Slashdot Mirror
Man Used MP3 Player To Hack Cash Machines
Juha-Matti Laurio writes "A man in Manchester, England has been convicted of using an MP3 player to hack cash machines. The MP3 player was plugged into the back of free standing cash machines in bars. Tones being recorded from the phone line were decoded with special software to a readable format. Later this information was used to clone credit cards."
too bad he's joined the dark side :(
So he performed a generic man in the middle attack, recording information transmitted by modem and decoding it?
Hasn't this been done a million times before? Wouldn't it be easily performed with any sort of sound recorder?
MP3 players don't defraud bank customers, people defraud bank customers.
Unless of course they are Cylon MP3 players. Then they don't stop at fraud.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
You see, my friends ridiculed me for getting an Archos Jukebox instead of an iPod.
Guess they never saw the money making potential.
$30 Off All Plans: Use code TRIPLESAWBUCK
How does one know if it's a fake credit card? I have recieved cards from retailers for store credit that look like fake credit cards (Ikea). I assume that the fake credit cards look like the real thing. That's why when you go to Lowes, the cashier will ask to see the last four digits on your card. According to one of the clerks, Lowes has been a victim of phoney credit cards - theives will take a card and reprogram the magnetic strip on the back with a valid number.
Also, do the British police have that kind of power that they can just investgate all of that over just a traffic stop?
Banks don't encrypt the communication between ATMs and the bank? Seriously?
Really. We need to ban MP3 players and send terrorists (illegal MP3 player users) to Gitmo.
is that ATM's are still using DTMF, offensively insecure.
But what about the companies that send data in clear down an insecure medium?
Perhaps it is time our government created another act (Yes, I know we've got too many) which would be called the 'Computer responsible use act' which bans anyone from sending sensitive data in clear, bans all none bluetooth wireless keyboards and makes it an offense to have an unpatched machine on the internet.
Ok, what he did was illegal however what the ATM makers did is far far worse. So which banks care about ID theft?
So now all mp3 player owners can pay the RIAA ..... well i guess it all will workout ....
The ATM charged him for all the illegal download music on his MP3 player so the robbery was a net loss.
Maybe because they don't have Lexis-Nexis?
This may be possible in Europe, but I don't believe it's possible in the U.S. anymore. 3DES has been the standard ATM encryption method for a few years, and almost all ATM machines have been converted to 3DES (by Dec 31st they apparently won't operate unless they are 3DES since the ATM networks will only allow encrypted communications).
Even if someone can no longer use a generic man-in-the-middle attack in the future due to encryption, it's amazing how many other means for ATM fraud still exist. I couldn't believe this one when I saw it the other day.
Crack - Free with every butt and set of boobs
Life imitates art :)
Fuck Slashdot
I saw this movie! Harrison Ford was in it, and lots of people were talking about how stupid it was, except he used the MP3 wired to a fax machine to "read" the numbers off the screen, which was pretty stupid.
It's too bad they didn't think up something more plausible like what this guy did.
-- -- Warning. Do not stare directly at the sun.
I'm suprized nobody ever noticed this guy rigging the back of the ATMs.
Surely there isn't a ready-made plugin for my iPod in the back of theese things. Is there ?
Wanna fight ? Bend over, stick your head up your ass, and fight for air.
It's just me wondering what brand of mp3 player he used, then, is it?
I don't suppose it matters if he's just capturing audio data; in fact it's hardly even important that he was using an mp3 player - he could just have easily used one of those handheld cassette recorders.
So take THAT all you fuckers that complained about Harrison Ford using an Ipod in Firewall!!!
So payphones are more secure than ATMs? I still always keep a $.25 tone on my MP3 players, more for nostalgia than anything else.
"Sic Semper Tyrannosaurus Rex."
US police DO NOT have the right to search your car for a routine traffic stop. It is a violation of the 4th amendment, and every time a cop asks to search your vehicle without reason, and you let him, you are just throwing your constitutional rights away. If a cop pulls you over because you were speeding or your inspection is expired or because you didn't come to a complete stop at a stop sign, et al, he does not have the right to search your vehicle. I repeat:
POLICE DO NOT HAVE THE RIGHT TO SEARCH YOUR CAR DURING A ROUTINE TRAFFIC STOP IN THE US!!!
Now then, if something else is amiss, like say, when the cop turned on his lights, you started throwing bags of white powder out the windows onto the highway median, then he does have the right to search your vehicle.
my pet machine
That is so Firewall. Harrison Ford would be proud.
Oh no! We must immediately ban all MP3 players! Terrorists could use them to fund their War Against America.
If it had been an Ogg Vorbis player, instead of allowing the man to steal for himself, it would have taken the total balance on the cash machine and redistributed it equally to all accounts.
He wouldn't have got caught had he used Ogg Vorbis!!
If you think
When this man stole the money, whose liability was it? To the bank, the withdrawals looked like those customers, and they couldn't have known it was fraud. When the victims find out, can they go to the bank to get their money back, or is the bank immune?
Melissa
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
Also, watch this video: How to Avoid being Arrested by Cops
The video shows people obviously doing things both legal and illegal, and explains how they can avoid arrest and conviction.
....just become a bank. Really, why go low scale? You are allowed to loan money which doesn't even exist, and to receive back the theoretical principal along with *interest*. It's the biggest economic scam and legalized theft scheme out there, and it is widespread in the vast number of nations simply because it is such a wonderful way for those goons to "make money" without working for it.
a nking
http://en.wikipedia.org/wiki/Fractional-reserve_b
Cops are in general just retarded, just follow orders from their masters, their "superior" beings, and serve to protect the really BIG crooks, and bust the small timers. Does anyone REALLY think that the vast sums of money from say the drug trade DON'T flow through a lot of banks? Now you have two examples.
If you're African-American on a lonely road with N Caucasian police officers around you from a jurisdiction known for unprofessionalism, standing on your rights might be unwise.
Also be civil to the officer and don't make his/her job any harder than it already is. Remember that if the officer swears in court that you were throwing bags of white powder out the window and you swear that you weren't, the judge will believe the officer and uphold the search. *The officer knows this*. This happens in real life: I knew a criminal lawyer who'd seen a case like that. Many police officers are too honest to pull something like that, some will do it but only to nail down known criminals, some will rationalize it against anyone who acts like a jerk.
This Guardian (UK) article states that Technology imported from Ukraine was used to decode the tones from the transactions and turn them into [computer] information:6 ,00.html
http://www.guardian.co.uk/crime/article/0,,194802
I guess MP3 player owners really are thieves after all.
Unlike porn, which yada yada rimshot hey-ooh!
It's here: http://malfy.org/
Seems like he should be charged under the DMCA too.
They have to have probable cause to search a car without permission. What that boils down to basically is a reasonable belief that a crime has been committed. The bags out the window in the parents example would provide that. However a simple traffic stop does not, by itself. Now of course they could always force the issue, it's not like you can really stop them, but it does mean that if they don't have probable cause, anything they find will be thrown out in court (and a good defense attorney will challenge on that). In general, cops are good about obeying the rule because they know that if they conduct a search without probable cause the evidence is worthless. They'll instead try to either get you to agree, or obtain probable cause.
The standard is actually the same for searching a home, the difference is that except in some extenuating circumstances the police have to present the probable cause to a judge beforehand and get a warrant for a home search, whereas they can conduct a search of a car with no warrant and then present the probable cause later in court. Either way the standard is basically the same, they've got to have some reason to believe a crime was committed.
However in all cases, home or car, consent overrides the need for any sort of cause. If you say "Yes you can search my car," then they can do so. They need nothing more than your consent and it's legal.
have you every been asked by a cop to search your vehicle? I bet you have not. Because as soon as you say "no" to their question, the nature of your response leads them to probable cause. example:
Officer: Good evening, seen you speeding by back there. Mind if i search the vehicle?
You: No, I do mind, you cannot search my car.
Officer: Oh ? why not? what might you be hiding in there? If you won't let me search your car, you must be hiding something (this is where probably cause hits)
You: but sir, i know my 4th amendment rights, this is just a speeding violation, You can't search my vehicele.
Officer: But your hiding somthing in there, blah blah blah over and over until they search the vehicle.
this never fails. I have been pulled over 10 times in the last 3 years (yes 10) and I have yet to deter them from searching the vehicle. With everyone 4th amendment speech i give, and every constutional right I spit at them, they seem to ultimatly search the car anyways..
hahahaha looks like a pom with mod points noticed dude :-)
...and your rights are gone. They might even bring the K9 unit out and get the dog to bark on command.
NORML's is here, and another one from a lawyer is here. Well worth printing out and laminating and keeping in your billfold. Two things to note: 1) If you happen to be on a military base, even just to turn around and leave because you made a wrong turn, your rights are severely abridged. If you are on their property the military is free to search anything they want. 2) The War On Drugs has created a lot more room for officers to manuever in if the key phrase "drugs" is used. Here is a rather disheartening discussion about this "special" area of search law.
the same could be done several different ways, just because they use an MP3 player as a recording device, shock/horror, doesn't mean that is should even have been the subject of a /. entry. I prefer th stories about the micro-camera above the keypad and the cardreader in the phoney face plate. I check for this each time. Or even better. friend ends up with the wrong card after leaving a bar, the barman had swapped the card and is recording pin numbers via a repositioned security camera.
There was an unknown error in the submission.
it was a Diebold ATM machine?
You acquire a surplus ATM somewhere. You program it to read and record the magnetic strip info, and to record the PIN number that the sucker enters. You program it to put up a message like, "Sorry, this machine is temporarily out of cash." Put the machine in a public place for a while. Retrieve the stolen info... profit!!!
Or here's another fun one. Back a truck through the front of a 7-11. Hop out put the whole atm in the bed. Drive off, and cut it open at your leisure... profit!!
I would have made a great criminal if it weren't for those morals my parents instilled in me.
-- QED
Nationwide Chief Executive Philip Williamson puts all of our minds at rest:
/ today3_nationwide_20061118.ram
http://www.bbc.co.uk/radio4/today/listenagain/ram
Not really commenting on your comments, but wanted to put in a couple of thoughts on the subject.
I wonder, I don't have to have anything illegal in order for me to not want the police to search my vehicle. I have been stopped in the past and had the vehicle searched even when I did not give persmission. I had nothing illegal. I just don't feel that a police state is a good thing. Another thing that pisses me off is the fact that in the name of fighting drunk drivers many police departments set up check points and ask each person passing to give their drivers license and registration. To me this seems to be an illegal search. It's also funny how these checkpoints mainly seem to be near poor housing. I detest it, but I don't see any means of fixing the problem.
As for not detaining you forever, they can take you in for questioning and hold your for 48 hours. Theoretically you have to be given a phone call within 24 hours, but if they transfer you to another facility they figure you can make the phone call from there, even if it takes more than 24 hours for them to transfer you. Meanwhile, a car park alongside the road is a "hazzard" and is towed. Towing fees are typically at least $75 for the tow and $50 a day. Once you are realsed and find out where your car is you owe 3 days rent and the tow $225 dollars. And unless you pay it immediately that number keeps rising. I have lost 2 cars in this manner even though I was able to clear my name. Being poor means that even if you don't do anything wrong, the police can ruin your world.
/* TODO: Spawn child process, interest child in technology, have child write a new sig */
.. he should go to jail, and it was bad thing to do.
But what a monstrously cool - um - "solution".
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
Its probably worse than you think. (I write software for card authorisation and Electronic Funds Transfer systems.)
In my eyes the end of day polling file is the easiest attack. At the end of the working day each store will gather all of that days transactions into a file and submit them to the bank for collection. The file contains the card number, expiry date, value of the transaction etc etc. Most stores will submit this file over PSTN dialup, and without encryption. A few banks (Natwest/Streamline for example) encourage encryption, but none mandate it.
You can imagine for large stores that the file will contain thousands of live card numbers. Its like a wet dream to a fraudster and all it would take is a phone tap on the line (similar to what this guy did).
... the fact that I don't condone what he did at all with the fact that I am nevertheless also thoroughly impressed with the fact somebody actually did it. I mean, serously... hacking a bank machine with an MP3 player? Before this became news, who woulda thunk it?
File under 'M' for 'Manic ranting'
i mean relly it wasent a mp3 player it was a mp3 recorder/player my mp3 player can do that to its been pretty standerd for them for a wile now for them to be able to record off fm raido and from a built in mic. bit it didnt need to be a mp3 player he could have used a old casset recorder form the 80s it didnt matter he probly just happond to have a mp3 player and used it. people used to do this with pay phones all the time for free calls hell it still works but of course payphones are pretty mutch a thing of the past and with cell phones finnily going off minut based to monthly based they probly will replace even landlines.
Thats why I only use ATMs that are from my Bank. I don't trust those free standing machines. They could easily be a machine with a card reader that says out of order once you slide your card. If they are legit, this shows just how insecure they still can be. I went to a Chines place at the mall that didn't take debit cards. I had to use one of those ATMs, I watched my statement like a hawk for a month after that.
That man should be given a medal for coming up with that!
http://nathanlindsell.blogspot.com/
Well, this is why you only break one law at a time...
pod-cashing?
Some settling may occur during posting.
...I'll be wanting for Christmas!
No need to do that. You could put up a mag-stripe reader in any public place, label it "Credit Card Cleaner -- Free!" and people would swipe their cards through. I think this was actually demonstrated on a TV news channel a few years ago.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Cop: We're going to need to search your vehicle
Motorist: I do not consent to a search of my vehicle.
Cop: Why not? What are you hiding?
Motorist: I do not consent to a search of my vehicle.
Cop: If you cooperate, this will go a lot easier.
Motorist: I do not consent to a search of my vehicle.
Cop: Fine, have it your way. I'm going to call for a K9 unit to come sniff your car. It could take 5 minutes. It could take an hour. Your choice if you want to cooperate or not. What are you hiding in there? Drugs?
Realize the cop is bluffing. Most police departments do not have the budget for a drug-trained dog. Especially not the small-town ones that tend to pull this trick. Think about it. You run a small police department. Do you blow your K9 budget on a) attack dogs, b) bomb-sniffing dogs, or c) drug-sniffing dogs. The safety of your officers is at stake here. Do you really need that drug dog?
Just stick to your "I do not consent, but I will not physically resist" line. If they get an attack dog to come bark on command and then search your vehicle, your attorney will have that search suppressed in all of 10 seconds once it comes out that the dog is not drug-trained.
They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock