informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/anarchy/MISCHIEF/anrky07.txt

121 lines
5.2 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

JACKPOTTING: What is it?
By: The Prowler
The Police Station
612-934-4880
JACKPOTTING was done rather successfully a while back in (you guessed
it) New York.
What the culprits did was:
sever (actually cross over) the line between the ATM and the
host. insert a microcomputer between the ATM and the host. insert
a fradulent card into the ATM. (card=cash card, not hardware)
What the ATM did was: send a signal to the host, saying "Hey! Can I
give this guy money, or is he broke, or is his card invalid?"
What the microcomputer did was: intercept the signal from the host,
discard it, send "there's no one using the ATM" signal.
What the host did was: get the "no one using" signal, send back "okay,
then for God's sake don't spit out any money!" signal to ATM.
What the microcomputer did was:
intercept signal (again), throw it away (again), send "Wow! That
guy is like TOO rich! Give him as much money as he wants. In
fact, he's so loaded, give him ALL the cash we have! He is
really a valued customer." signal.
What the ATM did:
what else? Obediently dispense cash till the cows came home (or
very nearly so).
What the crooks got:
well in excess of $120,000 (for one weekend's work), and several
years when they were caught.
This story was used at a CRYPTOGRAPHY conference I attended a while
ago to demonstrate the need for better information security. The
lines between ATM's & their hosts are usually 'weak' in the sense that
the information transmitted on them is generally not encrypted in any
way. One of the ways that JACKPOTTING can be defeated is to encrypt
the information passing between the ATM and the host. As long as the
key cannot be determined from the ciphertext, the transmission (and
hence the transaction) is secure.
A more believable, technically accurate story might concern a person
who uses a computer between the ATM and the host to determine the key
before actually fooling the host. As everyone knows, people find
cryptanalysis a very exciting and engrossing subject...don't they?
(Hee-Hee)
__________
| |--<<<<---| |---<<<<---------/-----\
| ATM | microcomputer / host \
| | | | | |
| | | | \ /
|________|--->>>>--| |--->>>>---------\-----/
I know the person that accomplished this feat, here in Orange County
in the very recent past:
The B of A ATM's are connected through dedicated lines to a host
computer as the Bishop said. However, for maintenance purposes, there
is at least one separate dial-up line also going to that same host
computer. This guy basically bs'ed his way over the phone till he
found someone stupid enough to give him th number. After finding that,
he had has Apple hack at the code. Simple.
Step 2: He had a friend go to an ATM with any B of A ATM card. He
stayed at home with the Apple connected to the host. When his friend
inserted the card, the host displayed it. The guy with the Apple
modified the status & number of the card directly in the host's
memory. He turned the card into a security card, used for testing
purposes. At that point, the ATM did whatever it's operator told it to
do.
The next day, he went into the bank with the $2000 he received,
talked to the manager and told him every detail of what he'd done. The
manager gave him his business card and told him that he had a job
waiting for him when he got out of school.
Now, B of A has been warned, they might have changed the system. On
the other hand, it'd be awful expensive to do that over the whole
country when only a handful of people have the resources and even less
have the intelligence to duplicate the feat. Who knows?
The PIRATES HOLLOW xxx-xxx-xxxx ;(
Distributed in part by:
Skeleton Crue xxx-xxx-xxxx located out of Moraga, California.
!!Get on the band wagon before it RUNS YOU DOWN!!
Headquarters for Computer Hackers and Anarchists to Overthrow the State
(CH&AOS)
Another file downloaded from:
!
-$-
! .
/_\ /-o-\ & the Temple of the Screaming Electron
(o..) | * Walnut Creek, California
+ |:| /^\ /~\
! |:|/\ _| |____|:| 2400/1200/300 baud 415-935-5845
/^\ / O |/...\ /_-_\ Jeff Hunter, Sysop
|@ \_| @ /:::::|/|- : -| \
| | | /~ |/| _ | - - - - - - - - - *
|____|/~ @ /~\ |/|_(_)_| Aaaaaeeeeeeeeeeeeeeeeee! /
/_______|_|_|/
Specializing in conversations, obscure information, high explosives,
arcane knowledge, political extremism, diversive sexuality,
insane speculation, and wild rumours. An ALL-TEXT BBS.
Full access for first-time callers. We don't want to know who you are,
where you live, or what your phone number is. We are not Big Brother.
"Raw Data for Raw Nerves"

Reference in New Issue View Git Blame Copy Permalink