ATM Hackers Caught Following Car Chase And Gun Shots

from the just-like-the-movies dept

Tue, Mar 10th 2009 7:20pm — Mike Masnick

A few years back, there were some stories about how some scammers had found online manuals for popular ATMs, which included a default password, which was rarely changed (yes, that's an amazingly stupid design). This meant that it was fairly easy to program the ATM to believe that it held different denomination bills. For example, you could program it to think that it held $5 bills when it actually held $20s -- and then if you took out "$40" you would be given 8 bills -- or $160. Not surprisingly, other hackers have replicated this scam a bunch of times -- aided in large part by ATM owners who still haven't changed the default password.

Still, if you were a scammer pulling such a scam, you might think that it would make sense not to pull it at the same store multiple times. But, that's exactly what two guys did last year, where they tried to hit a local restaurant's ATM for the fourth time. By that point, the manager had been alerted to look out for them, and called the police on them when they came in again. There was a bit of a mess after that, as the manager tried to pull a gun on the scammers, and there was some sort of scuffle, a gunshot, and then a car chase... but eventually the guys were arrested. So, once again: ATM makers: stop offering machines with default passwords. ATM owners: change the default password on your machines. Scammers: don't be so dumb as to try to rip off the same place multiple times (or, maybe that's what we want, since it makes them easier to catch... but it's still dumb).

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: atm, scams, theft

12 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Disenfranchised, 10 Mar 2009 @ 7:26pm

Rock the vote - tip the vote over
Are these the same folks who designed the now imfamous voting machines?
[ link to this | view in chronology ]
harls, 10 Mar 2009 @ 9:24pm

survival of the fittest
"Scammers: don't be so dumb as to try to rip off the same place multiple times (or, maybe that's what we want, since it makes them easier to catch... but it's still dumb)."

The importance of adaption and survival of the fittest applies to criminals just as much as everyone else. I'm sure you're aware of the Darwin Awards.
[ link to this | view in chronology ]
Anonymous Coward, 11 Mar 2009 @ 1:26am

Can't people do this with Coca-Cola vending machines, and would there be a car chase?
[ link to this | view in chronology ]
Michael Kohne, 11 Mar 2009 @ 3:12am

Every industry
This same sort of problem crops up in every industry. There have been a number of cases of default passwords on gas pumps. If a scammer gets a copy of the key, and uses the default password, he can get free gas by direct programming of the pump.

No one ever seems to learn.
[ link to this | view in chronology ]
Jamie, 11 Mar 2009 @ 4:13am

Stupid ATM owner
Not to diminish the stupidity of the criminals, but after the first time the ATM got hit, you would think that the password would have been changed right then.
Seriously, the ATM owner should have been smart enough to change it after getting scammed the first time.
[ link to this | view in chronology ]
- VRP, 11 Mar 2009 @ 1:13pm
  
  Re: Stupid ATM owner
  Then you must think the ATM machine somehow advised its owner how the thieves gained their access! I doubt its screen displayed such announcement ("default pwd [123456] was used").
  
  VRP
  [ link to this | view in chronology ]
MeAndOnlyMe, 11 Mar 2009 @ 7:15am

Jamie, I concur
Jamie is right on track with my thoughts. The FIRST time a hacker did this to an ATM, why didn't the ATM owner just change the password so no more hacks could take place?

I say the dumb one is the ATM owner, not necessarily the crook.
[ link to this | view in chronology ]
Dan, 11 Mar 2009 @ 8:35am

Are you helping criminals?
Are you "Aiding and Abetting"?
[ link to this | view in chronology ]
Neil (SM), 11 Mar 2009 @ 8:37am

One thing that doesn't make sense.
[ link to this | view in chronology ]
Neil (SM), 11 Mar 2009 @ 8:40am

One thing that doesn't make sense.
Oops, I hit return to early and may have submitted a blank comment. Apologies.

Anyway, I'm assuming they used their own ATM card after reprogramming the machine? I suppose they could have used a stolen card, but if they had a stolen card that worked, probably no need to reprogram the machine (other than to get around a daily limit I guess).

So shouldn't it have been fairly easy to discover the identity of the thieves from the records of ATM card they used?
[ link to this | view in chronology ]
- simon, 11 Mar 2009 @ 11:08am
  
  Re: One thing that doesn't make sense.
  it makes perfect sense
  
  1 we see here ATM owners using default password, not changing-it and just waiting to shoot the thieves...
  
  do you think they use brain power there ?
  [ link to this | view in chronology ]
alex, 11 Mar 2009 @ 12:31pm

R u guys coming from some fancy university?
It is all about of balancing numbers/risk: what is the difference between the guy who steal n the one who has to go to fix the machine?
A. very Lil from the boss point of view: both are hackers, one somehow crooked, the other somehow honest...if the honest decide to take the boss for a ride..BIg mess! and who gave him the key? plus a fix rate for every machine recoded plus mileage..conclusion the machines STILL have the default code IF the losses are no so great.. and they are not mostly...end of the story.
[ link to this | view in chronology ]