I Bought an ATM machine off Craigslist for $750 with 1000 credit card numbers inside. Yup. So much for security.

After the Vegas DEFCON ATM debacle where hackers hacked hackers by setting up a fake ATM in front of the facilities security office, I needed to see how stupid easy it was to buy an ATM and just set it up anywhere. So my search began.

I started looking on e-bay and found plenty of new and used ATMs ranging from $500-2500 but quickly determined I didn’t want to pay $300 for shipping. Next was Craigslist

I quickly found an ad from a bar north of Boston. They were selling pool tables, Budweiser neon signs and an ATM. I took my hacker with me and met Bob. Bob rented a room above the bar and was doing the deed for the owner. The bar was an old relic that was closing and liquidating its grungy assets. The ATM was sitting right next to the bar covered in 5 years of beer. Thank heavens they were smart enough to cover the keypad in clear plastic…

Needless to say I wanted to unbolt this thing as quickly as possible, get out of there and douse myself head to toe in pure alcohol hand sanitizer. After my hacker played with the manual, got it working and determined it was worth the financial risk, we loaded it on my trailer, paid $750 (down from a grand) and brought it home and put it in my garage.

My hacker comes over to my garage, manual in hand, all giggly, like hackers sometimes do and says “Watch this”. He punches the master codes to access the machines data on a device called an eprom and hundreds of credit and debit card numbers just start falling all over the floor…

Here’s the first of a few upcoming videos of what happened next:

This could make you never want to use an ATM ever again. And stay out of sleazy bars.

2 thoughts on “I Bought an ATM machine off Craigslist for $750 with 1000 credit card numbers inside. Yup. So much for security.

  1. Cinaedh says:

    I’ll walk a mile to use an ATM actually owned by and located inside a branch of my own major bank, although I’ve always been fully aware those ones can have “unauthorized added attachments” too. You just try to be careful and to pay attention.

    So far, I’ve only been ripped off by the major banks themselves, as per their standard agreements and fees for the use their services.

    Considering I’m now doing the work of a teller they fired, I always thought they should pay me to use the machines, not the other way around. I think all Canadian bank home offices are chartered in Bizarro World.

    Keep in mind, there are lots of ways of getting ripped off by ATMs. Most of them are “legal” scams by the real banks and real ATMs.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.