Slashdot Mirror
Man Used MP3 Player To Hack Cash Machines
Juha-Matti Laurio writes "A man in Manchester, England has been convicted of using an MP3 player to hack cash machines. The MP3 player was plugged into the back of free standing cash machines in bars. Tones being recorded from the phone line were decoded with special software to a readable format. Later this information was used to clone credit cards."
So he performed a generic man in the middle attack, recording information transmitted by modem and decoding it?
Hasn't this been done a million times before? Wouldn't it be easily performed with any sort of sound recorder?
MP3 players don't defraud bank customers, people defraud bank customers.
Unless of course they are Cylon MP3 players. Then they don't stop at fraud.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
You see, my friends ridiculed me for getting an Archos Jukebox instead of an iPod.
Guess they never saw the money making potential.
$30 Off All Plans: Use code TRIPLESAWBUCK
How does one know if it's a fake credit card? I have recieved cards from retailers for store credit that look like fake credit cards (Ikea). I assume that the fake credit cards look like the real thing. That's why when you go to Lowes, the cashier will ask to see the last four digits on your card. According to one of the clerks, Lowes has been a victim of phoney credit cards - theives will take a card and reprogram the magnetic strip on the back with a valid number.
Also, do the British police have that kind of power that they can just investgate all of that over just a traffic stop?
Banks don't encrypt the communication between ATMs and the bank? Seriously?
The ATM charged him for all the illegal download music on his MP3 player so the robbery was a net loss.
This may be possible in Europe, but I don't believe it's possible in the U.S. anymore. 3DES has been the standard ATM encryption method for a few years, and almost all ATM machines have been converted to 3DES (by Dec 31st they apparently won't operate unless they are 3DES since the ATM networks will only allow encrypted communications).
Even if someone can no longer use a generic man-in-the-middle attack in the future due to encryption, it's amazing how many other means for ATM fraud still exist. I couldn't believe this one when I saw it the other day.
Crack - Free with every butt and set of boobs
Life imitates art :)
Fuck Slashdot
I saw this movie! Harrison Ford was in it, and lots of people were talking about how stupid it was, except he used the MP3 wired to a fax machine to "read" the numbers off the screen, which was pretty stupid.
It's too bad they didn't think up something more plausible like what this guy did.
-- -- Warning. Do not stare directly at the sun.
How about we call it the "Computer Responsibility Act (Provosional)"
It's already illegal to do what this guy did. Make it harder, and you simply 'make it harder' for criminals, not impossible. I don't think what the ATM makers did (non-encryption) is 'far far worse'. Leaving your car unlocked is not 'far far worse' than the clown who steals it.
It's just me wondering what brand of mp3 player he used, then, is it?
I don't suppose it matters if he's just capturing audio data; in fact it's hardly even important that he was using an mp3 player - he could just have easily used one of those handheld cassette recorders.
So payphones are more secure than ATMs? I still always keep a $.25 tone on my MP3 players, more for nostalgia than anything else.
"Sic Semper Tyrannosaurus Rex."
US police DO NOT have the right to search your car for a routine traffic stop. It is a violation of the 4th amendment, and every time a cop asks to search your vehicle without reason, and you let him, you are just throwing your constitutional rights away. If a cop pulls you over because you were speeding or your inspection is expired or because you didn't come to a complete stop at a stop sign, et al, he does not have the right to search your vehicle. I repeat:
POLICE DO NOT HAVE THE RIGHT TO SEARCH YOUR CAR DURING A ROUTINE TRAFFIC STOP IN THE US!!!
Now then, if something else is amiss, like say, when the cop turned on his lights, you started throwing bags of white powder out the windows onto the highway median, then he does have the right to search your vehicle.
my pet machine
If it had been an Ogg Vorbis player, instead of allowing the man to steal for himself, it would have taken the total balance on the cash machine and redistributed it equally to all accounts.
He wouldn't have got caught had he used Ogg Vorbis!!
If you think
When this man stole the money, whose liability was it? To the bank, the withdrawals looked like those customers, and they couldn't have known it was fraud. When the victims find out, can they go to the bank to get their money back, or is the bank immune?
Melissa
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
I've always used the idea of an act such as that as a piss take for whenever we see hacked boxes that is clearly the users fault. Obviously such an act would never come into force and nor would I support it (except on 1st April). On the whole theft of details business I'd disagree over it being worse to steal details than making them available. Banks are always blaming their customers for leaving details in bins and so on yet when they make such a monumental fuck up all they do is get the person prosecuted (good thing, I'd agree) and quite happily sweep it under the carpet. They've made it easy for someone to do it so they have. Crime pays, however the cost to the criminal also increases as it gets harder - Organised criminals are bussinessmen - if it doesn't pay well enough they're not going to do it.
So going back to your anology of leaving a car unlocked (with the keys in too?) would you get any sympathy from the Police or insurance company? Oh no, you'd be laughed out of the building and charged far more on next years premium. Sorry, thats wrong - you'd lie and make a claim increasing everyone elses premium.
....just become a bank. Really, why go low scale? You are allowed to loan money which doesn't even exist, and to receive back the theoretical principal along with *interest*. It's the biggest economic scam and legalized theft scheme out there, and it is widespread in the vast number of nations simply because it is such a wonderful way for those goons to "make money" without working for it.
a nking
http://en.wikipedia.org/wiki/Fractional-reserve_b
Cops are in general just retarded, just follow orders from their masters, their "superior" beings, and serve to protect the really BIG crooks, and bust the small timers. Does anyone REALLY think that the vast sums of money from say the drug trade DON'T flow through a lot of banks? Now you have two examples.
If you're African-American on a lonely road with N Caucasian police officers around you from a jurisdiction known for unprofessionalism, standing on your rights might be unwise.
Also be civil to the officer and don't make his/her job any harder than it already is. Remember that if the officer swears in court that you were throwing bags of white powder out the window and you swear that you weren't, the judge will believe the officer and uphold the search. *The officer knows this*. This happens in real life: I knew a criminal lawyer who'd seen a case like that. Many police officers are too honest to pull something like that, some will do it but only to nail down known criminals, some will rationalize it against anyone who acts like a jerk.
...and your rights are gone. They might even bring the K9 unit out and get the dog to bark on command.
NORML's is here, and another one from a lawyer is here. Well worth printing out and laminating and keeping in your billfold. Two things to note: 1) If you happen to be on a military base, even just to turn around and leave because you made a wrong turn, your rights are severely abridged. If you are on their property the military is free to search anything they want. 2) The War On Drugs has created a lot more room for officers to manuever in if the key phrase "drugs" is used. Here is a rather disheartening discussion about this "special" area of search law.
the same could be done several different ways, just because they use an MP3 player as a recording device, shock/horror, doesn't mean that is should even have been the subject of a /. entry. I prefer th stories about the micro-camera above the keypad and the cardreader in the phoney face plate. I check for this each time. Or even better. friend ends up with the wrong card after leaving a bar, the barman had swapped the card and is recording pin numbers via a repositioned security camera.
There was an unknown error in the submission.
Its probably worse than you think. (I write software for card authorisation and Electronic Funds Transfer systems.)
In my eyes the end of day polling file is the easiest attack. At the end of the working day each store will gather all of that days transactions into a file and submit them to the bank for collection. The file contains the card number, expiry date, value of the transaction etc etc. Most stores will submit this file over PSTN dialup, and without encryption. A few banks (Natwest/Streamline for example) encourage encryption, but none mandate it.
You can imagine for large stores that the file will contain thousands of live card numbers. Its like a wet dream to a fraudster and all it would take is a phone tap on the line (similar to what this guy did).