Friday, July 11, 2008

ATM Hacking and Cracking to Steal Money with ATM Backdoor Default Master Password

You should know what a Automated Teller Machine (or Automatic Teller Machine or cash machine) which commonly known as ATM is. Yes, ATM is commonly used to access bank accounts in order to make cash withdrawals or credit card cash advances, where after keying in your PIN number, ATM will disburse cash notes to you. You should also know that when you withdraw let’s say 100 dollars, the ATM should dispense 5 USD notes in 20-dollar denomination. But what if now the ATM dispenses 20 20-dollar USD bills instead? It happened not because the bills and notes are not been stocked in correct denomination, but because you can actually make it happens at the ATM cash machines that leave its backdoor opened by not changing default factory administrative passwords and default combinations for the safe.

So what you going to do in order to hack and crack the ATM so that the cash machine will give you more money than it suppose to? It’s unlikely common ATM trickery or fraud scam that uses various high-tech devices to capture identity of your ATM card and PIN number. Firstly, identify the ATM maker and model from the video on news about ATM reprogramming scam fraud at at a gas station on Lynnhaven Parkway in Virginia Beach.



Unable to identify what model of ATM cashpoint is it? Matasano has revealed the brand and model of the ATM to be Tranax Mini Bank 1500 series. So it’s this type of cash machine is possible for hacking. 27B Stroke 6 reported that Triton’s ATMs’ manuals also contains factory default pass-code and backdoor key sequence, although no successful fraud story been reported on Triton’s ATM machines. Matasano also details the step that needed to be taken in order to be able to hack into the ATM for re-programming. That’s to get hold on a copy to Tranax Mini Bank 1500 Series (MB1500) operator manual or installation manual, which contains a lot of security sensitive information includes:

  • Instructions on how to enter the diagnostic mode or operator function menu.
  • Default Master, Service or Operator passwords.
  • Default Combinations For the Safe.

The manual that was found on the web Tranax_MB_Operator_Manual.pdf has been taken down, however, Google should be able to help you with its cache. Inside the Tranax Mini-Bank 1500 user guide manual, you can also learn how to set the denomination of the type of bill (the value of the cash notes i.e $1, $5, $10, $20, $50 or $100) that the ATM’s cassettes will be dispensing. That’s all you probably need to trick the ATM to think that the $20 bills it dispensed are actually of the $5 or $1 bill, possibly earning you a hefty profit. So, the only thing left now if you trying your luck to find an ATM cash machine that haven’t been changed its factory default passcodes and passwords. Tranax has shipped 70,000 ATMs, self-service terminals and transactional kiosks around US, where majority of those shipments are of the flagship Mini-Bank 1500 machine that was rigged in the Virginia Beach heist, according to eWeek.

The ATM scammer in Virginia Beach case successfully to re-program and trick the Tranax MB1500 series ATM to act as if it had $5 bills in its dispensing tray instead of $20 bills, and the withdraw cash using a pre-paid debit card with a 300% profit. However, he forgot to reprogram back the ATM to correct denomination, and the ATM was left misprogrammed for next 9 days before somebody reported the misconfiguration, and hence revealed the fraud.

Disclaimer: This article is only for educational purpose.