Jump to content

Cracking ATM machines by MP3


DLSS

Recommended Posts

Techology can always be surprising, if associated with human fantasy..

This time we talk about MP3 players. Indeed those cute devices that are commonly used for listening to music have now acquired a new unexpected function: if properly handled they could turn out to be very effective instruments to carry out profitable (but also illegal) activities!

Anyway this is not a Zone-H discovery: the idea was exploited by a British man who managed in outwitting British banking security system by using a normal MP3 music player to steal customer’s credit card details by bugging cash machines, the Times-online reported last week .

The responsible has been identified as Maxwell Parsons, 41, a well known criminal figure that not only is involved in a series of robberies all around England, but also did he spend 32 months in prison for deception and unlawful interception of a public telecommunications transmission.

Anyway, the MP3 technique isn’t his own invention, indeed he learnt how to use it from Malaysian gangs that have widely used this metod for long.

But how did this technique work and how did he manage in carrying out the frauds?

See Parson's step in the picture on the right.

The fraudster recorded data transmitted from common ATM cash machines using MP3 portable music players, and then he converted data to readable numbers using a separate computer programme.

“The phone line running from the machine to an ordinary BT white socket was unplugged and a two-way adaptor inserted. The MP3 player was then placed between the ATM machine’s output cable and the phone socket†the Times explains.

“The player would record the tones, which resemble the kind of sound emitted by a fax machine. These were then interpreted using a modem line tap, or MLT, acquired from Canada, or passed through a computer software program bought illicitly in Ukraine.â€

Parson, who was also the key member of a gang that carried out several robberies in few months, used such data to encode and clone a number of credit cards and he purchased a plunder that amounted about to £200.000. The targeted ATM were placed in bars, bingo halls and bowling alleys.

The irony in this story is that the man was not arrested during a police operation, but.. for an illegal U-turn that he did driving his car in London!

His mistake was that of carrying with him one of his counterfeit credit cards. Once the policeman discovered it, he immediately alerted police headquater that obteined the authorization for a search in paron's house in Manchester.

There, police came across 26 bank cards of which 18 were cloned and the rest counterfeit and all the technical equipment necessary to carry out the scam.

Justice done: the criminal was caught and his secrets exposed: MP3 music players will be simple music players again.. for the time being.

atm1.jpg

source : http://www.zone-h.org/content/view/14379/31/

Link to comment
Share on other sites

I never use those ATM's anyway, they usually charge.

Good idea though, just goes to show how vulnerable some of the banking systems are.

I work in a bank, and my warnings about connecting to the central server through port 23 seem to go unheeded (we share our network with Leeds city council, the largest employer in the city).

Link to comment
Share on other sites

What happed to encryption?

This is a little in-accurate, or at least here in the US I feel. Typically the transmission (typical by FTC rules) is done with a two way key encryption hand shake. You can read more about it if you down load the user PDFs from the website of the maker of the various ATM machines.

Link to comment
Share on other sites

did anyone ever hear how that guy managed to change the atm to spit out $20's as 5's?

This is what it was

The guy used the ATM manufacture's default codes (typically triggered by a sequence, and the code is like 0987654321 or 1234567890 while holding down a key by the display) to go into the ATM machine, and tell it that cash tray one was all 5s.

Even though it was 20s.

So he used his PRE-PAY`d card (this is how he couldnt track him) (prepay credit cards and ATM cards are readily avalible for sale at corner stores and on the web), and withdrew $300... but seing as it thought it had fives in it, it had to spit out 4x the amount... thus he got a bonus 900 from the ATM machine.

You can find PDF files describing the manufacture's default codes online in PDF file with some cleaver google searching, seeing as most companies have taken down the files since this happened... ONLY IF YOU WANT TO MAKE SURE THE CASH MACHINE YOU BOUGHT IS SECURE AND THAT YOU HAVE RESET YOUR DEFAULT PASSWORDS... BOTH ADMIN AND THE ATTENDANT PASSCODES!!!! YOU HAVE NO BUSINESS DOWNLOADING AND READING THESE PDF's IF YOU DO NOT OWN THE MACHINE.

/end legal notice.

Link to comment
Share on other sites

I never use those ATM's anyway, they usually charge.

since when?

the scam about here atm is they fit a small camera facing down on the keypad and watch you type in your pass code, then they nick your card later.

Link to comment
Share on other sites

I was under the impression that the way this scam works was by glueing a slot over the real slot that seems to blend in well with the actual machine. As you insert your card, it passes through the fake slot which records what's on the magnetic strip. A folder tray or some such on the inside of the machine has a miniature camera aimed at the keypad to fill in the last bit of info you need.

It was actually in a CSI episode from a while back.

Here in .NL the machine starts by showing you an image of what the machine should look like from the outside in an effort to thwart this attack.

Link to comment
Share on other sites

lol thats a bit advanced for here, they'll just pickpocket your card ... actually this time of year, three years ago the northmen bank here was robed of over £50 million

Link to comment
Share on other sites

Same here. Taking money out of the machine is free. I do believe a few banks here charge you a small fee (like, a single euro) when you come in to retrieve money, unless it's a large amount that the machine isn't allowed to give out.

Also, the most popular way to rob an ATM here is to drive a Shovel (think Bulldozer, but with tractor tires) into the wall of the bank. As a protection measure, they now place the ATMs in locations that don't have a direct path to them for such vehicles, or place large, anchored boulders around the machine.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...