Kids With Operators Manual Alert Bank Officials: "We Hacked Your ATM"

← Back to Stories (view on slashdot.org)

Kids With Operators Manual Alert Bank Officials: "We Hacked Your ATM"

Posted by samzenpus on Monday June 9, 2014 @07:45AM from the protect-ya-neck dept.

An anonymous reader writes "Two 14-year-olds hacked a Bank of Montreal ATM after finding an operators manual online that showed how to gain administrative control. Matthew Hewlett and Caleb Turon alerted bank employees after testing the instructions on an ATM at a nearby supermarket. At first the employees thought the boys had the PIN numbers of customers. 'I said: "No, no, no. We hacked your ATM. We got into the operator mode,"' Hewlett was quoted as saying. Then, the bank employees asked for proof. 'So we both went back to the ATM and I got into the operator mode again,' Hewlett said. 'Then I started printing off documentations like how much money is currently in the machine, how many withdrawals have happened that day, how much it's made off surcharges. Then I found a way to change the surcharge amount, so I changed the surcharge amount to one cent.'"

13 of 378 comments (clear)

Min score:

Reason:

Sort:

Not surprising. by Z00L00K · 2014-06-09 07:48 · Score: 5, Insightful

I'm not even mildly surprised that this was possible.

--
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
1. Re:Not surprising. by PRMan · 2014-06-09 08:29 · Score: 4, Insightful
  
  It's Canada, not the US.
  
  --
  Peter predicted that you would "deliberately forget" creation 2000 years ago...
2. Re: Not surprising. by Lumpy · 2014-06-09 11:01 · Score: 5, Insightful
  
  If this was in the USA, the kids would have been shot several times by cops and the bodies taken to Gitmo for waterboarding.
  Kids in the USA, DO NOT try and be a white hat unless you can do it untraceable and anonymously. You will be severely punished for doing something good here.
  
  --
  Do not look at laser with remaining good eye.
3. Re: Not surprising. by Bitbyte_x · 2014-06-09 12:38 · Score: 5, Insightful
  
  Wouldn't go about using the media's term "hacking" the kids followed the operating manual the bank was just silly in not restricting their end devices properly It would be hacking if they ran some kind of exploit and found a zero day but they didn't they just followed easy to obtain documents
4. Re: Not surprising. by zeugma-amp · 2014-06-09 16:11 · Score: 5, Insightful
  
  Kids in the USA, DO NOT try and be a white hat unless you can do it untraceable and anonymously. You will be severely punished for doing something good here.
  Damn. I had mod points yesterday. This is absolutely true, and I would hope that everyone understand that by now. Sadly, many don't see the police state until it's boot is stomping them.
  
  --
  This is an ex-parrot!
5. Re: Not surprising. by rioki · 2014-06-09 20:31 · Score: 4, Insightful
  
  I would disagree with you, the classical term hacking is used for any mode penetration. The difference between the late 80s/early 90s and today is that companies have started to implement reasonable procedures, like changing default passwords... Remember most hacks are still done through some sort of social engineering.
6. Re: Not surprising. by CaptainLard · 2014-06-10 02:11 · Score: 4, Insightful
  
  and then take some money if they ignore the report and don't fix the problem.
  This sterling nugget of wisdom would accomplish the opposite of:
  
  The point is to make sure it remains their problem, not yours.
  I'll add your sig is not short on irony (not sure if its the ./ approved or the Alanis Morrisette variety) given the content of your post. Good luck with your internal conflicts!
In the US they'd have been charged by JohnnyComeLately · 2014-06-09 07:50 · Score: 4, Insightful

Here lately, seems their day at school would have been moot as they are led to a waiting black SUV. Then, SWAT would move into their house and take everything that plugs into a wall and has Ethernet capabilities. Think I'm joking?
1. Re:In the US they'd have been charged by Anonymous Coward · 2014-06-09 07:54 · Score: 5, Insightful
  
  They also probably would have shot any of their pets on the way in. Dude isn't joking; this place is a fucking terror state and does this to people every day.
Relax, folks. by Anonymous Coward · 2014-06-09 07:54 · Score: 5, Insightful

This is Canada. As long as they don't try to link good science to administrative policy, the government probably won't care.
Re:Kids these days. by Ionized · 2014-06-09 08:09 · Score: 5, Insightful

they were inquisitive, did some research, and experimented on a system, and succeeded in gaining unauthorized access. they then responsibly reported their findings to the device owner.
what these kids did, while perhaps not quite on par with hacking the gibson, still very much represents the (white hat) hacker ethos at work.
you, on the other hand, represent the asshat ethos, for downplaying what they did and trying to fiddle fart around with semantics.
Re:Hacked? by Yakasha · 2014-06-09 08:17 · Score: 5, Insightful

True, it's a "hack" but it's a pretty trivial hack.
They are the ultimate script kiddies. Kids, using a script published by the manufacturer.
Even putting "trivial" in front diminishes the glory of hacking.
Re:Hacked? by PopeRatzo · 2014-06-09 08:29 · Score: 4, Insightful

I cant tell you how many coke machines out there can be taken over by simple keypresses.
I notice you're not sharing the password with us thirsty readers.
C'mon, bro.

--
You are welcome on my lawn.