Slashdot Mirror

← Back to Stories (view on slashdot.org)

Man Used MP3 Player To Hack Cash Machines

Posted by ryuzaki0 on from the easy-money dept.

Juha-Matti Laurio writes "A man in Manchester, England has been convicted of using an MP3 player to hack cash machines. The MP3 player was plugged into the back of free standing cash machines in bars. Tones being recorded from the phone line were decoded with special software to a readable format. Later this information was used to clone credit cards."

4 of 156 comments (clear)

  1. Police found fake card. by Jawood · · Score: 4, Interesting
    Police uncovered the scam almost by accident when they stopped Parsons for making an illegal u-turn in a car in London. They found a fake bank card in his possession and searched his home in Manchester, where they found the evidence with which to prosecute.

    How does one know if it's a fake credit card? I have recieved cards from retailers for store credit that look like fake credit cards (Ikea). I assume that the fake credit cards look like the real thing. That's why when you go to Lowes, the cashier will ask to see the last four digits on your card. According to one of the clerks, Lowes has been a victim of phoney credit cards - theives will take a card and reprogram the magnetic strip on the back with a valid number.

    Also, do the British police have that kind of power that they can just investgate all of that over just a traffic stop?

  2. No encryption by TorKlingberg · · Score: 4, Interesting

    Banks don't encrypt the communication between ATMs and the bank? Seriously?

  3. Not possible in the U.S. by Salvance · · Score: 5, Interesting

    This may be possible in Europe, but I don't believe it's possible in the U.S. anymore. 3DES has been the standard ATM encryption method for a few years, and almost all ATM machines have been converted to 3DES (by Dec 31st they apparently won't operate unless they are 3DES since the ATM networks will only allow encrypted communications).

    Even if someone can no longer use a generic man-in-the-middle attack in the future due to encryption, it's amazing how many other means for ATM fraud still exist. I couldn't believe this one when I saw it the other day.

    --
    Crack - Free with every butt and set of boobs
  4. Re:No encryption - Worse than you think. by MtlDty · · Score: 4, Interesting

    Its probably worse than you think. (I write software for card authorisation and Electronic Funds Transfer systems.)

    In my eyes the end of day polling file is the easiest attack. At the end of the working day each store will gather all of that days transactions into a file and submit them to the bank for collection. The file contains the card number, expiry date, value of the transaction etc etc. Most stores will submit this file over PSTN dialup, and without encryption. A few banks (Natwest/Streamline for example) encourage encryption, but none mandate it.

    You can imagine for large stores that the file will contain thousands of live card numbers. Its like a wet dream to a fraudster and all it would take is a phone tap on the line (similar to what this guy did).