Author Topic: How to hack an ATM  (Read 20700 times)

Offline I-baLL

  • OMG Mod
  • Cactus Zombie
  • *****
  • Posts: 369
  • 1337 13V3L: +33/-7
Re: How to hack an ATM
« Reply #30 on: October 28, 2006, 12:33:39 AM »

i think.. but anyways hold down a and press 1 if you go to maanger duties it asks for a passwd maybe before hand go ask the clerck what their store number is (if franchised) or just try normal default passwords like 1111 1234 4321 etc.  I tried to BF the password once with like 5 trys before being seated in a crowded Eat and Park.  :)

I don't think that the store people actually have the ATM password. I think it's the ATM distributor who has it.

Triton seem to like 6 digit passwords.

Offline Reverend Greed

  • PLA Guru
  • *****
  • Posts: 224
  • 1337 13V3L: +42/-7
Re: How to hack an ATM
« Reply #31 on: December 23, 2006, 11:52:14 PM »
Good discussion.

I just want to make a few points.

ATM cameras these days not only record you, but the transation you are conducting in real time.  So, the moment you start hitting buttons - it signals the camera to record you and what's being done.  The data is still recorded on regular VHS tape.  The tapes are generally kept in storage for a period of 7 years.  Also, the cameras span more than you think.  They are used to span into the parking lots in order to catch view a vehicle's license plate of a potential fraudster or bank robber.  So, if you plan on doing something - my recommendation is going late at night and with a disguise, remove jewelry, cover tattoos, etc, and park way away from view of the ATM.

ATM machines require a once a month surprise audit by bank/credit union employees.  On older machines - the machine is placed in an "Out of Service" operation.  At which time - the ATM the 911 button is exercised (if the machine has one) and the withdrawal of cash with a dummy ATM card is conducted with a 4 digit "ATM code".  The code is dependent on what the particular branch assigned it as.  On newer machines - again the "Out of Service" is placed, but now, an employee, generally the manager uses his/her own card to withdrawal cash then immediately deposit it.  The purpose of this also is to make sure the timestamp is correct when a transaction occurs.  The newer machines are produced by Wincor Nixdorf utilizing IBM software for production.  All maintenance modes for the ATM are set inside the bank - this includes displayed advertisements.  The vast majority of banks and credit unions contract to third party vendors in the event of a machine failure (i.e. cash stuck in the dispensor) and the ATM automatically notifies that vendor to send a service technician out to fix it especially on weekends when most banks are closed.  Most machines in service do not allow any form of transation unless you have an ATM card.

Reboot America

Offline trevelyn

  • Administrator
  • Elite Cactus Squad
  • Ninja Phone Loser
  • *****
  • Posts: 1687
  • 1337 13V3L: +183/-22
  • He likes cans and taking pictures in cans!
    • WeakNet Labs
Re: How to hack an ATM
« Reply #32 on: December 24, 2006, 06:49:15 AM »
heres a triton trying to boot windows XP pro i found in a mall:



i would never steal from one, i just want to see the "managerial duties" under the options screen i found.  Stealing is ass, unless it's from a phone company.  :P

Offline Raptor

  • OMG MOD wannabe
  • Ninja Phone Loser
  • ***
  • Posts: 1208
  • 1337 13V3L: +80/-52
  • We can be happy underground
Re: How to hack an ATM
« Reply #33 on: December 24, 2006, 08:12:09 AM »
The ATM machines in our mall seem to have been out of service for the last 3 months. It's funny that no one cares enough to want to fix it. Even more funny, is the dvd rental machine (Similar to a red box) that has a norton antivirus prompt up, covering the entire screen. Thats been there just as long as the ATM's have been down. Why the hell would a video rental machine get a virus? Some idiot set it to do a regular scan every week or something, and then no one can get movies out of it. I'd like to see a thread about hacking photo processing machines, like the ones you see in CVS
Raptor\\\'s Random Reviews!

http://www.phonelosers.org/forums/index.php?board=30.0

Offline I-baLL

  • OMG Mod
  • Cactus Zombie
  • *****
  • Posts: 369
  • 1337 13V3L: +33/-7
Re: How to hack an ATM
« Reply #34 on: December 24, 2006, 08:54:03 AM »
Most ATMs do not have any video cameras. That's because most ATMs aren't bank ATMs but are private ATMs at delis, groceries, strip clubs, etc. There might a surveillance camera nearby but they're usually not pointed directly at the ATM. You think that's bad? Here's something else that's interesting. The surveillance tapes for security camera tend to get reused. They only get put into storage if something actually happens. And since tape is a magnetic film media the magnetic coating wears off the tape thus maknig the surveillance tapes useless. I've read a book where people from the FBI Crime Lab were interviewed and they were all bitching about that.

I never heard the thing about banks auditing their own ATMs every month. It makes sense but why do they need to withdraw money to check the timestamp? The time can usually be checked in the settings menu or recieved through giving a bad pin to the ATM and thus getting a "Transaction Denied" reciept. You can also just check your balance and the receipt will have the date and time on it.

Also, I remember some big hoopla on Slashdot a couple of years ago when Diebold decided to connect at least some of their ATMs to the internet. I should find that article.

Hmm... Rev. Greed, it seems that you're getting your info from a single source. I can tell by this line:

"The newer machines are produced by Wincor Nixdorf utilizing IBM software for production"

Because a lot of banks also tend to use Diebold machines.

So, whatever source you're using it's referring to a specific set of banks. I'm not saying that what you;re sauing is wrong. I'm just saying that it isn't an overall picture of things. Also, can you tell us more about the audits? What are they done for exactly? Cause the timestamp thing is weird cause there's no need to withdraw money to check the time.

Good discussion.

I just want to make a few points.

ATM cameras these days not only record you, but the transation you are conducting in real time.  So, the moment you start hitting buttons - it signals the camera to record you and what's being done.  The data is still recorded on regular VHS tape.  The tapes are generally kept in storage for a period of 7 years.  Also, the cameras span more than you think.  They are used to span into the parking lots in order to catch view a vehicle's license plate of a potential fraudster or bank robber.  So, if you plan on doing something - my recommendation is going late at night and with a disguise, remove jewelry, cover tattoos, etc, and park way away from view of the ATM.

ATM machines require a once a month surprise audit by bank/credit union employees.  On older machines - the machine is placed in an "Out of Service" operation.  At which time - the ATM the 911 button is exercised (if the machine has one) and the withdrawal of cash with a dummy ATM card is conducted with a 4 digit "ATM code".  The code is dependent on what the particular branch assigned it as.  On newer machines - again the "Out of Service" is placed, but now, an employee, generally the manager uses his/her own card to withdrawal cash then immediately deposit it.  The purpose of this also is to make sure the timestamp is correct when a transaction occurs.  The newer machines are produced by Wincor Nixdorf utilizing IBM software for production.  All maintenance modes for the ATM are set inside the bank - this includes displayed advertisements.  The vast majority of banks and credit unions contract to third party vendors in the event of a machine failure (i.e. cash stuck in the dispensor) and the ATM automatically notifies that vendor to send a service technician out to fix it especially on weekends when most banks are closed.  Most machines in service do not allow any form of transation unless you have an ATM card.



Offline Reverend Greed

  • PLA Guru
  • *****
  • Posts: 224
  • 1337 13V3L: +42/-7
Re: How to hack an ATM
« Reply #35 on: December 24, 2006, 12:14:57 PM »
Hello,

Quote
Most ATMs do not have any video cameras. That's because most ATMs aren't bank ATMs but are private ATMs at delis, groceries, strip clubs, etc. There might a surveillance camera nearby but they're usually not pointed directly at the ATM.

You're right about that, however, I was refering to machines at the actual bank.

Quote
I never heard the thing about banks auditing their own ATMs every month. It makes sense but why do they need to withdraw money to check the timestamp? The time can usually be checked in the settings menu or recieved through giving a bad pin to the ATM and thus getting a "Transaction Denied" reciept. You can also just check your balance and the receipt will have the date and time on it.

Banks and Credit Unions are insured by the FDIC and NCUA accordingly.  Banks/Credit Unions are required to have monthly "surprise" audits on every teller, the vault, and the ATM machines as a measure to prevent insider fraud.  Also, the audit is required by internal auditors because private insurance companies require it.  Here's why:  when an individual files a Regulation E disbute regarding the use of an unauthorized transation whether it be the customer placed his/her PIN on the back of the card and money was withdrawn or a transation from the internet lets say - the customer is held harmless and the bank will take the loss.  When the bank reaches their ceiling amount of say $50,000 in an annual time frame, then their private insurance will begin to cover the losses.  The audits on the ATM machines even include counting the money the ATM should have for that day.  A withdrawal from the ATM machine during this audit with ensure this:

1)  That the ATM is able to balance its cash flow.
2)  That customers have access to cash withdrawals.
3)  It provides an accurate mark of a timestamp because the majority of fraudulent transations are withdrawals.  (i.e. I lost my ATM card - it wasn't me who withdrew the cash.)

Quote
Also, I remember some big hoopla on Slashdot a couple of years ago when Diebold decided to connect at least some of their ATMs to the internet. I should find that article.

That would be a little scary.  From personal experience - they can be connected to intranets as a means for management to maintain appropriate cash on hand and balancing issues.

Quote
Hmm... Rev. Greed, it seems that you're getting your info from a single source. I can tell by this line:

"The newer machines are produced by Wincor Nixdorf utilizing IBM software for production"

This single source is me.  I'm in the banking industry.  Wincor Nixdorf is one of the biggest suppliers of ATMs in the world.  I believe they rank third, but I'm not for sure.  I reside in Central California and these are the brands I most commonly see.
Reboot America

Offline Raptor

  • OMG MOD wannabe
  • Ninja Phone Loser
  • ***
  • Posts: 1208
  • 1337 13V3L: +80/-52
  • We can be happy underground
Re: How to hack an ATM
« Reply #36 on: December 24, 2006, 03:21:15 PM »
about those magnetic tapes, possibly a few hard drive magnets would take care of that "evidence"? heheheh
Raptor\\\'s Random Reviews!

http://www.phonelosers.org/forums/index.php?board=30.0

Offline MattGSX

  • Whiny Music Nerd
  • Senior PLA Junkie
  • *****
  • Posts: 1195
  • 1337 13V3L: +59/-97
  • Douchenozzle
    • Matt GSX Has Better Taste In Music Than You
Re: How to hack an ATM
« Reply #37 on: January 21, 2007, 01:20:47 AM »
Yeah, that's a great idea. How would you get the tape? Security cameras typically broadcast onto a closed-circuit network, which is then taped. In some situations, There can be one tape showing a pint-sized version of each camera, one tape switching between each camera, and then a single tape per camera. In some cases, these tapes aren't even made by the business, but by an outside company, meaning you'd have to track the company down and sneak in to obtain the tapes.

Of course, if you're trying to do this at a gas station or somewhere similar, have fun. Most gas stations around here have a separate camera in the manager's office that feeds either directly to a remote location (the way I just explained), to a hard drive (if the company can afford digital security cams or just uses all x10 stuff), or to another location for security. The gas station down the street from me has the manager's camera feed directly to the manager's house (next door), though this could also be an anomaly.

Offline linear

  • High Priest of Operations
  • OMG Mod
  • PLA Army
  • *****
  • Posts: 558
  • 1337 13V3L: +47/-79
  • United Phone Losers
    • United Phone Losers
Re: How to hack an ATM
« Reply #38 on: January 21, 2007, 01:45:36 AM »
Also, I remember some big hoopla on Slashdot a couple of years ago when Diebold decided to connect at least some of their ATMs to the internet. I should find that article.

That's because the people on slashdot who read that were morons. Diebold wasn't stupid enough to connect their ATM machines to the internet. that's absurd. What happened was that diebold produced "WebATM's" for wells fargo.

People read "Web" and automatically assumed it was going to be connected to the internet. but why would anyone do that? It was a WebATM because it could display "Web" content. it's an internal network that displays information tot he end-user on a web-like interface.

no internet.


Offline trevelyn

  • Administrator
  • Elite Cactus Squad
  • Ninja Phone Loser
  • *****
  • Posts: 1687
  • 1337 13V3L: +183/-22
  • He likes cans and taking pictures in cans!
    • WeakNet Labs
Re: How to hack an ATM
« Reply #39 on: January 21, 2007, 09:26:39 AM »
 :S  oh, i forgot about a video camera.. I thought the carmeras on a Triton were useless, heh.  Everytime im in a restaurant or convenience store and i see one i bring up the secret menu i found and bruteforce the passwd at least 5 or 6 times before giving up.  whoops.  It's not like im trying to steal, i just want to see what "Manager's duties" means.. like whats behind the cloak you know?