Think you’re safe from card skimming because the magnetic reader looks legit? Think again. Some guy intending to “raise awareness” (that’s what they all say) has demonstrated exploits in the Windows-based systems that run many generic ATMs which allow crooks to spit money out on demand and/or steal information from people who use them, through software techniques alone. Somebody call the Cyber Police!
Criminals have been hitting the type of generic ATM machines typically found in bars and convenience stores for years, using ATM skimmers to record card data and PIN numbers, or in some cases simply pulling up a truck and hauling the machines away.
But according to Barnaby Jack there’s an easier, much more alarming way to get the money out. Criminals can connect to the machines by dialing them up — Jack believes a large number of them have remote management tools that can be accessed over a telephone — and then launching an attack.
After experimenting with his own machines, Jack developed a way of bypassing the remote authentication system and installing a homemade rootkit, named Scrooge, that lets him override the machine’s firmware. He also developed an online management tool, called Dillinger, that can keep track of compromised machines and store data stolen from people who use them.
First off, I really want to commend this guy on his stellar, obviously thoughtful choice of names for his programs. Clearly, this is something he “get from his mama.” I think we can all agree that a name like Barnaby Jack doesn’t just happen by accident. Secondly, I’ve got to quote Demitri Martin and call this reporter out on the redundancy of the phrase “ATM machine,” it’s “ATM-achine.” Thirdly, you’ve got to be batshit crazy or completely desperate to use one of those generic ATMs anyway. One time at a strip club in Vegas, I actually paid a $10 surcharge. Unfathomable. I actually paid somebody $10 just to give me my own money so I could wipe a strippers ass with it. Anyway, the article also goes on to mention that Barnaby Jack also purchased a key off the internet that can basically open any of these crappy generics for reprogramming (Google it, you filthy mutts).
TL;DR Do like I do and stuff your money in your mattress. I’m serious, I put a couple bucks in there last week, reached in today and found $2.25. Try getting that kind of rate at one of your precious banks!