What is Digg?110 Comments
- Jeebugorn, on 10/12/2007, -4/+78good for him. he finally found a way to get his money back for all the ridiculous fees he probably paid to that bank.
- robustyoungsoul, on 10/12/2007, -0/+62Bank error in your favor.
- Benjamin2040, on 10/12/2007, -2/+50"when a customer told the clerk at a Crown gas station that the machine was disbursing more money than it should"
What idiot goes and gives the game away like that!!?!? - PAJK, on 10/12/2007, -0/+33Yeh, that writing on the back of his tshirt might have read, "Karma, Bitches."
- cid2001, on 10/12/2007, -0/+14That is awesome buy a prepaid card @ $100 and get $400 back minus fees!
- cypher35, on 10/12/2007, -1/+14damn, i would love to have randomly stumbled across this while making a withdrawal one day...
- rodrigo74, on 10/12/2007, -0/+12"Police have asked anyone with information to contact Crime Solvers at (888 ) LOCK-U-UP."
Love that. - MacParrot, on 10/12/2007, -2/+14Someone honest? Amazing that it's seen as a liability rather than a virtue. Should have known this being Digg and all.
- Teaboy, on 10/12/2007, -7/+18Admin Menu (OMG YOU L33T H4X0R!)
1. Give out $20 and debit $20
2. Give out $20 and debit $10
3. Give out $20 and debit $5 - ChildeRoland420, on 10/12/2007, -0/+11Teaboy, it's not really like that. All he has to do is tell the admin menu that he just reloaded the machine with $5 bills instead of $20s. It's one of those small stand up ones that only holds one kind (usu. 20s) and it will just count out the bills in $5 increments no matter what is actually in it. This seems very plausible for an admin menu.
- Swampthing, on 10/12/2007, -3/+13Funny thing about those cameras at ATM machines, they capture EVERY transaction.
- thydzik, on 10/12/2007, -1/+10that man is a genius.
- JoshuaH, on 10/12/2007, -2/+11Haha, Probably right.
- FyreGoddess, on 10/12/2007, -0/+9"remember, they were getting the amount they asked for, it was just charging their account 1/4 less. so its pretty amazing that someone even noticed."
No, they were getting 4x the money they asked for. The original guy reprogrammed the ATM so it thought that it was dispensing $5 bills.
ex: I tell the machine I want to withdraw $20, it deducts $20 from my account and gives me 4 bills (4 x $5 = $20). Now I have $80 in cash. - Timan, on 10/12/2007, -1/+10Yep, I live in this area, its funny how many people got extra cash before someone reported it. Kinda sad at the same time...
- aed377b, on 10/12/2007, -0/+8I wonder how he learned this skill...
- inactive, on 10/12/2007, -2/+10prolly a DIEBOLD atm. you can straight wardial one of those sonsabiches
;P - portis, on 10/12/2007, -3/+11Now if only he could teach us how to re-program a coke machine to give us 4 times the caffeine.
- snapya, on 10/12/2007, -5/+12"No one noticed until nine days later, when a customer told the clerk at a Crown gas station that the machine was disbursing more money than it should."
LOL what douchebag would say that the machine was giving away more money than it should? - nakedcellist, on 10/12/2007, -2/+8Must be a Diebold machine..
- areric, on 10/12/2007, -0/+6even odds that the clerk took the liberty of making a slight withdrawl before reporting it to their manager.
- voxluna, on 10/12/2007, -1/+6Not always. An ATM in a gas station is not likely to be run by a financial institution (bank). The smaller ones that are privately owned usually do not have cameras. Look at the Triton 9100 for example. It was the store surveillance cameras, not the ATM, that probably caught him on tape.
- inactive, on 10/12/2007, -1/+6I can't remember the code but I think it is green (enter), 1, green (enter) at the non-bank convenience store ATMs.
At any rate, I do know the two default passwords: MONEY or PASSWORD
When entered you can access the management screen and get a cash count, use count, accounting (money made according to fees) and of course Dispense settings. Once in you can change this exactly as the story says - make the machine think it is dispensing $5 at a time rather than $20.
Anyhow: I have a friend (not a friend of a friend or my cousin's friend's neighbor's daughter's boyfriend's cousin) but an actual friend that use to work for an ATM servicing company. We were at Buffalo Wild Wings and in his drunken stupor (or to prove how "cool" he was) he thought it would be amusing to change the ATM settings. We watched as a couple people using the ATM ended up with 4x their intended withdrawal. Within probably 5 people the machine was turned off.
While I don't agree with what my friend did but I do feel that it is a lesson learned for the ATM owner about security. The best way to stop this is for the owner to CHANGE THE DEFAULT PASSWORD!!!
I see everyone complaining about the person telling management but the reality is, even if you don't realize this is theft, most people are going to worry that the full amount was deducted from their account so they are going to report it. - CJz44, on 10/12/2007, -1/+5Doesn't seem to be working so...
http://www.duggmirror.com/security/ATM_Reprogrammed_to_Give_Out_4X_More_Money - paulmdx, on 10/12/2007, -2/+6"#2. The code is flashed onto rom kind of like the bios of your computer. There is no reason for this to be easily changed. Its a farily basic client app that dosent need changing often."
In the UK a lot of ATMs run Windows NT, which I'm assuming have a certain amount of (if not all) volatile storage. ATMs certainly aren't "basic client app[s]". - nofxjunkee, on 10/12/2007, -0/+4Just because you know what someone looks like doesn't mean you know who they are or where you can find them.
- vitriolage, on 10/12/2007, -0/+4@funstuph
Ya, ok, but what if the ATM was reprogrammed to dispense 5s instead of 20s as previously stated. I'm assuming this is allowed through access of the admin menu and the whole situation seems very plausible. - Bullsnot, on 10/12/2007, -0/+4I'm suprised no one has ever hacked one by jacking into the phone line going back to the bank. The ATMs just use a basic modem to verify your balance and instruct the bank on how much to withdraw. I'm sure there is some sort of encryption used, but I would think someone would find a way to fool the machine into thinking the communication went through.
- inactive, on 10/12/2007, -3/+7All of the new ATMs from a particular bank (the Commonwealth Bank) here in Oz have been switched over to Diebold Systems ATMs, so you just KNOW that there are numerous backdoors you can access from the external keypad.
Of course, unless you're a top level republican visiting Oz you will never know what those backdoors are... - sd12013, on 10/12/2007, -0/+4Let me get this straight...
The news reports that a guy walked in, swiped a card, punched an odd sequence of numbers to reprogram the machine to think it was giving out $5s and it was caught on surveillance tape... and there are people saying "Nope! Couldn't happen!" WTF?!? IT'S ON TAPE!!! THEY SAW HIM DO IT!!!
(no comment on whether I would or wouldn't have reported an error in the machine)
btw, these smaller gas station/7-eleven style machines are very nearly always independently owned and they just lease the space within the store from the biz. - Zarks, on 10/12/2007, -0/+4Wow, it took 9 days for somebody to notice! I remember something similar occured here in England by accident and in a couple of days the machine had been completely emptied.
- pseudojd, on 10/12/2007, -0/+3Having worked on the new Diebold ATM's for a year or so I can safely say this was done by putting $20's in the 5$ can. The same way this always happens.
- marc26uk, on 10/12/2007, -0/+3I don't think Joe BusinessOwner actually OWNS the ATM.
At least here in the UK, the business will allow the ATM company to place the machine instore in return for either a commision on the transaction fee, or does it purely for increased business/customer flow. I doubt that the ATM firm could have charged the local business for their incompetence. - goldenbb, on 10/12/2007, -0/+3Seriously. It's like a slot machine where you never lose.
- Mekun, on 10/12/2007, -1/+4I used an ATM once after the person working on it got done . There was a menu for admin showing along with regular menu. I closed it out but that could of been what happened. The person working on it forgot to close out the machine and left access to the admin menu, they guy walked up to use it and saw he had access and changed it.
- gd007, on 10/12/2007, -2/+5now the bank is charging double maint fee from me to recover the money lost.
- xtmno3, on 10/12/2007, -0/+3@bluenova:
Sure, and coke machines wouldn't be dumb enough to be 1-3-2-4 or some variation of that.... - fabriciom, on 10/12/2007, -0/+3If that was so, then the story would have been "Criminal CAUGHT after reprogramming ATM"... Anyways my question is how this guy got access to the internals of the PC. I know must touch screen PCs have a secret way of accessing its settings by pressing in certain places in the screen. But you must be really stupid to allow this on an ATM. If that was the case I say the one that needs to be punished the hardest is the programmer who left this open.
- championchap, on 10/12/2007, -0/+3he may have gotten around this.. but yes, when there is an error usually the bank chases you up afterwards for all the money you scammed them for.
- thewaz, on 10/12/2007, -0/+3next time tell us before it stops working.
- HardJeans, on 10/12/2007, -0/+3digg down previous comment. Couldn't edit...
"I'm sure there is some sort of encryption used"
That is the one zillion dollar question. If you can solve that quandary, then you will own the world. You can't mimic the bank with a man-in-the-middle attack if the data layer is encrypted. - robdavy, on 10/12/2007, -0/+2@ hurfydurfur
Many places sell pre-paid debit cards (many with Visa or MasterCard on them). Places like cheque cashing places often sell them.
You put money on them by giving the place cash, and then they put it onto your card. Lots of people use them for buying things online without actually owning a credit card (bad credit, etc) - meffie, on 10/12/2007, -0/+2More information here:
http://www.atmmarketplace.com/news_story_26595.htm - felchdonkey, on 10/12/2007, -0/+2Actually, Clearz, you're 100% wrong.
Anyone who's ever worked in a business that has a 3rd-party ATM would know how easy it is to reprogram one of these - all you need is the password.
If you have access to the admin screen, you can just run an end-of-day settlement, which tells the machine it's out of bills. Then tell it you've just put back all the bills, but now they're fives instead of twenties. Go back to the main screen, and voila, free money.
You don't even need to open the unit with the key. For that matter, no one would notice you doing it, since it would just look like you were doing a transaction.
The only security these things have against such a stunt is hoping people don't know how they are operated, and then hoping they don't have one simple 6-digit password.
Bad, bad, bad design. - inactive, on 10/12/2007, -0/+2It is that easy. The button combination will put you into a management screen and from there you enter the management password.
The systems are sent with a default password (at the time my friend performed this the defaults were either PASSWORD or MONEY).
If the owner does not change that password (and many don't) then anyone can get into it with the default password.
What funstuph (below) is talking about is a BANK machine. These are the large machines that allow deposits, withdrawals, etc. They require a test or management card and a PIN to be entered. The machines I am talking about are the typical rinky dink machines that allow you to take out money and get your balance and are typically in smaller convenience stores and bars. - mbabauer, on 10/12/2007, -1/+3Honest would be charging a *modest" fee for getting access to your money. Those stand-alone kiosks are total rip offs.
That said, I probably would have told anyway. Usually, my conscious gets the better of me. - mbabauer, on 10/12/2007, -0/+2First, according to the story, this was a privately owned ATM, not a bank ATM. I work for a bank, and know that most of what you said *is* true, but there is no mandate that it *has* to be true, just that most actual banks regard you entering their test menus so they make it tough to get to them.
Second, the story also points out the *crook* used a pre-paid Visa card, like the ones you get at the Simon mall to give as gift cards to people. To get these, all you need is cash. You fill out your own information on a form, or at least I did, and they hand you a valid Visa card with that amount on it. There is really no way to trace it if you pay cash, because they do not require any ID.
Bottom line, I don't think these stand alone ATMs use as good of security as the bank-owned ones. It doesn't surprise me one bit to see that someone did this or was even able to do it. - fsck3r, on 10/12/2007, -0/+2I know for a fact if you press a 3 key combination on most ATMs found in gas stations and other odd places..(not at the bank) It will drop you right into the "Adminstration Mode" I actually found that out while waiting for a friend to pay for gas, I knew those "extra" dead buttons did something and they did. After I did it I never ever tried anything after that, Im not going to jail thats for sure...
- gfindlay, on 10/12/2007, -0/+2It's like when you play MONOPOLY.
"Bank error in your favor! Collect $200 dollars!"
It's the best Chance card, 'cause in real life, that'd be awesome! - cmos, on 10/12/2007, -0/+2the innovations of the new age crooks are always a good read!
-
Show 51 - 100 of 108 discussions
Check out the new & improved 
© Digg Inc. 2009
— Content created and posted by Digg users is