Two Arrested For Reprogramming ATMs To Provide Extra Cash

from the this-is-still-doable? dept

Almost exactly two years ago, a story made the rounds of how easy it was to reprogram ATMs to believe it had a different denomination. Thus, if it actually had $20 bills, you could convince it that it really had $1 or $5 bills. Then when you took out money from the machine, you would get the $20 bills, making a tidy profit. The reason this hack was so easy was that many ATM owners simply left the default passwords on the machines -- and those passwords were easily found online. Last year, we noted that, despite the publicity around this easy hack, many ATM owners still had not changed the default password. Apparently, that's still the case, as two men have been arrested for using the hack to steal thousands of dollars. Still, it's worth noting that the only reason they seem to have been caught was they hit the same store multiple times (and, apparently, the owner of that store still hadn't changed the default password).
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: atms, security, theft


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Chronno S. Trigger, 24 Sep 2008 @ 1:34pm

    How douse that work?

    I know that nothing the store owner did was illegal, just incredibly stupid, are there any kind of fines for something like that? Can the people who run the ATMs just stop supporting him or allowing him to connect to the network?

    link to this | view in thread ]

  2. identicon
    Anonymous Coward, 24 Sep 2008 @ 1:35pm

    Anyone using a default password in cases like this should be sued or fined heavily as this is extremely negligent!

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 24 Sep 2008 @ 1:37pm

    yeah and to think the two guys that did this lived not far from me lol...what a bunch of fools

    link to this | view in thread ]

  4. identicon
    your face, 24 Sep 2008 @ 1:52pm

    money money money

    Money should totally be open source and free to the public to inspire solid competition.

    /Sarcasm...although, with the value of the USD dropping like iron poo, that doesn't sound half bad.

    link to this | view in thread ]

  5. identicon
    Joseph Durnal, 24 Sep 2008 @ 1:56pm

    $100's

    If I weren't an honest man, I'd try and find one of those ATMs that give out $100's like at the Casino. Oh, wait, dollars, who wants dollars these days. Maybe reprogram one that dispenses 100 euro notes!

    Seriously, two "crimes" are committed, one crime of stupidity and of course, the theft.

    Joseph Durnal

    link to this | view in thread ]

  6. identicon
    kevjohn, 24 Sep 2008 @ 2:07pm

    Plenty of blame to go around

    Shouldn't the ATM manufacturers get a bit of the blame? Why aren't machines programmed to force the store owners to change the password on first power up? Hell, my cell phone did that.

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 24 Sep 2008 @ 2:08pm

    Epic Fail with Epic something

    Hmm.. How is this any different than what's happening with America's Banks? I read somewhere that some fancy financial instruments called derivatives were "a gambling casino empire that has taken over the world's largest banks."

    Shoot.. I can't remember where I read that.

    link to this | view in thread ]

  8. identicon
    Tom Carvel & Mr. Moe, 24 Sep 2008 @ 2:14pm

    Dumb!

    Not much different then any other type of loophole -- such as glomming a neighbors wi-fi connection. The ATM owner should be fined for stupidity. No doubt he/she will do something stupid and remove themselves from the gene pool!

    link to this | view in thread ]

  9. identicon
    tom carvel, 24 Sep 2008 @ 2:16pm

    Re: Epic Fail with Epic something

    What kind of nonsense are you babling about?
    Time for your meds!

    link to this | view in thread ]

  10. identicon
    Robert Mueller, 24 Sep 2008 @ 2:33pm

    Re: Re: Epic Fail with Epic something

    Ice Cream? That's the best you can do?

    link to this | view in thread ]

  11. identicon
    Jason, 24 Sep 2008 @ 2:42pm

    Re:

    Hear, hear!

    link to this | view in thread ]

  12. identicon
    Jason, 24 Sep 2008 @ 2:52pm

    Re: Dumb!

    I'd say it's HUGELY different.

    Let X= ATM owners okay with you using their wifi. Let Y= ATM owners okay with you stealing thousands of dollars.

    I guarantee you that X/Y=infinity (or 'undefined' if you're in elementary school).

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 24 Sep 2008 @ 2:55pm

    Yes, they were stupid, but someone had to go out of their way to commit a crime to exploit this store owner's stupidity. So now we can just exploit the stupid is this country?

    link to this | view in thread ]

  14. identicon
    Jason, 24 Sep 2008 @ 3:34pm

    Re:

    Um, well, Coward, that's nothing new. We've always been able to do that. Unless you're implying that this article suggests it's okay to exploit the stupid - which it doesn't. So your point was...?

    link to this | view in thread ]

  15. identicon
    Anonymous Coward, 24 Sep 2008 @ 3:39pm

    I want one

    link to this | view in thread ]

  16. identicon
    ATMNoob, 24 Sep 2008 @ 4:33pm

    I'm missing something...

    Unless I have a stolen ATM card I'm still taking the cash from my account. Wouldn't the hack get timestamped, my withdrawal get timestamped and at least the bank will come for the extra money? Please cure my recto-cranial inversion...

    link to this | view in thread ]

  17. identicon
    Anonymous Coward, 24 Sep 2008 @ 5:55pm

    link to this | view in thread ]

  18. identicon
    Whitey McCracker, 24 Sep 2008 @ 6:09pm

    Could he really be that classy?

    Gentlemen,

    I present to you, our president.

    http://www.youtube.com/watch?v=41F_oof_gu0

    link to this | view in thread ]

  19. identicon
    Norm, 24 Sep 2008 @ 7:37pm

    Re: Epic Fail with Epic something

    A-frickin-Men

    link to this | view in thread ]

  20. identicon
    Anonymous Coward, 25 Sep 2008 @ 1:01am

    Re: Epic Fail with Epic something

    Good job greasing the wheels, Anon. The T-Bill will go down tomorrow as the bailout is passed and wholesale inflation occurs. I owe you one.

    link to this | view in thread ]

  21. identicon
    another mike, 25 Sep 2008 @ 3:23pm

    Re: I'm missing something...

    No RC inversion, just bad math.
    Of course the hack gets timestamped and debited $20 out of his account and handed over by the machine. If it's loaded with $20 bills, it counts out one bill and passes it out the slot. Just like any other normal everyday transaction.
    But in the hack, you convince the machine it's loaded with fivers before asking to withdraw your $20. So like any normal transaction, it docks your account $20 and counts out 5, 10, 15, 20 and hands over four bills. Four $20 bills because the machine, despite what it was told, is still loaded with twenties.
    Use your own ATM card and remember to reset the machine back to twenties so it'll take longer to be caught.

    link to this | view in thread ]

  22. identicon
    Sukey, 29 Sep 2008 @ 9:26am

    Oh but if you're on the INSIDE and you do this under the title CEO or CFO, they call it financial planning and asset management. I'd like to see a prosecutor even try and bring charges. Let it go to a jury, my two good men, and watch and see how fast you'll be found not guilty.

    Robin Hood.

    link to this | view in thread ]

  23. identicon
    Kaarsty, 29 Sep 2008 @ 1:35pm

    Heh

    Well, in most cases - the ATM's are not set up by the store owners. They're placed, and maintained by another company. Probably was not the store owner's fault - it was the tech's fault.

    link to this | view in thread ]

  24. identicon
    Barack Obama, 1 Oct 2008 @ 6:53am

    We need more people like this.

    In Chicago we call this mining the ghetto! I applaud their endeavors. When I am elected we will continue to distribute the wealth by taxation.

    link to this | view in thread ]

  25. identicon
    JadeStar, 1 Oct 2008 @ 3:26pm

    The real losers are...

    ... the business owners, not the banks. I think that the individual small businesses that host the old ATMs (gas stations, night clubs, etc) are the ones who really lose the money here. Don't they fill up the ATMs themselves, and then get paid by the banks for the amount of money withdrawn, keeping the ATM "transaction fee" as their profit? I don't think these ATMs work like Coke machines, having a service person from the company who owns the machine come fill it up every week. If they do, then it's that little third-party ATM service co that's actually losing the cash -- and rightfully so, since they would be the ones who forgot to set a real password. Otherwise, I believe that the small business is the one that takes the hit, since the banks only pay on what they actually approved for withdrawal from the accounts.

    link to this | view in thread ]

  26. identicon
    Andrew Yu-Jen Wang, 8 Mar 2009 @ 5:20pm

    Robert Mueller does not like George W. Bush—Bush committed too many crimes.

    George W. Bush committed hate crimes of epic proportions and with the stench of terrorism (indicated in my blog).

    George W. Bush did in fact commit innumerable hate crimes.

    And I do solemnly swear by Almighty God that George W. Bush committed other hate crimes of epic proportions and with the stench of terrorism which I am not at liberty to mention.

    Many people know what Bush did.

    And many people will know what Bush did—even to the end of the world.

    Bush was absolute evil.

    Bush is now like a fugitive from justice.

    Bush is a psychological prisoner.

    Bush has a lot to worry about.

    Bush can technically be prosecuted for hate crimes at any time.

    In any case, Bush will go down in history in infamy.

    Submitted by Andrew Yu-Jen Wang
    B.S., Summa Cum Laude, 1996
    Messiah College, Grantham, PA
    Lower Merion High School, Ardmore, PA, 1993

    “GEORGE W. BUSH IS THE WORST PRESIDENT IN U.S. HISTORY” BLOG OF ANDREW YU-JEN WANG
    ______________________
    I am not sure where I had read it before, but anyway, it goes kind of like this: “If only it were possible to ban invention that bottled up memories so they never got stale and faded.” Oh wait—off the top of my head—I think the quotation came from my Lower Merion High School yearbook.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.