After the Vegas DEFCON ATM debacle where hackers hacked hackers by setting up a fake ATM in front of the facilities security office, I needed to see how stupid easy it was to buy an ATM and just set it up anywhere. So my search began.

I started looking on e-bay and found plenty of new and used ATMs ranging from $500-2500 but quickly determined I didn’t want to pay $300 for shipping. Next was Craigslist

I quickly found an ad from a bar north of Boston. They were selling pool tables, Budweiser neon signs and an ATM. I took my hacker with me and met Bob. Bob rented a room above the bar and was doing the deed for the owner. The bar was an old relic that was closing and liquidating its grungy assets. The ATM was sitting right next to the bar covered in 5 years of beer. Thank heavens they were smart enough to cover the keypad in clear plastic…

Needless to say I wanted to unbolt this thing as quickly as possible, get out of there and douse myself head to toe in pure alcohol hand sanitizer. After my hacker played with the manual, got it working and determined it was worth the financial risk, we loaded it on my trailer, paid $750 (down from a grand) and brought it home and put it in my garage.

My hacker comes over to my garage, manual in hand, all giggly, like hackers sometimes do and says “Watch this”. He punches the master codes to access the machines data on a device called an eprom and hundreds of credit and debit card numbers just start falling all over the floor…

RTFA. This could make you never want to use an ATM ever again. And stay out of sleazy bars.

  1. bobbo, we are all connnected in crime, perversion, and Darwinian Competition says:

    Its easy to steal. Its not being so greedy you get caught is the trick.

  2. SparkyOne says:

    Please take down this post. You are giving my bank ideas.

  3. jescott418 says:

    We have become such a lazy society that we even make it easy for crooks. The convenience is what kills us. We want everything now!
    I personally never use a public ATM. I always go to a Bank ATM preferably my own bank (to avoid fee’s). Being someone who had their identity stolen several years ago. I can tell you its much better to be safe.

  4. Mr Ed says:

    An Automated Teller Machine Machine?
    Is that like a Vehicle Identification Number Number?
    Or is it all just repeatedly redundant?

  5. Not quite so fast there says:

    Not quite as easy as it looks.

    Every machine has a PIN. Any PIN must be registered with the Federal Reserve so they can transfer information between accounts. That makes machine withdraws traceable. Banks all use the Federal Reserve to transfer funds from bank to bank. So you can not just buy a machine and hook it up.

    The machines have cameras that record the person at the machine. The machines are to shut down and keep the card if the camera does not pick up a body in front of it or the camera is turned off.

    People like to commit fraud where they won’t be recognized and have their picture taken.

  6. #5 – Huh? Didya read the article? It’s not implying that the owners of the ATM can rip you off with their ATMs… it’s implying that the owner of the ATM has access to your credit card number which they can then use to buy stuff online.

    And, yes, it *would* be that easy.

  7. Not quite so fast there says:

    #7, formerly Alex,

    Even having credit card numbers is not a successful enterprise. Where ever you use it is still traceable. The FBI does have a fraud squad (thank AG Holder for that) that now does investigate fraudulent card transactions.

    Go ahead, try it yourself. As Eric made a good point of, people see this and just add it to their fears.

  8. Bob says:

    It’s not quite as easy as they make it look. Only very old ATM’s store complete credit card numbers. Industry standards do not allow them to be put online without an upgrade. It is then only the credit card number. So you would need a camera or something to get the pin. That makes the list of numbers somewhat useless. New machines only store the last 4 numbers of a card.

    #3 It’s the bank ATM’s that are the real target for skimmers. Why attack an ATM that does 3 transactions a day when you can hit one that does 100. A convenience ATM inside a store that you do business with is far safer that a bank machine. The owner of the business generally loads the machine daily and watches it like anything else in the store. An unattended bank drive up leaves you open to criminals hiding behind hedges etc. They can also attach their skimmer on Friday night and remove it Sunday night collecting all the weekend information without even the bank being aware of it.

    Although anyone can own an ATM you need a bank or to be sponsored by a bank to operate one. That requires you to meet an array of industry requirements. All ATM’s not at a financial institution require a sign stating the sponsor bank and a number to call in case you see anything suspicious about the machine.

  9. Rick Cain says:

    I only use cash now. After having my credit card run up a couple of thousand by some professional criminals I learned my lesson.

  10. Uncle Patso says:

    I only use my bank’s ATMs. I look at those stand-alone units in convenience stores and bars and street corners and wonder “who uses those?” And the answer comes, all unbidden: “Those who would chew gum they found on their shoes.”

    # 5 Not quite so fast there:
    “The machines have cameras that record the person at the machine. […] People like to commit fraud where they won’t be recognized and have their picture taken.”

    Let me remind you that they have these things now, called “hats” and “shades” and even “makeup.”

    = = = = =

    I want one of those cards that generates a new number every time it’s used.

  11. ATM Expert says:

    As an ATM expert, I can safely say that this “expert” wanted to strike fear in the hearts of ATM users and did not provide accurate data.

    The ATM does NOT store your CC number. No ATM stores anything but the last four. This data is not “captured” off your card but provided by the network to the ATM to be stored in the Electronic Journal.

    This was a total scare tactic designed for sweeps week and to boost his elan in the consulting business and to scare people.

    Pathetic and he is certainly no expert. If he needed a “hacker” to print out the EJ he’s a complete imbecile.

  12. Hey “ATM Expert”
    What are the thousand plus 16 digit numbers I have printed out? Thy all begin with 4’s and 5’s. Imbecile.

  13. Wonderful blog! I found it while surfing around on Yahoo News.
    Do you have any suggestions on how to get listed in Yahoo News?
    I’ve been trying for a while but I never seem to get there! Cheers


Bad Behavior has blocked 11923 access attempts in the last 7 days.