters dressed as ATM technicians to carry out the attack, indicating that the physical access and social engineering tactics used by the attackers are external factors contributing to the software failure incident [102828]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident occurring due to non-human actions:
- The article reports on ATM jackpotting attacks where high-tech thieves are connecting devices containing proprietary software to control ATMs, leading to the illegal dispensing of funds [102828].
- In these attacks, the thieves are using external "black box" devices that contain parts of the software stack of the attacked ATM to send illegitimate dispense commands, indicating a failure introduced without direct human participation in the software itself [102828].
(b) The software failure incident occurring due to human actions:
- The article mentions instances where fraudsters dressed as ATM technicians and attached a laptop computer with a mirror image of the ATM's operating system along with a mobile device to the targeted ATM, suggesting human actions contributing to the software failure incident [102828]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident occurring due to hardware:
- The article mentions that in recent incidents in certain European countries, attackers break through the fascia of the ATM to access the "head compartment" and unplug the cable between the dispenser and the ATM's electronics. They then connect the cable to a black box to send illegitimate dispense commands using the software stack [102828].
(b) The software failure incident occurring due to software:
- The article highlights that high-tech thieves are using devices containing proprietary software to control ATMs in jackpotting attacks. These devices are connected to the ATM to send illegitimate dispense commands using the software stack of the attacked ATM [102828]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident described in the articles is malicious in nature. High-tech thieves are using external devices containing proprietary software to control ATMs and dispense funds illegally, a technique known as jackpotting. The thieves are accessing the ATM's software stack and sending illegitimate dispense commands to empty the machine of cash. This malicious activity is conducted by criminals with the intent to harm the system and profit illegally [102828]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The intent of the software failure incident related to poor_decisions:
- The software failure incident involving ATM jackpotting attacks was a result of high-tech thieves connecting devices containing proprietary software to control the ATM [102828].
- The attackers were able to access the ATM's head compartment by breaking through the fascia of the ATM in certain European countries, unplugging the cable between the dispenser and the ATM's electronics, and connecting it to their black box to send illegitimate dispense commands using the software stack [102828].
(b) The intent of the software failure incident related to accidental_decisions:
- There is no specific mention in the articles about the software failure incident being related to accidental decisions. |
| Capability (Incompetence/Accidental) |
development_incompetence, accidental |
(a) The software failure incident related to development incompetence is evident in the article where high-tech thieves are conducting ATM jackpotting attacks by connecting devices containing proprietary software to control the ATM [102828]. This indicates a lack of professional competence in securing the ATM software against such attacks.
(b) The software failure incident related to accidental factors is seen in the article where criminals in past attacks were able to exploit vulnerabilities in ATMs to dispense cash rapidly, with the dispense cycle only stoppable by pressing cancel on the keypad [102828]. This accidental exploitation of vulnerabilities led to the unintended consequence of completely emptying the ATM of cash. |
| Duration |
permanent |
(a) The software failure incident described in the articles seems to be more of a permanent nature. The incident involves high-tech thieves using external devices with proprietary software to control ATMs, leading to jackpotting attacks. The thieves are able to send illegitimate dispense commands using the software stack of the ATM, indicating a persistent and ongoing exploitation of the software vulnerability [102828]. The article mentions that the investigation is still ongoing, suggesting that the impact of the software failure is not easily reversible and requires significant efforts to address the security breach. |
| Behaviour |
omission, value, other |
(a) crash: The software failure incident in the article does not specifically mention a crash where the system loses state and does not perform any of its intended functions [102828].
(b) omission: The incident involves the omission of the ATM's intended functions as the thieves are able to connect a black box device to the ATM, which then sends illegitimate dispense commands, causing the ATM to dispense funds illegally [102828].
(c) timing: The timing of the software failure incident is not explicitly mentioned in the article [102828].
(d) value: The software failure incident involves the system performing its intended functions incorrectly, leading to the unauthorized dispensing of cash from the ATM [102828].
(e) byzantine: The incident does not exhibit the characteristics of a byzantine failure where the system behaves erroneously with inconsistent responses and interactions [102828].
(f) other: The software failure incident in the article involves a sophisticated attack where thieves manipulate the ATM's software stack to carry out the unauthorized dispensing of cash, which could be categorized as a form of exploitation or manipulation of the system beyond the traditional failure types mentioned [102828]. |