"“We have lent a huge amount of money to the U.S. Of course we are concerned about the safety of our assets. To be honest, I am definitely a little worried.” "


Chinese premier Wen Jiabao 12th March 2009


""We have a financial system that is run by private shareholders, managed by private institutions, and we'd like to do our best to preserve that system."


Timothy Geithner US Secretary of the Treasury, previously President of the Federal Reserve Bank of New York.1/3/2009

Sunday, November 19, 2006

ATM rip-offs.

Maxwell Parsons (41) of Gorton Manchester was a passenger in a car which made an illegal U-turn in the City of London. On searching the car the Police found a counterfeit bank card and Parson, who was known to the Police, had his home searched.

This uncovered a ridiculously simple method of harvesting data from free standing ATM's in bingo halls, amusement arcades and bowling alleys. By simply intercepting the BT telephone line connecting the machine to the BACS network , installing and cheap (£2) 2 way plug and attaching an MP3 player, to record the oscillating signal (such as you may hear when connecting to a Fax machine) Parsons was able to record data for later demodulation and reconstruction of the card number and PIN.

So far some £200,000 of purchases have been traced using modified credit cards only £14,000 of it traced back to Parson - who got 32 months for his troubles at Minshull Street Crown Court in Manchester this week.

On August 19th in the US a black male, approximately 5'8" tall with a thin build wearing a white T-shirt with writing on the back, dark shorts, dark tennis shoes and a red ball cap was last seen driving a light tan four-door car. He strolled into a Crown Gas Station at 2400 Lynnhaven Parkwayn, Virgina Beach VA. and casually re-programmed it 's ATM machine run by Net Bank Payment Systems, based in Jackson, Mississippi. From the public console he instructed it to issue US$20 bills instead of US$5 bills and only debit his account with the US$5 debits. - due to a limit on it issuing 80 bills it limited the scam to US$800. Apparently it took following users who benefited from the scam 9 days to report it! As the perp used an untraceable pre-paid debit card he also was untraceable.

See CNN report with CCTV of the casual dude at work here on You Tube (1.34) 154,749 views to date

Dave Goldsmith, working in computer security researcher at Matasano Security,NY. (We specialize in solving the security challenges of complicated applications deployed in high-risk environments) ... dug into this news story on CNN and was able to identify the machine's model and maker: a Tranax Mini Bank 1500 series - there are 75,000 Mini-Bank ATMs in service in the US.

Obtaining a (legal) copy of Tranax's manual which spelt out the diagnostic mode, default passwords - which engineers couldn't be arsed to change. he found he could soon be inside and once inside - and armed with the manual - hey Presto ! Open Sesame time.

Tranax say they have a firmware fix in the works but engineers REALLY should change the password from default. Ho.Ho.

2 comments:

Anonymous said...

I watched the li'l CNN video. Thank heavens we have CCTV to protect us from crime.

Anonymous said...

Well done to the banks for introducing 'chip 'n' pin' with subsequent changes in liabilities.

With a two way plug and mp3 player all our credit cards are useless.

(C) Very Seriously Disorganised Criminals 2002/3/4/5/6/7/8/9 - copy anything you wish