Memo To Banks: In Case You Missed The First Memo, Change Your ATMs' Default Passwords
from the double-the-cash-double-the-fun dept
Last month, we wrote about the story making the rounds showing how easily some ATMs could be reprogrammed and set to dispense more money than they should because banks and ATM owners never bothered to change the machines’ default passwords — passwords which were easily found in the ATMs’ manual online. JimH writes in to point out a story from Bristol, England, where people discovered an ATM dispensing double the amount of money they requested (via The Register). Word quickly traveled around, leading to three-hour lines at the machine, while an identical but properly configured ATM beside it sat unused. Local restaurants, bars and liquor stores said they did a roaring trade as people spent their “free” money — but the bank has a record of all the withdrawals and says it will chase down everyone that took advantage of the broken machine. It’s not clear if the ATM in question was one of the same models discussed last month, or indeed just how the machine came to be misconfigured, but this seems like quite an interesting coincidence. In any case, if you run a bank, it might not be a bad idea to check your ATMs and ensure they’re not still using the default password.
Comments on “Memo To Banks: In Case You Missed The First Memo, Change Your ATMs' Default Passwords”
Maybe...
…the same people in charge of Diebold’s electronic voting machines are in charge of the ATMs.
Re: Maybe...
Being that Diebold is one of the largest producers of ATM’s worldwide….
Re: Maybe...
I doubt that. ATM’s are actually fairly well secured. Even if you have the default password, it seems the worst you can do is make it give more money than it should(Sounds bad, but it keeps a perfect record of this, so the banks can hold people accountable).
Diebold voting machines that don’t keep a printed paper trail do not keep any record that can show tampering. Even ones that do keep a paper trail might not show tampering if people can’t read the paper trail at the time of voting (What is the point of a paper trail if it records something different from what buttons you pushed?)
The diebold machines I used last year print a paper ‘receipt’ of your vote that you have to verify(and then tell the machine you verified it) that they show in a glass window. So you can see yes, it really did print out what you told it to before you leave the polls.
Re: Re: Maybe...
Uhmmm….
http://www.google.com/search?hl=en&q=define%3Asarcasm
Re: Re: Re: Maybe...
Hahah. Some people say sarcasm can be hard to detect on the internet… but for you to say that your post was sarcastic is just stupid. If you didn’t know it doesn’t mean you have to reply with “sarcasm” to cover it up. People don’t care if you didn’t know that.
Re: Re: Re: Maybe...
Uhmmm….
http://www.google.com/search?hl=en&q=denial&btnG=Google+Search
Re: Re: Maybe...
Umm I’m also curious they say they have records of all the people that used the machine they say they can track them down which is absolutely true however are they going to be able to prove what each person actually got as a result of the reprogrammed ATM??
Re: Re: Re: Maybe...
Well they at least can catch one…
“Eleanor Woodward, 23, of Bristol”
Re: Re: Maybe...
http://www.diebold.com/solutions/default.htm
They DO make ATM machines, for the ones that don’t pay attention at the bank. They even make the actual metal deposit boxes, which is probably the best engineered part of it all.
not likely. the article said “the bank has a record of all the withdrawals” and we all know that diebold doesnt record anything.
Brad
Diebold manufactures a huge portion of the worlds ATM’s.
Don't know what's worse...
The fact that ATM’s are vulnerable in this way or that people willingly took the extra money dispensed thinking that they won a small lottery prize, further they didn’t even stop to think that the bank has logs of the transactions. I wonder if anyone who was in receipt of extra cash actually notified the branch. — I doubt it.
Re: Don't know what's worse...
Even though they have the records that you withdrew the money, I’m not sure that they can actually go after you.
If a teller accidentally slipped you an extra 50$, how can they go after you for that?
I think that the machine will record the transaction as withdrawing 100$ that you asked for. Not the 200 that it gave you.
Stop reporting it, so we can take advantage.
Manual error
They claimed that this was a manual error. Are we sure that it’s that someone hacked the machine, or could it possibly be that some dunce just loaded the 20 quid notes into the 10 quid note tray? I’d be more inclined to think that’s what happened…
ATM fraud persecution is EZ, so long as it's not s
Tellers and computers are completely different in the fact that a computer can never mess up. It can only ever do what it’s told. So if it’s told to dispense 10 bills for $100, instead of 5 bills, then it does. It logs that for $100, 10 $20’s were given. All you do is change the table amount by a multiply factor of 2 and for whatever amount you say you get twice as much. With logs and a nice video camera for surveliance pruposes tracking down all involved in this fiasco probably wont be anything short of simple.
If you withdrew some money using a prepaid VISA or MC card, and you bought it with cash, then they won’t be able to find you.
Stealing is Stealing!
It’s sad to see that the younger generation doesn’t see anything wrong with taking someone else’s money. I guess Banks are up there with Corporations, and they haven’t given us a good example, but it’s still not right.
Re: Stealing is Stealing!
Younger generation? Of course, the older generation set up such beautiful examples through ravaging their corporations at the expense of employees. Please, if you are bitter because you are no longer young, find a better way to deal with it than faulting younger generation with it. I hear BASE jumping is a cure-all.
ha ha what idiots!!
How does this happen?
Why would someone who manages an ATM use the same interface as the end user? It seems a bit daft to even give someone the opportunity of trying to “hack” in to an ATM through a common interface.
Re: How does this happen?
Agreed. put a USB or other interface behind on the backside of the machine you lazy sods!
As vunerable as the OS?
The last time I saw my local bank’s ATM booting up, the start up screen showed:
OS 2 Warp
Is that better or worse than “XP”? Better or worse for hackers?
Re: As vunerable as the OS?
OS/2 was a great operating system that IBM never knew how to market effectively, whereas MS knew just how to market everything and thereby got the jump on IBM. OS/2 has been moribund for so many years I don’t know if anyone really knows how secure it is in terms of today’s threats, but I would suspect probably pretty secure.
i looked all over for the diebold default passwords but had no luck finding it. Where would i find it? or the whole manual. the actual diebold site doesnt have the default passwords.