An Australian pizza store worker turned hacker has avoided prison after he was convicted of stealing A$30,000 ($28,000) from ATMs using computer hacking. Brian Sommer, 23, reportedly used information from repair manuals downloaded over the internet to hack into the hard discs of ATMs and change the amount that could be withdrawn …
Crime went unrecorded,
So we could get a job that would give him access to guns and explosives!
You have to love that laid back aussie attitude!
ATM Design Fail
Why the hell is the software accessible from the external controls of the ATM anyway?
No keypresses on the front panel should be allowed to alter any setting on the machine, and the internal controls should be locked seperately to the cash reservoir. That's how they are in most UK ATMs anyway; One key opens the cash, one key opens the console, Bank has the former, Engineer has the latter, and never the two shall meet.
...I was only looking for evidence of UFOs !!
Wait a minute...
"He had passwords..."
Where and how did he got those?
"He used the machine, accessed the hard drive and changed the settings."
That means that any bozo that knows such 'passwords' can hack into an atm machine? Who the heck designed and built them? Throw _them_ in jail, not him!
ATMs hacked ?
"Brian Sommer, 23, reportedly used information from repair manuals downloaded over the internet to hack into the hard discs of ATMs and change the amount that could be withdrawn"
It's hardly a hack when you have physical access to the ATM machines and no prizes for guessing which OS they ran on ...
This sounds highly unlikely, I'd like to know what the details that have been withheald are and if the ATMs are bank owned or those crappy ones with dialup in pubs and clubs (which are known to be vulnerable to idiots not changing the default settings). I'd be very supprised if a bank owned ATM could be compromised so apparantly easily without mention of an insider assisting. Having said this, if the guy had physical access why not just stick 20s in the 10s drawer?
I'd be interested to see how this pans out.
Let me get this straight..
the ATM had settings that allowed access to the configuration with the info in the manual? Did somebody forget to change the default passwords? *grin* What make and model were those ATMs again? http://www.phenoelit-us.org/dpl/dpl.html
Default password, eh?
So, these ATMs had the default passwords set? Yeah, he should get off on the charges. He didn't hack anything, he just entered the default password and presto! ...
He must have forgot that last part ;-)
Math doesn't work...
"convicted of stealing A$30,000 ($28,000) from ATMs using computer hacking."
So he's either A$7,000 (or possibly US$5,000) ahead on the deal with no jail time? Sign me up!
it is pronounced 'Harvey', but it's spelt Hervey.
If this guy was a full-time employee in a pizza shop, then however simple the hack, his job must have been beneath him. If he was really a student with a part-time job in a pizza place, then we're not getting the full story - what did he do with the rest of his time?
shouldn't have stolen the money but...
... exceedingly cool hack
It's fairly common amongst those little standalone ATMs that charge you to withdraw, usually found in newsagents and nightclubs. Quite often they have the default passwords, and what they do is change the settings to swap the £20 and £10 trays over, so when you withdraw £100 you get £200.
I'm glad they get conned as most of them charge at least £2.50. But there isn't much chance of getting away with it as they are always covered by CCTV, the login process can be quite long/noisey/obvious, and you have to use a card to get the money out so if you don't want to be traced you need to steal that too.
I doubt you could "hack" a bank owned ATM, the only way to get into those from the outside is with a JCB!
@ac 13:07 GMT
"It's hardly a hack when you have physical access to the ATM machines and no prizes for guessing which OS they ran on ."
Nice anti MS rant, but I hate to break it to you . The OS is irrelevant when you can find the default password on line.
THis was not a hack.
He should have reprogrammed it to randomly jackpot when someone else withdraws money.
I'm with you here. A previous job of mine was servicing ATM machines, and they all required physical access to the internals of the machine and the setting of a physical lockout switch inside before you could make any changes to the system. You can't even access the test menu from the public facing screen, there is a separate panel inside the machine for all those functions.
Getting inside involved a key to open it held by the security service we had contracted with to provide protection, the engineers didn't carry them.
Either something was decidedly dodgy or we're not talking banking atms...
As far as "accessed the hard drive" goes, the atms have a standard pc inside, ours were prone to faulty caps on the motherboard so yanking them was surprisingly common. You can't get to the OS from the ATM, there is a separate keyboard in the machine for that, assuming the machine is big enough for a screen inside. Well, you can remotely power cycle it, but thats about it.
@Mayhem ... all?
What you say should be qualified, for an (in)appropriate value of 'all'.
I remember once (in the USA) walking up to an ATM and seeing the Windows NT blue screen of death, followed by a re-boot into ... something like a CMD prompt. The sixteen or so buttons available to me allowed me to enter 0 to 9, full-stop, and a few other characters. Enter wasn't one of them, and in any case I didn't want to play for long in case it got me arrested, but clearly someone had not thought hard enough about the design of this ATM!
Another time I found one with "Maint: " on the screen, but the keyboard appeared to be locked out so maybe that was safe enough. (Or maybe it wasn't echoing, and if I'd known the right buttons to press? )
Standing up for the old, stupid people without friends.
"However, Sommer's age, character references and academic record counted in his favour and helped him to avoid jail."
Huh? So if I am either old, stupid or could not get somebody stupid enough to vouch for me I would go to jail?
Where is the justice in that? The guy is a thief, he knew what he did was illegal (or otherwise he woudl be stupid) , send him to jail - end of story. This PC crap gotta stop ...
Standing up for the old, stupid people without friends.
- Geek's Guide to Britain BT Tower is just a relic? Wrong: It relays 18,000hrs of telly daily
- Product Round-up Smartwatch face off: Pebble, MetaWatch and new hi-tech timepieces
- Review: Sony Xperia SP
- Geek's Guide to Britain The bunker at the end of the world - in Essex
- Dell's PC-on-a-stick landing in July: report