Follow us on Twitter!
Become the change you seek in the world. - Gandhi
Saturday, April 19, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 33
Guests Online: 32
Members Online: 1

Registered Members: 82831
Newest Member: FL4SHC0D3R
Latest Articles
View Thread

HellBound Hackers | HellBound Hackers | Questions

Author

Working of ATMs

goluhaque
Member



Posts: 197
Location: India
Joined: 17.02.10
Rank:
Apprentice
Warn Level: 30
Posted on 17-03-10 12:40
I was wondering how ATMs work. They work over a network(as all withdrawal or deposits have to be updated immediately). So if a hacker hacks in their network, by using MITM and other such attacks, he can modify the value the Bank Server sends to the request of the ATMs(thinking of them as in a Client Server relationship). Thus, a person can take out or withdraw a whole lot of cash that is not in his account(as the ATM or the client first checks if the amount requested to be withdrawn is lesser than the amount in the account and is also less than the maximum withdrawal amount of the day).
Author

RE: Working of ATMs

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 17-03-10 12:55
goluhaque wrote:
I was wondering how ATMs work. They work over a network(as all withdrawal or deposits have to be updated immediately).


No, there's a delay.

So if a hacker hacks in their network, by using MITM and other such attacks, he can modify the value the Bank Server sends to the request of the ATMs(thinking of them as in a Client Server relationship).


You can't, because heavy encryption is applied on the data and there's checks to be passed you can't pass if you modify the data.

Thus, a person can take out or withdraw a whole lot of cash that is not in his account(as the ATM or the client first checks if the amount requested to be withdrawn is lesser than the amount in the account and is also less than the maximum withdrawal amount of the day).


You can't withdraw cash that isn't in your account using a MitM attack.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: Working of ATMs


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-03-10 17:01
Even skimmers have encryption these days.
HAD
More details
And thats 2008!


Author

RE: Working of ATMs

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 17-03-10 17:27
wolfmankurd wrote:
Even skimmers have encryption these days.
HAD
More details
And thats 2008!


Skimming is a completely different "exploit". With skimming, you make an -exact- copy of someone's card and you tape someone's pin code with microphones or cameras (most used).

With skimming, you're not exploiting the ATM. You're copying someone's banking pass and PIN code and then proceed to make a "valid" transaction.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: Working of ATMs


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-03-10 18:00
spyware wrote:
Skimming is a completely different "exploit". With skimming, you make an -exact- copy of someone's card and you tape someone's pin code with microphones or cameras (most used).

With skimming, you're not exploiting the ATM. You're copying someone's banking pass and PIN code and then proceed to make a "valid" transaction.


Well done for stating the fucking obvious.

I was pointing out that all things atm are encrypted to the point that even the thiefs are protecting the data

Anyone with more inteligence than a pub toilet skidmark would have realised this.


Author

RE: Working of ATMs

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 17-03-10 18:06
wolfmankurd wrote:
Anyone with more inteligence than a pub toilet skidmark would have realised this.


Kay, I wasn't being a dick but I tried to stay on the goddamn topic OP put there in the first place. Yeah, skimming, that's totally rad. Not what he/she was trying to discuss. "MITM" was mentioned several times, and was talking about encryption and interception/altering of data.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s

Edited by spyware on 17-03-10 18:08
http://bitsofspy.net
Author

RE: Working of ATMs


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-03-10 22:27
http://en.wikiped. . .e#Security


Author

RE: Working of ATMs


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-03-10 15:07
spyware wrote:
wolfmankurd wrote:
Anyone with more inteligence than a pub toilet skidmark would have realised this.


Kay, I wasn't being a dick but I tried to stay on the goddamn topic OP put there in the first place. Yeah, skimming, that's totally rad. Not what he/she was trying to discuss. "MITM" was mentioned several times, and was talking about encryption and interception/altering of data.


Skimming and and fake keypads are mitm. They sit between you and th ATM and steal data.


Author

RE: Working of ATMs

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 18-03-10 15:59
wolfmankurd wrote:
Skimming and and fake keypads are mitm. They sit between you and th ATM and steal data.


This isn't MitM, because with a MitM scenario you need to be able to forge data between client<->server.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: Working of ATMs


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-03-10 16:36
AFAIC, no encryption is needed, so long as you are in between the two parties it's MITM.

In the case of the skimmer and fake fascia above, the victim thinks they are sending messages directly to the ATM system, and the ATM system thinks it's getting messages directly form the victim.

However, the are really being intercepted by the fake fascia, which could also potential modify the input...


Author

RE: Working of ATMs

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 18-03-10 16:42
wolfmankurd wrote:
However, the are really being intercepted by the fake fascia, which could also potential modify the input...


I've never heard of a successful skimming attack in which the card-clone machine also edits data that is passed to the ATM.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: Working of ATMs


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-03-10 16:50
spyware wrote:
I've never heard of a successful skimming attack in which the card-clone machine also edits data that is passed to the ATM.


Several factors here. The potential exists firstly, and that's all that matters. It is not neccesary to alter the data (you only need to do it's an assymeteric encryption scheme, otherwise just listen and let live)

Secondly, exaclty how many skimming designs can we know about, except for unsuccessful ones? I know of a few types, but I have never researched them, maybe you have idk, more importantly I don't care.

It's MITM get over it, you were wrong, thats okay no one except you cares.


Author

RE: Working of ATMs

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 18-03-10 17:12
wolfmankurd wrote:
It's MITM get over it, you were wrong, thats okay no one except you cares.


It's not a man in the middle attack, I wasn't wrong. It's not about "caring", I just don't like to see terminology abused, people reading this thread might get a wrong idea about MitM attacks and what the term "man in the middle" means.

Cloning a card is theft of data that happens between client<->bank communication, yes, but that doesn't make it a MitM attack. You can consider something a MitM attack when the attacker can successfully impersonate/act as the endpoint of a transmission. This is not the case here.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: Working of ATMs


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-12-10 12:55
This is how i see your argument.

One is passif mitm, when ones steals credentials, this only happens for a few seconds, just the time to get the information.

The other could be considered actif/continuous/live when ones become the live link between the server and the client. Data is continuously passed through the attacker (the man in the middle).


So is this a correct way to see it?
Author

RE: Working of ATMs

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 15-12-10 16:11
litsnth wrote:
This is how i see your argument.

One is passif mitm, when ones steals credentials, this only happens for a few seconds, just the time to get the information.

The other could be considered actif/continuous/live when ones become the live link between the server and the client. Data is continuously passed through the attacker (the man in the middle).


So is this a correct way to see it?


No, and in the future try to refrain from bumping ancient threads if your posts aren't useful. Please.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: Working of ATMs

stealth-
Member



Posts: 1003
Location: Eh?
Joined: 10.04.09
Rank:
Mad User
Posted on 17-12-10 00:03
spyware wrote:
goluhaque wrote:
I was wondering how ATMs work. They work over a network(as all withdrawal or deposits have to be updated immediately).


No, there's a delay.


Since this is already bumped, might I ask what you meant by there being a delay, spyware?


The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealt. . .
http://www.stealth-x.com