FBI Foils Attempted ATM Hack

Expert: Fraudster Found ATM Manufacturer's Manual Online A North Carolina man was arrested in Houston, TX in April after he tried to hack into an ATM and change its passcode, according to the FBI. Thor Alexander Morris, 19, was arrested at a flea market after trying to enter a default administrative passcode on a Tranax Mini-Bank ATM.

FBI officials say they knew about the ATM Fraud caper all along, as Morris' accomplice was actually a federal informant. Morris conspired with the federal informant, Brian Martin, a former con artist, to reprogram ATM machines across Houston. The plan was to set up the machines to think they were loaded with $1 bills instead of $20 bills. This would allow Morris to pull $8,000 in cash from one machine with a $400 withdrawal from a prepaid debit card.

According to the criminal complaint filed against him, Morris' plan was thwarted when he tried to reprogram the first ATM and failed to get the machine to recognize the default passcode. The machine he tried to change had already had the default passcode changed. FBI agents arrested him at the scene.

This kind of ATM crime is more commonplace than people believe, says identity theft and security expert Robert Siciliano. "The ability of a machine to change its denominations still exist today, but banks rarely dispense anything other than $20.00 bills," he notes.

Siciliano explains this scam was possible because manufacturer's manuals are available online, explaining how to switch ATMs into diagnostic mode. The manuals often list typical factory-set default passwords. If the machine is deployed as-is out of the box, then this scam is easy to pull off.

"Manufacturers once mistakenly believed that their closed loop qualified dealers were the only ones who had access to the manuals," Siciliano says. "Then there was Google."

Over the years manufacturers have "smartened up" and updated the machine software to prevent this scam, however not all machines are properly updated. So, the opportunity for fraud still exists, Siciliano says.


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network