Jul 29 - ATM hacking... The new get rich quick scheme

most viewed right now
 48
Image(s) inside May 19 - Here's #1 Factor Experts Say Accounts for High Number of Mass..
46 comments
@news
most viewed right now
 30
Image(s) inside 6ix9ine smashing and impregnating every girl in America
72 comments
@misc
most viewed right now
 30
Image(s) inside This nigguh Don Q is a midget..No cap!!
63 comments
@hiphop
most viewed right now
 28
Video inside YBN Cordae ends J Coles career
31 comments
@hiphop

section   (0 bx goons and 1 bystanders) Share this on Twitter   Share this on Facebook
 

Props Slaps
 8 years ago '04        #1
6653 pageviews
51 comments


d2powermf 3 heat pts
space
avatar space
space
$553 | Props total: 13 13
Jul 29 - ATM hacking... The new get rich quick scheme
 

 

[pic - click to view]



If only I knew how read & write computer code....

------

Bunker-busting ATM attacks show security holes
Cracking the vault: ATMs spill their guts in new computer attacks

Jordan Robertson, AP Technology Writer, On Wednesday July 28, 2010, 10:35 pm EDT

LAS VEGAS (AP) -- A hacker has discovered a way to force ATMs to disgorge their cash by hijacking the computers inside them.

The attacks demonstrated Wednesday targeted standalone ATMs. But they could potentially be used against the ATMs operated by mainstream banks.

Criminals have long known that ATMs aren't tamperproof.

There are many types of attacks in use today, ranging from sophisticated to foolhardy: installing fake card readers to steal card numbers, hiding tiny surveillance cameras to capture PIN codes, covering the dispensing slot to intercept money and even hauling the ATMs away with trucks in hopes of cracking them open later.

Computer hacker Barnaby Jack spent two years tinkering in his Silicon Valley apartment with ATMs he bought online. These were standalone machines, the type seen in front of convenience stores, rather than the ones in bank branches.

His goal was to find ways to take control of ATMs by exploiting weaknesses in the computers that run the machines.

He showed off his results here at the Black Hat conference, an annual gathering devoted to exposing the latest computer-security vulnerabilities.

His attacks have wide implications because they affect multiple types of ATMs and exploit weaknesses in software and security measures that are used throughout the industry.

His talk was one of the conference's most widely anticipated, as it had been pulled a year ago over concerns that fixes for the ATMs wouldn't be in place in time. He used the extra year to craft more dangerous attacks.

Jack, who works as director of security research for Seattle-based IOActive Inc., showed in a theatrical demonstration two ways he can get ATMs to spit out money:

-- Jack found that the physical keys that came with his machines were the same for all ATMs of that type made by that manufacturer. He figured this out by ordering three ATMs from different manufacturers for a few thousand dollars each. Then he compared the keys he got to pictures of other keys, found on the Internet.

He used his key to unlock a compartment in the ATM that had standard USB slots. He then inserted a program he had written into one of them, commanding the ATM to dump its vaults.

-- Jack also hacked into ATMs by exploiting weaknesses in the way ATM makers communicate with the machines over the Internet. Jack said the problem is that outsiders are permitted to bypass the need for a password. He didn't go into much more detail because he said the goal of his talk "isn't to teach everybody how to hack ATMs. It's to raise the issue and have ATM manufacturers be proactive about implementing fixes."

The remote style of attack is more dangerous because an attacker doesn't need to open up the ATMs.

It allows an attacker to gain full control of the ATMs. Besides ordering it to spit out money, attackers can silently harvest account data from anyone who uses the machines. It also affects more than just the standalone ATMs vulnerable to the physical attack; the method could potentially be used against the kinds of ATMs used by mainstream banks.

Jack said he didn't think he'd be able to break the ATMs when he first started probing them.

"My reaction was, 'this is the game-over vulnerability right here,'" he said of the remote hack. "Every ATM I've looked at, I've been able to find a flaw in. It's a scary thing."

Kurt Baumgartner, a senior security researcher with antivirus software maker Kaspersky Lab, called the demonstration a "thrill" to watch and said it is important to improving the security of machines that can each hold tens of thousands of dollars in cash. However, he said he doesn't think it will result in widespread attacks because banks don't use the standalone systems and Jack didn't release his attack code.

Jack wouldn't identify the ATM makers. He put stickers over the ATM makers' names on the two machines used in his demonstration. But the audience, which burst into applause when he made the machines spit out money, could see from the screen prompts on the ATM that one of the machines was made by Tranax Technologies Inc., based in Hayward, Calif. Tranax did not immediately respond to e-mail messages from The a.ssociated Press.

Triton Systems, of Long Beach, Miss., confirmed that one of its ATMs was used in the demonstration. It said Jack alerted the company to the problems and that Triton now has a software update in place that prevents unauthorized software from running on its ATMs.

Bob Douglas, Triton's vice president of engineering, said customers can buy ATMs with unique keys but generally don't, preferring to have a master key for cost and convenience.

"Imagine if you have an estate of several thousand ATMs and you want to access 20 or so of them in one day," he wrote in an e-mail to the AP. "It would be a logistical nightmare to have all the right keys at just the right place at just the right time."

Other ATM manufacturers contacted by the AP also did not immediately respond to messages.

Jack said the manufacturers whose machines he studied are deploying software fixes for both vulnerabilities, but added that the prevalence of remote-management software broadly opens up ATMs to hacker attacks.


Link to actual source:
[pic - click to view]

 Bunker-busting ATM attacks show security holes - Yahoo! Finance

51 comments for "Jul 29 - ATM hacking... The new get rich quick scheme"

 8 years ago '04        #2
hockeythug 66 heat pts66
space
avatar space
space
$19,303 | Props total: 848 848
Jack, who works as director of security research for Seattle-based IOActive Inc.
I could prolly hack an ATM as well if I could legally obtain them and f**k around with them for hundreds of hours in a lab somewhere.


Last edited by hockeythug; 07-29-2010 at 12:30 AM..
 8 years ago '07        #3
JohnDoe 216 heat pts216
space
avatar space
space
$12,526 | Props total: 6098 6098
Great Read......imagine being able to dl a program walk up an tell the machine to do a money dump..... NICE

edit: You know no that i think for a second i think i know where this dude lives because 3 or 4 years ago when i was managing on the weekends for my trucking company i would have to do delivery's to a guys house on the weekends this guy was getting ATM's shipped to his house......i did about 6 or 7 delivery's........he told me he worked for a security firm an was a real nice guy but dude had about 15 machines in his garage all in different stages of being broke down......seems like that was probably him......I do live in Seattle and this is where his Company is based out of so who knows


They did say he lives in Silicone Vally so i wonder who the guy was that i was delivering to?


Last edited by JohnDoe; 07-29-2010 at 12:35 AM..
 8 years ago '04        #4
franchise 60 heat pts60
space
avatar space
space
$7,788 | Props total: 309 309
i'd say i worked for a security firm too if some1 was asking about my bank heist
 07-29-2010, 01:31 AM         #5
GOD999 
space
space
space
$n/a | Props total:  
I wont lie, I don't steal but goddamn @ the amount of money you could walk off with if you learn this trick
 8 years ago '98        #6
ronnie|A 10 heat pts10
space
avatar space
space
$30,443 | Props total: 4281 4281
John Connor was already doing this back in the early 90s


[pic - click to view]

 8 years ago '10        #7
Shhon 859 heat pts859
space
avatar space
space
$19,621 | Props total: 24410 24410
if only i knew how to really do this. i hacked a coke machine in high school.
 8 years ago '04        #8
l0udm0uf 1 heat pts
space
avatar space
space
$7,678 | Props total: 3 3
 ronnie said:
John Connor was already doing this back in the early 90s


[pic - click to view]

was just thinking this
 8 years ago '06        #9
Storchaveli 96 heat pts96
space
avatar space
space
$28,298 | Props total: 5317 5317
 ronnie said:
John Connor was already doing this back in the early 90s


[pic - click to view]

That one caught me off guard.
 8 years ago '10        #10
beast mode 26 heat pts26
space
avatar space
space
$14,443 | Props total: 2458 2458
 ronnie said:
John Connor was already doing this back in the early 90s


[pic - click to view]


first thing that came to mind
 8 years ago '10        #11
theking1 3 heat pts
space
avatar space
space
$6,236 | Props total: 12 12
 ronnie said:
John Connor was already doing this back in the early 90s


[pic - click to view]

 8 years ago '10        #12
Figueroa 35 heat pts35
space
avatar space
space
$6,695 | Props total: 1957 1957
 ronnie said:
john connor was already doing this back in the early 90s


[pic - click to view]

"eaaaaaasy money"
 8 years ago '04        #13
bouncer900 
space
avatar space
space
$4,075 | Props total: 117 117
 ronnie said:
John Connor was already doing this back in the early 90s


[pic - click to view]

 07-29-2010, 05:37 AM         #14
normpeterson 
space
space
space
$n/a | Props total:  
I could prolly hack an ATM as well if I could legally obtain them and f**k around with them for hundreds of hours in a lab somewhere.
Its really not that easy at all-you need to know how to write codes and know how to make your own programs which is hard. The easy part would be getting the atm. You can buy them you know....for yourself,business or house on the internet.
 8 years ago '06        #15
PokeyG82 
space
avatar space
space
$281 | Props total: 0 0
I work on Atms. I guess we will b getting briefed about this,even though this is old to us and not the only way to do this...
 8 years ago '07        #16
Sincere730 12 heat pts12
space
avatar space
space
$10,410 | Props total: 8039 8039
 Sean McDevitt said:
if only i knew how to really do this. i hacked a coke machine in high school.
 8 years ago '06        #17
beantown 74 heat pts74
space
avatar space
space
$23,410 | Props total: 2 2
 ronnie said:
John Connor was already doing this back in the early 90s


[pic - click to view]



He did that s**t using an Atari too, you know he was ahead of his time
 07-29-2010, 06:15 AM         #18
Sniggit 
space
space
space
$n/a | Props total:  
alll yall gotta do i guess is find the source code for the atm machines, which if your a hacker ( internets big, s**t loads of illegal hacking communitys ) i wouldnt of thought would be that hard to obtain.

you dont need to have the machine, a computers virtual. ur hackin the virtual to give u physical money, if anything u just need the right source code for the machine ur gnna hack, so id guess ud have to take a picture of the one ur plannin to use.

ps. I dont know 100%, im just guessing since its basically a computer, if im wrong i know ill be corrected by that atm engineer dude
 8 years ago '05        #19
THEINFAMOUS 19 heat pts19
space
avatar space
space
$47,917 | Props total: 13336 13336
 PokeyG82 said:
I work on Atms. I guess we will b getting briefed about this,even though this is old to us and not the only way to do this...
Spill them beans
 8 years ago '06        #20
Pitts Gutta 18 heat pts18
space
avatar space
space
$2,927 | Props total: 12 12
Quit stealing and make something of yourself. How about that.
Home      
  
 

 






most viewed right now
 20
Image(s) inside Kaylin Garcia
34 comments
2 days ago
@thotsdimesetc
most viewed right now
 8
Video inside I guess Lil Tay ain’t flexing on all her haters anymore
323 comments
1 day ago
@hiphop
most viewed right now
 7
Image(s) inside Now That's A Real A$$!...
42 comments
1 day ago
@thotsdimesetc
most viewed right now
 6
Image(s) inside Snoop kills that Pac is an actor nonsense ya be talking
205 comments
1 day ago
@hiphop
most viewed right now
 5
NBA Steph Curry has OFFICIALLY lost all hope, his HAIRLINE,& thinks he is in a..
66 comments
2 days ago
@sports
most viewed right now
 4
Tekashi tried to 'check in' with Snoop,got DENIED!!!!!
74 comments
1 day ago
@hiphop
most viewed right now
 3
NBA The narrative that Lebron's team is trash has begun. Again. (I've lost cou..
105 comments
1 day ago
@sports
most viewed right now
 3
NBA Where does cousins end up?
80 comments
1 day ago
@sports
back to top
register contact Follow BX @ Twitter Follow BX @ Facebook search BX privacy