Welcome to TechNet Blogs Sign in | Join | Help

Gerhard´s Marktbeobachtungen

Was sich so tut am IT-Markt Neuigkeiten und Trends

News

Wie man einen Bankomat lerräumt

Also falls mal jemand in die USA fahren sollte, und dringend Geld benötigt: Hier ein paar Informationen, wie man sich die Sache illegalerweise liecht machen könnte.

Gefunden auf: http://blog.wired.com/27bstroke6/2007/07/atm-reprogrammi.html

ATM Reprogramming Caper Hits Pennsylvania

Masteraccos Police in Derry, Pennsylvania are baffled by a June ATM robbery in which an unidentified man wearing flip flops and shorts strolled into Mastrorocco's Market and reprogrammed the cash machine to think it was dispensing dollar bills instead of twenties.

Along with a female accomplice, the crook netted $1,540 in two visits on June 19 and 20, according to store owner Vince Mastrorocco. ...

Of course, THREAT LEVEL readers know exactly what happened. The machine was a Triton 9100, and like competitor Tranax, Triton printed its default administrative passcodes in its ATM service manuals, which have been widely available online.  We reported on this last September after a Virginia Beach gas station ATM (a Tranax) got hit with the same hack.

The ATM in the Derry heist was owned by the store, but operated by a company called Cardtronics. COO Mike Clinard says in a statement that it was Mastrorocco's responsibility to change the passcode from its default, which is (I kid you not) 123456.

The service menu on this particular ATM model can be accessed using an administrative password that is set by the owner of the ATM, in this case Mastrorocco's Market. As with all password-accessible computer systems, it is necessary for the password-holders to secure any and all passwords to ensure the integrity of the system. ... But Mastrorocco says he couldn't be expected to know the ins and outs of the ATM.

Triton_passcode "I'm not a technical person," he says. " I cut meat and I sell groceries. That's my job. I don't know anything about an ATM. I put money into it, people take it out, and I get a reading at the end of the day."

The Triton ATMs have two levels of password: an administrative passcode for routine daily operations, and a "master passcode" that also lets you change the cash machine's basic configuration.  Mastrorocco says he changed the administrative code when he got the machine three years ago, but Cardtronics never told him to change the master passcode, which he didn't normally use.

...

"They never told me anything about changing my password. They would tell me to use 123456."

Has he changed it now? "Oh yeah. I've change it twice since then. I'm paranoid now. I'll probably do it again tonight." 

 

Ich weiss zwar nicht ob die Geschichte wirklich stimmt. Aus meinen diversen Alltagserfahrungen klingt es aber absolut plausibel. Insbesondere das Standard Passwort der Geräte.

Ach ja, eine Anmerkung noch: Da man ja nicht überall auf die 9100er Serie stoßen wird, macht es Sinn sich auch mit den anderen Geräten Passwortmäßig vertraut zu machen. Daher: "If you are looking for a Service Manual please contact Parts and ask about Triton's Resource CD." :-)

Posted: Tuesday, July 17, 2007 11:45 AM by Gerhard Goeschl
Filed under: , ,

Comments

No Comments

Leave a Comment

(required) 

(required) 

(optional)

(required) 

  
Enter Code Here: Required

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Page view tracker