Once again criminals hacked ATMs with knowledge of default settings

Two individuals exploited knowledge of the default passcode to hack ATMs and steal more than $400,000 in 18 months from the targeted machines.

Another story of ATM hacking is circulating on the web, once again criminals exploited the knowledge of the default configuration of the machine, factory-set passcodes.

The hackers haven’t run a brute-force attack against the ATM, neither have found the code online, the passcode in fact was printed in the ATM’s service manual.

The attacks against the ATMs were organized by a former employee of the company that operated the kiosk automated teller machine a criminal crew hacked. The man, with the support of an accomplice, has stolen more than $400,000 in 18 months from the ATMs.

The former employee, Tennessee-based Khaled Abdel Fattah, was aware of the procedure to set the ATM into Operator Mode, it is enough to type a code to reconfigure the ATM to dispense $20 bills when he asks for $1 dollar ones.

The man operated with the complicity of another person, Chris Folad, they then ask the ATM to dispense, for example, $20, and they would get $400. Once the men have taken the cash they would revert back the setting so that the attack would go unnoticed.

The couple has been charged with 30 counts of computer fraud and conspiracy as reported by Wired:

“Now Fattah and an associate named Chris Folad are facing 30 counts of computer fraud and conspiracy, after a Secret Service investigation uncovered evidence that the men had essentially robbed the cash machines using nothing more than the keypad. ” reported Wired in a blog post.

The thefts went on for about 18 months before the owner of one the businesses where one of these kiosk ATMs was installed noted that something of strange when the machine was running out of money.

hacking ATMs 2