Hacker Figures Out How To Make ATM Spew Cash, Tells The World About It

rated by 0 users
This post has 18 Replies | 3 Followers

Top 10 Contributor
Posts 26,388
Points 1,192,435
Joined: Sep 2007
ForumsAdministrator
News Posted: Thu, Jul 29 2010 8:13 PM
In need of extra cash? Who isn't, right? If you're a smart hacker, you may be able to make a small fortune by simply tricking an ATM or two into spitting out money for you. We know that sounds crazy, and it certainly is, but it's true nonetheless. At the annual Black Hat conference -- where hackers and security experts gather to make public certain loopholes in order to encourage companies to fix them -- Barnaby Jack was able to demonstrate how he could trick an ATM into spitting out all of its cash, and more.

The hacker spent two full years perfecting the ruse, which applied to the ATMs found often in front of convenience stores. The goal was to find a way to take control of the ATM by "exploiting weaknesses in the computers that run the machines," but unlike malicious hackers, his goal was to make this information public so that companies making them would take notice and close up these holes for thieves to exploit. 


His demonstration was one of the most widely viewed at the show, mostly because it affects a wide variety of ATMs and has the potential to really cause a lot of havoc. This is definitely an easy way to snatch cash -- far easier than robbing a bank -- and if this information fell into the wrong hands, it could really spell trouble. He was supposed to showcase this last year, but out of a fear that ATM makers couldn't close the loopholes in time, he delayed it until this year and spent the last 12 months finding even more holes.

He noticed that "the physical keys that came with his machines were the same for all ATMs of that type made by that manufacturer," so there's an easy way to get inside right there. Once you're in, he used the key to "unlock a compartment in the ATM that had standard USB slots. He inserted a program he had written into one of them, commanding the ATM to dump its vaults. — He hacked into the machines by exploiting weaknesses in the way ATM makers communicate with the machines over the Internet."

Follow the link below for the full report; it's definitely an interesting read.
  • | Post Points: 215
Top 50 Contributor
Posts 3,109
Points 38,260
Joined: Aug 2003
Location: Texas
acarzt replied on Fri, Jul 30 2010 12:21 AM

There is no link below :-( lol

My buddy used to work on these things.

He said you can easily make the machine thinks it's spitting out ones instead of $20s lol

Withdraw $20... and you'll get $400.

  • | Post Points: 20
Top 100 Contributor
Posts 1,099
Points 13,965
Joined: Jun 2010
fat78 replied on Fri, Jul 30 2010 8:18 AM

quick start robbing atms before they change them

  • | Post Points: 5
Not Ranked
Posts 1
Points 5
Joined: Jul 2010
JFarmer replied on Fri, Jul 30 2010 9:08 AM

Where is the link????

  • | Post Points: 5
Top 25 Contributor
Posts 3,795
Points 40,670
Joined: Jan 2010
Location: New York
Inspector replied on Fri, Jul 30 2010 10:37 AM

"magically grabs the code, then runs over to an ATM..." lol that would be a great fast way to to grab a new build :D

  • | Post Points: 20
Top 10 Contributor
Posts 8,691
Points 104,375
Joined: Apr 2009
Location: Shenandoah Valley, Virginia
MembershipAdministrator
Moderator
realneil replied on Fri, Jul 30 2010 11:48 AM

I read about this elsewhere because there's no link here.

The guy tried to hide the manufacture's names and the exact method of cracking them, but two of the machines displayed logos on the screens anyway. He notified the manufacturers as to the vulnerabilities the machines have long ago, and updated code has already been applied to many of the ATM's throughout the country. Yes, he cracked them, but revealed it all responsibly too.

Cool Beans.

Dogs are great judges of character, and if your dog doesn't like somebody being around, you shouldn't trust them.

  • | Post Points: 5
Top 10 Contributor
Posts 5,053
Points 60,715
Joined: May 2008
Location: U.S.
Moderator
3vi1 replied on Fri, Jul 30 2010 3:50 PM

I wonder how they could have hacked such a perfect system.

What part of "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn" don't you understand?

++++++++++++[>++++>+++++++++>+++>+<<<<-]>+++.>++++++++++.-------------.+++.>---.>--.

  • | Post Points: 20
Top 50 Contributor
Posts 3,109
Points 38,260
Joined: Aug 2003
Location: Texas
acarzt replied on Fri, Jul 30 2010 4:23 PM

lol looks like a pretty good security measure to me Evil.. in 7 days no one will be able to use that ATM at all.. let alone hack it! lol

  • | Post Points: 5
Top 25 Contributor
Posts 3,795
Points 40,670
Joined: Jan 2010
Location: New York
Inspector replied on Fri, Jul 30 2010 4:41 PM

lol 3vi1, what acarzt said :D. But looks like someone wasn't do their part of the job when putting this together... :)

  • | Post Points: 5
Top 75 Contributor
Posts 1,809
Points 18,105
Joined: May 2009
Location: Waikiki

Love that pic...What is that, Playschools "My first ATM"?

John Conner was doing this back in the 90's, maybe this is how Skynet takes over:P

Intel Core i7-875K Quad
Asetek 510LC 120MM
4GB Kingston Hyper-X DDR-3
ASUS P7P55D-E Pro
CyberPower 800 PSU
Kingston 64GB SSD 
2 Hitachi 1-TB HDD'S
FirePro V8800
8X Blu-Ray DVD±R/±RW
HPw2207 22" LCD
Cintiq 21UX
CoolerMaster 690II Advance
Win 7 Pro 64 bit
Special thanks to HotHardware.com!
  • | Post Points: 5
Top 500 Contributor
Posts 153
Points 1,705
Joined: Jul 2010
lonewolf replied on Fri, Jul 30 2010 10:33 PM

Good to see "Ethical Hacking"

Somebody get that man an application!!!!

  • | Post Points: 20
Top 50 Contributor
Posts 3,109
Points 38,260
Joined: Aug 2003
Location: Texas
acarzt replied on Sat, Jul 31 2010 1:59 AM

People do this kind of hacking all the time. It's just rare you actually hear about it :-P

  • | Post Points: 20
Top 10 Contributor
Posts 8,691
Points 104,375
Joined: Apr 2009
Location: Shenandoah Valley, Virginia
MembershipAdministrator
Moderator
realneil replied on Sat, Jul 31 2010 11:05 AM

@lonewolf: "Ethical Hacking"

The guy works for a computer security firm. He's uncovered many vulnerabilities in OS's and Browsers in the past. It's his day job.

He did this project at home, in his spare time, with his own money, then told the affected ATM makers far in advance, about how he did it without sharing his exact techniques with the world when he announced.

Sounds ethical to me.

 

Dogs are great judges of character, and if your dog doesn't like somebody being around, you shouldn't trust them.

  • | Post Points: 5
Top 50 Contributor
Posts 2,917
Points 24,670
Joined: Jul 2001
Location: United States, New York
digitaldd replied on Tue, Aug 3 2010 10:04 AM

Video links here

 

enjoy..

Page 1 of 1 (19 items) | RSS