Sprint First To Market With Faster EV-DO... >>
<< Skype Bans Mean Big Profits For Incumbent...
 tdicon 


Rumors, Conspiracies, etc.

by Carlo Longino

Tue, Oct 24th 2006 9:19am





Memo To Banks: In Case You Missed The First Memo, Change Your ATMs' Default Passwords

from the double-the-cash-double-the-fun dept

Last month, we wrote about the story making the rounds showing how easily some ATMs could be reprogrammed and set to dispense more money than they should because banks and ATM owners never bothered to change the machines' default passwords -- passwords which were easily found in the ATMs' manual online. JimH writes in to point out a story from Bristol, England, where people discovered an ATM dispensing double the amount of money they requested (via The Register). Word quickly traveled around, leading to three-hour lines at the machine, while an identical but properly configured ATM beside it sat unused. Local restaurants, bars and liquor stores said they did a roaring trade as people spent their "free" money -- but the bank has a record of all the withdrawals and says it will chase down everyone that took advantage of the broken machine. It's not clear if the ATM in question was one of the same models discussed last month, or indeed just how the machine came to be misconfigured, but this seems like quite an interesting coincidence. In any case, if you run a bank, it might not be a bad idea to check your ATMs and ensure they're not still using the default password.

25 Comments | Leave a Comment..


If you liked this post, you may also be interested in...
 

Reader Comments (rss)

(Flattened / Threaded)

  1.  

    Maybe...

    identicon
    James, Oct 24th, 2006 @ 9:57am

    ...the same people in charge of Diebold's electronic voting machines are in charge of the ATMs.

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymous Coward, Oct 24th, 2006 @ 10:03am

    not likely. the article said "the bank has a record of all the withdrawals" and we all know that diebold doesnt record anything.

    reply to this | link to this | view in thread ]

  3.  

    Re: Maybe...

    identicon
    Anonymous Coward, Oct 24th, 2006 @ 10:31am

    Being that Diebold is one of the largest producers of ATM's worldwide....

    reply to this | link to this | view in thread ]

  4.  

    Re: Maybe...

    identicon
    Araemo, Oct 24th, 2006 @ 10:32am

    I doubt that. ATM's are actually fairly well secured. Even if you have the default password, it seems the worst you can do is make it give more money than it should(Sounds bad, but it keeps a perfect record of this, so the banks can hold people accountable).

    Diebold voting machines that don't keep a printed paper trail do not keep any record that can show tampering. Even ones that do keep a paper trail might not show tampering if people can't read the paper trail at the time of voting (What is the point of a paper trail if it records something different from what buttons you pushed?)

    The diebold machines I used last year print a paper 'receipt' of your vote that you have to verify(and then tell the machine you verified it) that they show in a glass window. So you can see yes, it really did print out what you told it to before you leave the polls.

    reply to this | link to this | view in thread ]

  5.  

    Re: Re: Maybe...

    identicon
    James, Oct 24th, 2006 @ 10:39am

    Uhmmm....

    http://www.google.com/search?hl=en&q=define%3Asarcasm

    reply to this | link to this | view in thread ]

  6.  

    Re: Re: Maybe...

    identicon
    Josh, Oct 24th, 2006 @ 10:53am

    Umm I'm also curious they say they have records of all the people that used the machine they say they can track them down which is absolutely true however are they going to be able to prove what each person actually got as a result of the reprogrammed ATM??

    reply to this | link to this | view in thread ]

  7.  

    Re: Re: Maybe...

    identicon
    sceptic, Oct 24th, 2006 @ 10:53am

    http://www.diebold.com/solutions/default.htm

    They DO make ATM machines, for the ones that don't pay attention at the bank. They even make the actual metal deposit boxes, which is probably the best engineered part of it all.

    reply to this | link to this | view in thread ]

  8.  

    Brad

    identicon
    Its true, Oct 24th, 2006 @ 10:53am

    Diebold manufactures a huge portion of the worlds ATM's.

    reply to this | link to this | view in thread ]

  9.  

    Don't know what's worse...

    identicon
    Corey, Oct 24th, 2006 @ 10:54am

    The fact that ATM's are vulnerable in this way or that people willingly took the extra money dispensed thinking that they won a small lottery prize, further they didn't even stop to think that the bank has logs of the transactions. I wonder if anyone who was in receipt of extra cash actually notified the branch. --- I doubt it.

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Oct 24th, 2006 @ 10:58am

    Stop reporting it, so we can take advantage.

    reply to this | link to this | view in thread ]

  11.  

    Re: Don't know what's worse...

    identicon
    Shag, Oct 24th, 2006 @ 11:04am

    Even though they have the records that you withdrew the money, I'm not sure that they can actually go after you.

    If a teller accidentally slipped you an extra 50$, how can they go after you for that?

    I think that the machine will record the transaction as withdrawing 100$ that you asked for. Not the 200 that it gave you.

    reply to this | link to this | view in thread ]

  12.  

    Manual error

    identicon
    David, Oct 24th, 2006 @ 11:17am

    They claimed that this was a manual error. Are we sure that it's that someone hacked the machine, or could it possibly be that some dunce just loaded the 20 quid notes into the 10 quid note tray? I'd be more inclined to think that's what happened...

    reply to this | link to this | view in thread ]

  13.  

    ATM fraud persecution is EZ, so long as it's not s

    identicon
    Chris, Oct 24th, 2006 @ 11:22am

    Tellers and computers are completely different in the fact that a computer can never mess up. It can only ever do what it's told. So if it's told to dispense 10 bills for $100, instead of 5 bills, then it does. It logs that for $100, 10 $20's were given. All you do is change the table amount by a multiply factor of 2 and for whatever amount you say you get twice as much. With logs and a nice video camera for surveliance pruposes tracking down all involved in this fiasco probably wont be anything short of simple.

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Coward, Oct 24th, 2006 @ 11:25am

    If you withdrew some money using a prepaid VISA or MC card, and you bought it with cash, then they won't be able to find you.

    reply to this | link to this | view in thread ]

  15.  

    Re: Re: Re: Maybe...

    identicon
    Rich, Oct 24th, 2006 @ 11:44am

    Well they at least can catch one...

    "Eleanor Woodward, 23, of Bristol"

    reply to this | link to this | view in thread ]

  16.  

    Stealing is Stealing!

    identicon
    Alex Chavarin, Oct 24th, 2006 @ 11:56am

    It's sad to see that the younger generation doesn't see anything wrong with taking someone else's money. I guess Banks are up there with Corporations, and they haven't given us a good example, but it's still not right.

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Anonymous Coward, Oct 24th, 2006 @ 11:59am

    ha ha what idiots!!

    reply to this | link to this | view in thread ]

  18.  

    Re: Stealing is Stealing!

    identicon
    sceptic, Oct 24th, 2006 @ 12:06pm

    Younger generation? Of course, the older generation set up such beautiful examples through ravaging their corporations at the expense of employees. Please, if you are bitter because you are no longer young, find a better way to deal with it than faulting younger generation with it. I hear BASE jumping is a cure-all.

    reply to this | link to this | view in thread ]

  19.  

    How does this happen?

    identicon
    weblarg.com, Oct 24th, 2006 @ 12:09pm

    Why would someone who manages an ATM use the same interface as the end user? It seems a bit daft to even give someone the opportunity of trying to "hack" in to an ATM through a common interface.

    reply to this | link to this | view in thread ]

  20.  

    Re: How does this happen?

    identicon
    Anonymous Coward, Oct 24th, 2006 @ 12:24pm

    Agreed. put a USB or other interface behind on the backside of the machine you lazy sods!

    reply to this | link to this | view in thread ]

  21.  

    As vunerable as the OS?

    identicon
    Xeno the Phobia Warrior Princess, Oct 24th, 2006 @ 12:32pm

    The last time I saw my local bank's ATM booting up, the start up screen showed:
    OS 2 Warp
    Is that better or worse than "XP"? Better or worse for hackers?

    reply to this | link to this | view in thread ]

  22.  

    Re: Re: Re: Maybe...

    identicon
    Anonymous Coward, Oct 24th, 2006 @ 11:57pm

    Hahah. Some people say sarcasm can be hard to detect on the internet... but for you to say that your post was sarcastic is just stupid. If you didn't know it doesn't mean you have to reply with "sarcasm" to cover it up. People don't care if you didn't know that.

    reply to this | link to this | view in thread ]

  23.  

    Re: As vunerable as the OS?

    identicon
    ebrke, Oct 25th, 2006 @ 6:34am

    OS/2 was a great operating system that IBM never knew how to market effectively, whereas MS knew just how to market everything and thereby got the jump on IBM. OS/2 has been moribund for so many years I don't know if anyone really knows how secure it is in terms of today's threats, but I would suspect probably pretty secure.

    reply to this | link to this | view in thread ]

  24.  

    Re: Re: Re: Maybe...

    identicon
    Anonymous Coward, Oct 25th, 2006 @ 10:12am

    Uhmmm....

    http://www.google.com/search?hl=en&q=denial&btnG=Google+Search

    reply to this | link to this | view in thread ]

  25.  
    identicon
    King, Jul 16th, 2007 @ 7:00am

    i looked all over for the diebold default passwords but had no luck finding it. Where would i find it? or the whole manual. the actual diebold site doesnt have the default passwords.

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>


Sprint First To Market With Faster EV-DO... >>
<< Skype Bans Mean Big Profits For Incumbent...
 tdicon 

A word from our Sponsors...
Follow Techdirt
Flattr rss rss

Powered by Postrank

From the Techdirt Archive...
A word from our Sponsors...

Close

Email This