Matasano Chargen - Latest Comments in ATM Backdoor… Why is no one talking about this?

Re: ATM Backdoor… Why is no one talking about this?

Mussa — Sun, 17 Feb 2008 17:09:14 -0000

just a quick question, ive heard that wincor now have a sensor that detects any foreign object like a skimmer and shuts down the atm. does anybody know how long it takes for it to detect anything and how can one tell if it has those sensors bcuz i know they are optional.

Re: ATM Backdoor… Why is no one talking about this?

Dave — Sat, 12 Jan 2008 01:13:23 -0000

Sorry one clarification, this would apply to a visa upgraded ATM but most old ones are visa key pad upgraded. The reason is that the passwords reside in the motherboard and the master keys are now in the visa key pad which means you can reset the mother board independent of the visa master keys.
Thanks,

Re: ATM Backdoor… Why is no one talking about this?

Dave — Sat, 12 Jan 2008 01:10:57 -0000

Guys, I have worked with Tranax extensively and I can tell you this, it is very easy to reprogram an atm to give out lower denominations than are in it. If you have the password; however, most people do change those passwords but I have found many that are the standard factory default passwords. I'm not sure about the current tranax model but from the 1500 series down you can leave factory passwords in.

Ok so here is where everyone says great but you have to find one with factory password or know the password to make the demonination changes. True but there is a back door. I wont tell you the specifics but for the service tech that answered above address this one. What is someone clears the NVRam? now the passwords are reset but the master keys still reside within the ATM.

Thanks,

Re: ATM Backdoor… Why is no one talking about this?

ATM Tech — Wed, 14 Nov 2007 12:54:25 -0000

ok, just to clarify some of this, i am a head tech for one of the countries largest atm distributors, so allow me to clarifty.

1) if you change the denomination, yes you get away with it, you do NOT have to make a change at the host as the previous poster suggested (that only applies to surcharge, not to dispensed amount)

2) all currently manufactured atm's REQUIRE that you change the master password to the atm, the passwords they're using to "hack" these are defaults that the atm's ship at, and for the longest time you didn't have to change them and many people just left them, all current software versions require a password change.

3) unless you're using a card generator you can get caught very easily doing this, and most people that try this do get caught, it is possible to look at the changes made on the atm, and when you see the denomination changed, then somebody pulls a load of cash, you just track that card number.

4) there is NOT a magic back door, it's just that most people are lazy and don't want to make any changes they don't have to make.

Re: ATM Backdoor… Why is no one talking about this?

Get a Job — Wed, 05 Sep 2007 14:19:31 -0000

Alex and ATM guy are both correct. As an ATM tech, there are lots of back-end procedures that keep idiots like you from stealing from an ATM.

Yes, you can change the denomination at the terminal, but unless it is also changed on the processors end then you'll still be charged the full amount of your withdrawal. Go ahead and put your card in nub.

And how about this? Instead of feeling like it's your right to scam the IDIOTS who build and run these ATM's, get a job and contribute to society. The only reason we need the type of security currently found on ATM's is because of worthless two-bit hacks such as yourselves.

Re: ATM Backdoor… Why is no one talking about this?

Alex — Sat, 01 Sep 2007 18:30:05 -0000

There are strict policies and security procedures regarding ATM installation & operation, which when followed properly make this 100% impossible.

Unfortunately, the amount of white-label ATM operators who don't follow them is growing. (For example, to enter the secret master keys to connect to the network you are supposed to have TWO separate people enter codes which get mailed to the company in two separate envelopes and they should not be entered at the same time, and they should be destroyed as soon as they are entered.. and companies send one guy to install the ATM all the time, sigh)

To make matters worse, some of the newer ATMs do allow you to enter a service menu without opening the ATM or doing anything more suspicious than entering a few codes in the keyboard and a numerical password. (Not that opening the ATM for half a second and closing it (say on an MCD-2) is all that difficult to begin with, at least if you're an ATM technician and have master keys.., but seriously, what were people thinking when they removed this?! And the older machines even required you to open it ALL the way up AND flip a switch inside it to enter supervisor mode (MCD-1) )

The only good news is that only the owner of the stolen card who failed to report it stolen (only someone mental would use their own ATM card) OR the silly ATM owner will incur the losses if you simply reprogram the denomination of bills inside the machine. So this means non-moronic ATM providers and users are perfectly safe.

PS: Erasing the log only erases it on the machine. The network still has copies of all transactions.

Re: ATM Backdoor… Why is no one talking about this?

yaknivek — Sat, 16 Jun 2007 23:23:29 -0000

this scam works in the UK, but only on the american type ATM's people say this don't work, it does if it was non-reprogramable then it would be useless because what if the time would alter then it would have to be changed back.

Re: ATM Backdoor… Why is no one talking about this?

Thomas Ptacek — Thu, 29 Mar 2007 17:32:49 -0000

Yes. But not by much.

Re: ATM Backdoor… Why is no one talking about this?

Dan Walter — Thu, 29 Mar 2007 17:27:40 -0000

What is this blog about? I scroll and find a bunch of kids making asinine threats to one another. Are any of you nitwits older then say 13?

Re: ATM Backdoor… Why is no one talking about this?

ATM Guy — Thu, 22 Mar 2007 14:20:05 -0000

>What a piece of Garbage. I remember seeing the >prototype of the Tranax at the BAI trade show in >Dallas somewhere around 1999. It’s a real Rube >Goldberg contraption. I believe this thing was >developed in some guys garage. It cannot be >compared to the real ATMs that are made by Diebold, >NCR, and Fujitsu which are remarkably secure and >reliable.

The Tranax machine is by far the best 3rd party bank machine made. It is professionally made, well designed and operates flawlessly. We operate a large number of these. I would rather own these than the others you mention, which I have also worked on.

Re: ATM Backdoor… Why is no one talking about this?

ATM Guy — Thu, 22 Mar 2007 14:16:43 -0000

I work on and program these machines every day.

There is a fact you are missing. You can program whatever denomination of bill you want into the machine, however the processor the machine dials into and connects to has to have the matching amount programmed in. If it is set at the processor server end to $20, you can enter $5, $10 whatever the hell you want, it still knows it should have $20's in it.

The average layman or even medium tech aware can do little more than screw the machine up by going into management and playing with settings.

Re: ATM Backdoor… Why is no one talking about this?

Dan Walter — Fri, 09 Feb 2007 19:00:06 -0000

"FBI" needs to take advantage of our public school system before he(she?)makes any sort of legal declarations. "DUH" would be a better handle. :O/

Re: ATM Backdoor… Why is no one talking about this?

Thomas Ptacek — Sat, 03 Feb 2007 10:38:03 -0000

I'm so sorry!

Re: ATM Backdoor… Why is no one talking about this?

FBI — Sat, 03 Feb 2007 10:30:54 -0000

you are a fucking stupid arsehole nothing but a typical deadbeat scamming bastard just close this site down Ill report you son of a bitch to the FBI for money laundering and fraud you'll get 10 years
I have copied this website for proof and have your IP adress and adress details and thats all proof they need to aresst your scamming arse , just a reminder when your in prision dont drop the soap

Re: ATM Backdoor… Why is no one talking about this?

Dan Walter — Fri, 29 Dec 2006 22:23:23 -0000

Mmmmm... all of this makes me think of the disaster Diebold has going with their electronic voting machine! If it's electronic you can bet your 'arse' someone can manipulate it.

Re: ATM Backdoor… Why is no one talking about this?

Blank — Sat, 07 Oct 2006 05:02:09 -0000

With everyone wanting to get ahold of the manual now, it raises a question since I received mine in about 2 minutes.

Am I the only one with access to Google?

Re: ATM Backdoor… Why is no one talking about this?

Chico — Mon, 02 Oct 2006 09:34:42 -0000

Wow, I found out for myself. The manual is out there still, but you have to view it as HTML, to get the cached version of it. What a piece of Garbage. I remember seeing the prototype of the Tranax at the BAI trade show in Dallas somewhere around 1999. It's a real Rube Goldberg contraption. I believe this thing was developed in some guys garage. It cannot be compared to the real ATMs that are made by Diebold, NCR, and Fujitsu which are remarkably secure and reliable.

Re: ATM Backdoor… Why is no one talking about this?

Chico — Mon, 02 Oct 2006 09:04:39 -0000

For all those who have "found" the manual. Isn't there a switch that needs to be flipped before you can enter the "Master Password" I serviced many different types of ATM machines, and they all had a service switch/key that was located under a locked hood on the stand alone models or in the rear of the machine on the through the wall modeld. This switch needed to be activated before anyone could go into diagnostic or programming modes. I think there is more to this story that is being left out. Perhaps the armored car company, left the machine in service mode, or the thief did more than just enter a password.

Re: ATM Backdoor… Why is no one talking about this?

mrskin — Sun, 01 Oct 2006 01:53:39 -0000

This reality stuff is scary.

Re: ATM Backdoor… Why is no one talking about this?

ATM Tech — Tue, 26 Sep 2006 01:35:09 -0000

@ Chris,

Yes, you can still get hold of a copy of the TRANSACTION journal from the switch which links the bank's computer to the ATM.

However, the transaction journal does not include terminal-only entries like power on/off, change of receipt layout or changes to passwords. Dial-up machines like the Minibank only communicate with the switch (and bank's computers) when there is something "interesting" happening, like a request for cash to be dispensed.

Re: ATM Backdoor… Why is no one talking about this?

[Wah!] Jake's Mom — Mon, 25 Sep 2006 10:47:01 -0000

Hell yes I believe it, in fact the woman who issued me my first VISA card, took me OUT TO THE ATM, and put the card in, and PRESSED THE KEYS to bring up a SPECIAL MENU, in which she ACTIVATED MY VISA.

Re: ATM Backdoor… Why is no one talking about this?

halfkoreanstudmuffin — Sun, 24 Sep 2006 21:41:36 -0000

whoa, that's one clever sonofabitch! lol.

Re: ATM Backdoor… Why is no one talking about this?

NightStalker- — Sun, 24 Sep 2006 10:22:02 -0000

jack, [wah!] your mothers [wah! wah!].

Re: ATM Backdoor… Why is no one talking about this?

retards — Sun, 24 Sep 2006 05:37:49 -0000

why are you all so suprised?

Re: ATM Backdoor… Why is no one talking about this?

jack- — Sat, 23 Sep 2006 11:17:19 -0000

yeah then what? I will skin your [wah!] after I [wah wah!] her then I put a shotgun to your [wah wah wah] and rip off your [wah!] head, after that I torture and [wah wah wah wah] your whole family if you open your mouth again [wah!]...