Two Arrested For Reprogramming ATMs To Provide Extra Cash

from the this-is-still-doable? dept

Almost exactly two years ago, a story made the rounds of how easy it was to reprogram ATMs to believe it had a different denomination. Thus, if it actually had $20 bills, you could convince it that it really had $1 or $5 bills. Then when you took out money from the machine, you would get the $20 bills, making a tidy profit. The reason this hack was so easy was that many ATM owners simply left the default passwords on the machines -- and those passwords were easily found online. Last year, we noted that, despite the publicity around this easy hack, many ATM owners still had not changed the default password. Apparently, that's still the case, as two men have been arrested for using the hack to steal thousands of dollars. Still, it's worth noting that the only reason they seem to have been caught was they hit the same store multiple times (and, apparently, the owner of that store still hadn't changed the default password).


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Chronno S. Trigger, Sep 24th, 2008 @ 1:34pm

    How douse that work?

    I know that nothing the store owner did was illegal, just incredibly stupid, are there any kind of fines for something like that? Can the people who run the ATMs just stop supporting him or allowing him to connect to the network?

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymous Coward, Sep 24th, 2008 @ 1:35pm

    Anyone using a default password in cases like this should be sued or fined heavily as this is extremely negligent!

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Sep 24th, 2008 @ 1:37pm

    yeah and to think the two guys that did this lived not far from me lol...what a bunch of fools

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    your face, Sep 24th, 2008 @ 1:52pm

    money money money

    Money should totally be open source and free to the public to inspire solid competition.

    /Sarcasm...although, with the value of the USD dropping like iron poo, that doesn't sound half bad.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Joseph Durnal, Sep 24th, 2008 @ 1:56pm

    $100's

    If I weren't an honest man, I'd try and find one of those ATMs that give out $100's like at the Casino. Oh, wait, dollars, who wants dollars these days. Maybe reprogram one that dispenses 100 euro notes!

    Seriously, two "crimes" are committed, one crime of stupidity and of course, the theft.

    Joseph Durnal

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    kevjohn, Sep 24th, 2008 @ 2:07pm

    Plenty of blame to go around

    Shouldn't the ATM manufacturers get a bit of the blame? Why aren't machines programmed to force the store owners to change the password on first power up? Hell, my cell phone did that.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, Sep 24th, 2008 @ 2:08pm

    Epic Fail with Epic something

    Hmm.. How is this any different than what's happening with America's Banks? I read somewhere that some fancy financial instruments called derivatives were "a gambling casino empire that has taken over the world's largest banks."

    Shoot.. I can't remember where I read that.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Tom Carvel & Mr. Moe, Sep 24th, 2008 @ 2:14pm

    Dumb!

    Not much different then any other type of loophole -- such as glomming a neighbors wi-fi connection. The ATM owner should be fined for stupidity. No doubt he/she will do something stupid and remove themselves from the gene pool!

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    tom carvel, Sep 24th, 2008 @ 2:16pm

    Re: Epic Fail with Epic something

    What kind of nonsense are you babling about?
    Time for your meds!

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Robert Mueller, Sep 24th, 2008 @ 2:33pm

    Re: Re: Epic Fail with Epic something

    Ice Cream? That's the best you can do?

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Jason, Sep 24th, 2008 @ 2:42pm

    Re:

    Hear, hear!

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Jason, Sep 24th, 2008 @ 2:52pm

    Re: Dumb!

    I'd say it's HUGELY different.

    Let X= ATM owners okay with you using their wifi. Let Y= ATM owners okay with you stealing thousands of dollars.

    I guarantee you that X/Y=infinity (or 'undefined' if you're in elementary school).

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Sep 24th, 2008 @ 2:55pm

    Yes, they were stupid, but someone had to go out of their way to commit a crime to exploit this store owner's stupidity. So now we can just exploit the stupid is this country?

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Jason, Sep 24th, 2008 @ 3:34pm

    Re:

    Um, well, Coward, that's nothing new. We've always been able to do that. Unless you're implying that this article suggests it's okay to exploit the stupid - which it doesn't. So your point was...?

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, Sep 24th, 2008 @ 3:39pm

    I want one

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    ATMNoob, Sep 24th, 2008 @ 4:33pm

    I'm missing something...

    Unless I have a stolen ATM card I'm still taking the cash from my account. Wouldn't the hack get timestamped, my withdrawal get timestamped and at least the bank will come for the extra money? Please cure my recto-cranial inversion...

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Anonymous Coward, Sep 24th, 2008 @ 5:55pm

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Whitey McCracker, Sep 24th, 2008 @ 6:09pm

    Could he really be that classy?

    Gentlemen,

    I present to you, our president.

    http://www.youtube.com/watch?v=41F_oof_gu0

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Norm, Sep 24th, 2008 @ 7:37pm

    Re: Epic Fail with Epic something

    A-frickin-Men

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Anonymous Coward, Sep 25th, 2008 @ 1:01am

    Re: Epic Fail with Epic something

    Good job greasing the wheels, Anon. The T-Bill will go down tomorrow as the bailout is passed and wholesale inflation occurs. I owe you one.

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    another mike, Sep 25th, 2008 @ 3:23pm

    Re: I'm missing something...

    No RC inversion, just bad math.
    Of course the hack gets timestamped and debited $20 out of his account and handed over by the machine. If it's loaded with $20 bills, it counts out one bill and passes it out the slot. Just like any other normal everyday transaction.
    But in the hack, you convince the machine it's loaded with fivers before asking to withdraw your $20. So like any normal transaction, it docks your account $20 and counts out 5, 10, 15, 20 and hands over four bills. Four $20 bills because the machine, despite what it was told, is still loaded with twenties.
    Use your own ATM card and remember to reset the machine back to twenties so it'll take longer to be caught.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Sukey, Sep 29th, 2008 @ 9:26am

    Oh but if you're on the INSIDE and you do this under the title CEO or CFO, they call it financial planning and asset management. I'd like to see a prosecutor even try and bring charges. Let it go to a jury, my two good men, and watch and see how fast you'll be found not guilty.

    Robin Hood.

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Kaarsty, Sep 29th, 2008 @ 1:35pm

    Heh

    Well, in most cases - the ATM's are not set up by the store owners. They're placed, and maintained by another company. Probably was not the store owner's fault - it was the tech's fault.

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Barack Obama, Oct 1st, 2008 @ 6:53am

    We need more people like this.

    In Chicago we call this mining the ghetto! I applaud their endeavors. When I am elected we will continue to distribute the wealth by taxation.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    JadeStar, Oct 1st, 2008 @ 3:26pm

    The real losers are...

    ... the business owners, not the banks. I think that the individual small businesses that host the old ATMs (gas stations, night clubs, etc) are the ones who really lose the money here. Don't they fill up the ATMs themselves, and then get paid by the banks for the amount of money withdrawn, keeping the ATM "transaction fee" as their profit? I don't think these ATMs work like Coke machines, having a service person from the company who owns the machine come fill it up every week. If they do, then it's that little third-party ATM service co that's actually losing the cash -- and rightfully so, since they would be the ones who forgot to set a real password. Otherwise, I believe that the small business is the one that takes the hit, since the banks only pay on what they actually approved for withdrawal from the accounts.

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    Andrew Yu-Jen Wang, Mar 8th, 2009 @ 5:20pm

    Robert Mueller does not like George W. Bush—Bush committed too many crimes.

    George W. Bush committed hate crimes of epic proportions and with the stench of terrorism (indicated in my blog).

    George W. Bush did in fact commit innumerable hate crimes.

    And I do solemnly swear by Almighty God that George W. Bush committed other hate crimes of epic proportions and with the stench of terrorism which I am not at liberty to mention.

    Many people know what Bush did.

    And many people will know what Bush did—even to the end of the world.

    Bush was absolute evil.

    Bush is now like a fugitive from justice.

    Bush is a psychological prisoner.

    Bush has a lot to worry about.

    Bush can technically be prosecuted for hate crimes at any time.

    In any case, Bush will go down in history in infamy.

    Submitted by Andrew Yu-Jen Wang
    B.S., Summa Cum Laude, 1996
    Messiah College, Grantham, PA
    Lower Merion High School, Ardmore, PA, 1993

    “GEORGE W. BUSH IS THE WORST PRESIDENT IN U.S. HISTORY” BLOG OF ANDREW YU-JEN WANG
    ______________________
    I am not sure where I had read it before, but anyway, it goes kind of like this: “If only it were possible to ban invention that bottled up memories so they never got stale and faded.” Oh wait—off the top of my head—I think the quotation came from my Lower Merion High School yearbook.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This