Two Arrested For Reprogramming ATMs To Provide Extra Cash

from the this-is-still-doable? dept

Wed, Sep 24th 2008 1:11pm — Mike Masnick

Almost exactly two years ago, a story made the rounds of how easy it was to reprogram ATMs to believe it had a different denomination. Thus, if it actually had $20 bills, you could convince it that it really had $1 or $5 bills. Then when you took out money from the machine, you would get the $20 bills, making a tidy profit. The reason this hack was so easy was that many ATM owners simply left the default passwords on the machines -- and those passwords were easily found online. Last year, we noted that, despite the publicity around this easy hack, many ATM owners still had not changed the default password. Apparently, that's still the case, as two men have been arrested for using the hack to steal thousands of dollars. Still, it's worth noting that the only reason they seem to have been caught was they hit the same store multiple times (and, apparently, the owner of that store still hadn't changed the default password).

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: atms, security, theft

26 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Chronno S. Trigger, 24 Sep 2008 @ 1:34pm

How douse that work?
I know that nothing the store owner did was illegal, just incredibly stupid, are there any kind of fines for something like that? Can the people who run the ATMs just stop supporting him or allowing him to connect to the network?
[ link to this | view in thread ]
Anonymous Coward, 24 Sep 2008 @ 1:35pm

Anyone using a default password in cases like this should be sued or fined heavily as this is extremely negligent!
[ link to this | view in thread ]
Anonymous Coward, 24 Sep 2008 @ 1:37pm

yeah and to think the two guys that did this lived not far from me lol...what a bunch of fools
[ link to this | view in thread ]
your face, 24 Sep 2008 @ 1:52pm

money money money
Money should totally be open source and free to the public to inspire solid competition.

/Sarcasm...although, with the value of the USD dropping like iron poo, that doesn't sound half bad.
[ link to this | view in thread ]
Joseph Durnal, 24 Sep 2008 @ 1:56pm

$100's
If I weren't an honest man, I'd try and find one of those ATMs that give out $100's like at the Casino. Oh, wait, dollars, who wants dollars these days. Maybe reprogram one that dispenses 100 euro notes!

Seriously, two "crimes" are committed, one crime of stupidity and of course, the theft.

Joseph Durnal
[ link to this | view in thread ]
kevjohn, 24 Sep 2008 @ 2:07pm

Plenty of blame to go around
Shouldn't the ATM manufacturers get a bit of the blame? Why aren't machines programmed to force the store owners to change the password on first power up? Hell, my cell phone did that.
[ link to this | view in thread ]
Anonymous Coward, 24 Sep 2008 @ 2:08pm

Epic Fail with Epic something
Hmm.. How is this any different than what's happening with America's Banks? I read somewhere that some fancy financial instruments called derivatives were "a gambling casino empire that has taken over the world's largest banks."

Shoot.. I can't remember where I read that.
[ link to this | view in thread ]
Tom Carvel & Mr. Moe, 24 Sep 2008 @ 2:14pm

Dumb!
Not much different then any other type of loophole -- such as glomming a neighbors wi-fi connection. The ATM owner should be fined for stupidity. No doubt he/she will do something stupid and remove themselves from the gene pool!
[ link to this | view in thread ]
tom carvel, 24 Sep 2008 @ 2:16pm

Re: Epic Fail with Epic something
What kind of nonsense are you babling about?
Time for your meds!
[ link to this | view in thread ]
Robert Mueller, 24 Sep 2008 @ 2:33pm

Re: Re: Epic Fail with Epic something
Ice Cream? That's the best you can do?
[ link to this | view in thread ]
Jason, 24 Sep 2008 @ 2:42pm

Re:
Hear, hear!
[ link to this | view in thread ]
Jason, 24 Sep 2008 @ 2:52pm

Re: Dumb!
I'd say it's HUGELY different.

Let X= ATM owners okay with you using their wifi. Let Y= ATM owners okay with you stealing thousands of dollars.

I guarantee you that X/Y=infinity (or 'undefined' if you're in elementary school).
[ link to this | view in thread ]
Anonymous Coward, 24 Sep 2008 @ 2:55pm

Yes, they were stupid, but someone had to go out of their way to commit a crime to exploit this store owner's stupidity. So now we can just exploit the stupid is this country?
[ link to this | view in thread ]
Jason, 24 Sep 2008 @ 3:34pm

Re:
Um, well, Coward, that's nothing new. We've always been able to do that. Unless you're implying that this article suggests it's okay to exploit the stupid - which it doesn't. So your point was...?
[ link to this | view in thread ]
Anonymous Coward, 24 Sep 2008 @ 3:39pm

I want one
Magical Piggy Bank--
http://www.msnbc.msn.com/id/26545820
[ link to this | view in thread ]
ATMNoob, 24 Sep 2008 @ 4:33pm

I'm missing something...
Unless I have a stolen ATM card I'm still taking the cash from my account. Wouldn't the hack get timestamped, my withdrawal get timestamped and at least the bank will come for the extra money? Please cure my recto-cranial inversion...
[ link to this | view in thread ]
Anonymous Coward, 24 Sep 2008 @ 5:55pm

What a great guy

http://www.youtube.com/watch?v=41F_oof_gu0
[ link to this | view in thread ]
Whitey McCracker, 24 Sep 2008 @ 6:09pm

Could he really be that classy?
Gentlemen,

I present to you, our president.

http://www.youtube.com/watch?v=41F_oof_gu0
[ link to this | view in thread ]
Norm, 24 Sep 2008 @ 7:37pm

Re: Epic Fail with Epic something
A-frickin-Men
[ link to this | view in thread ]
Anonymous Coward, 25 Sep 2008 @ 1:01am

Re: Epic Fail with Epic something
Good job greasing the wheels, Anon. The T-Bill will go down tomorrow as the bailout is passed and wholesale inflation occurs. I owe you one.
[ link to this | view in thread ]
another mike, 25 Sep 2008 @ 3:23pm

Re: I'm missing something...
No RC inversion, just bad math.
Of course the hack gets timestamped and debited $20 out of his account and handed over by the machine. If it's loaded with $20 bills, it counts out one bill and passes it out the slot. Just like any other normal everyday transaction.
But in the hack, you convince the machine it's loaded with fivers before asking to withdraw your $20. So like any normal transaction, it docks your account $20 and counts out 5, 10, 15, 20 and hands over four bills. Four $20 bills because the machine, despite what it was told, is still loaded with twenties.
Use your own ATM card and remember to reset the machine back to twenties so it'll take longer to be caught.
[ link to this | view in thread ]
Sukey, 29 Sep 2008 @ 9:26am

Oh but if you're on the INSIDE and you do this under the title CEO or CFO, they call it financial planning and asset management. I'd like to see a prosecutor even try and bring charges. Let it go to a jury, my two good men, and watch and see how fast you'll be found not guilty.

Robin Hood.
[ link to this | view in thread ]
Kaarsty, 29 Sep 2008 @ 1:35pm

Heh
Well, in most cases - the ATM's are not set up by the store owners. They're placed, and maintained by another company. Probably was not the store owner's fault - it was the tech's fault.
[ link to this | view in thread ]
Barack Obama, 1 Oct 2008 @ 6:53am

We need more people like this.
In Chicago we call this mining the ghetto! I applaud their endeavors. When I am elected we will continue to distribute the wealth by taxation.
[ link to this | view in thread ]
JadeStar, 1 Oct 2008 @ 3:26pm

The real losers are...
... the business owners, not the banks. I think that the individual small businesses that host the old ATMs (gas stations, night clubs, etc) are the ones who really lose the money here. Don't they fill up the ATMs themselves, and then get paid by the banks for the amount of money withdrawn, keeping the ATM "transaction fee" as their profit? I don't think these ATMs work like Coke machines, having a service person from the company who owns the machine come fill it up every week. If they do, then it's that little third-party ATM service co that's actually losing the cash -- and rightfully so, since they would be the ones who forgot to set a real password. Otherwise, I believe that the small business is the one that takes the hit, since the banks only pay on what they actually approved for withdrawal from the accounts.
[ link to this | view in thread ]
Andrew Yu-Jen Wang, 8 Mar 2009 @ 5:20pm

Robert Mueller does not like George W. Bush—Bush committed too many crimes.

George W. Bush committed hate crimes of epic proportions and with the stench of terrorism (indicated in my blog).

George W. Bush did in fact commit innumerable hate crimes.

And I do solemnly swear by Almighty God that George W. Bush committed other hate crimes of epic proportions and with the stench of terrorism which I am not at liberty to mention.

Many people know what Bush did.

And many people will know what Bush did—even to the end of the world.

Bush was absolute evil.

Bush is now like a fugitive from justice.

Bush is a psychological prisoner.

Bush has a lot to worry about.

Bush can technically be prosecuted for hate crimes at any time.

In any case, Bush will go down in history in infamy.

Submitted by Andrew Yu-Jen Wang
B.S., Summa Cum Laude, 1996
Messiah College, Grantham, PA
Lower Merion High School, Ardmore, PA, 1993

“GEORGE W. BUSH IS THE WORST PRESIDENT IN U.S. HISTORY” BLOG OF ANDREW YU-JEN WANG
______________________
I am not sure where I had read it before, but anyway, it goes kind of like this: “If only it were possible to ban invention that bottled up memories so they never got stale and faded.” Oh wait—off the top of my head—I think the quotation came from my Lower Merion High School yearbook.
[ link to this | view in thread ]