Man Used MP3 Player To Hack Cash Machines

Juha-Matti Laurio writes "A man in Manchester, England has been convicted of using an MP3 player to hack cash machines. The MP3 player was plugged into the back of free standing cash machines in bars. Tones being recorded from the phone line were decoded with special software to a readable format. Later this information was used to clone credit cards."

Um...

[Spazntwich]

So he performed a generic man in the middle attack, recording information transmitted by modem and decoding it?

Hasn't this been done a million times before? Wouldn't it be easily performed with any sort of sound recorder?

Not possible in the U.S.

[Salvance]

This may be possible in Europe, but I don't believe it's possible in the U.S. anymore. 3DES has been the standard ATM encryption method for a few years, and almost all ATM machines have been converted to 3DES (by Dec 31st they apparently won't operate [atmmachine.com] unless they are 3DES since the ATM networks will only allow encrypted communications).

Even if someone can no longer use a generic man-in-the-middle attack in the future due to encryption, it's amazing how many other means for ATM fraud still exist. I couldn't believe this one [youtube.com] when I saw it the other day.

Re:Not possible in the U.S.

[fixer007]

The TDES encryption only encrypts the PIN block. The PAN and other card information is still in the clear.

This is also mandated in Europe

Re:Not possible in the U.S.

[flawedconceptions]

The link is to a story about a guy who reprogrammed an ATM to think it was dispensing 5s while it was actually dispensing 20s. I was able to find the default passwords and re-programming instructions (all in the owner's manual) on the net without much trouble. At least one owner didn't bother to change the default passwords. I wonder how many others failed to do so.

Re:

[Anonymous Coward]

Are you a retard? Why do you think the infinite wisdom of average IQ morons on YouTube somehow makes a statement of irrefutable fact?

Are you familiar with video editing? The video was "zoomed in" and as the suspect moved around, the zoomed in frame was moved around to focus on his movements. This is a very common procedure for CCTV footage aired on TV.

Re:Not possible in the U.S.

[xstonedogx]

The idea that there's a "magic code" you can enter to edit ATM internals is ridiculous.

Not when you realize they're talking about a default password.

Bruce Schneier covered the story in question awhile ago. Lots of good comments on the page, too: http://www.schneier.com/blog/archives/2006/09/prog ramming_atm.html [schneier.com]

Re:Not possible in the U.S.

[bluephone]

"The video of the suspect is a fake. Fixed cameras can't track movement like that. Even a remote movable camera couldn't pan that smoothly. CNN should have the decency to say openly that the video is a dramatization."

BUT a shoulder-mounted camera held by a cameraman pointed at a CCTV display and zoomed in on the suspect CAN track movement.

"The idea that there's a "magic code" you can enter to edit ATM internals is ridiculous."

Agreed, but it's true.

"In order to edit any ATM internals you need to open the machine"

Not true. Many kiosk ATMs are programmed from the front panel, there's not always a need to open the machine for various administrative actions.

"which would give you direct access to the cash ANYWAY."

Also not true. You can open it but the money is still in locked steel dispenser-cages, and those cages are usually locked into the machine even with the door open.

Re:

[afidel]

Yep, ATM's are classical separation of privileged implementations. Just because you have access to the electronics does not mean you have access to the cash and just because you have access to the cash does not mean you have access to the electronics. The cash is usually handled by armed guards from a security company like Brinks and the electronics by a PC service company like IBM.

No ATM req'd.

[Kadin2048]

No need to do that. You could put up a mag-stripe reader in any public place, label it "Credit Card Cleaner -- Free!" and people would swipe their cards through. I think this was actually demonstrated on a TV news channel a few years ago.

Re:

[MillionthMonkey]

Hasn't this been done a million times before? Wouldn't it be easily performed with any sort of sound recorder?

Like the scene in Wargames when Broderick's character asks the dumb guard to let him go to the bathroom and he uses a microrecorder to record tones from the keypad.

The kid in Terminator 2 used a similar technique to rip off an ATM. Even Hollywood understands man-in-the-middle attacks.

Re:

[Marcion]

The worrying thing was that he was only caught because he was a crappy driver. The actual 'Link' cash machines (which cost £1.50) to use, are still there in pubs and bars. The banks do not seem to care that normal people are getting their cash stolen.

How many other people are doing this? There seems to be no way to stop it until they recall every one of these machines and remove the USB ports.

Remember folks...

[davidwr]

MP3 players don't defraud bank customers, people defraud bank customers.

Unless of course they are Cylon MP3 players. Then they don't stop at fraud.

Re:

[markild]

...and they have a plan

Excellent

[Sqwubbsy]

You see, my friends ridiculed me for getting an Archos Jukebox instead of an iPod.
Guess they never saw the money making potential.

Re:

[LindseyJ]

My friends ridiculed me for getting an iPod instead of another brand of mp3 player.

Little did they know, I own Apple stock ;)

Re:

[loraksus]

I wouldn't be surprised if he was using one - the clarity of the recordings on my jukebox v2 is simply amazing. Hmm... I wonder how hard would it be to create an adapter for the archos to tape phone calls...

Police found fake card.

[Jawood]

Police uncovered the scam almost by accident when they stopped Parsons for making an illegal u-turn in a car in London. They found a fake bank card in his possession and searched his home in Manchester, where they found the evidence with which to prosecute.

How does one know if it's a fake credit card? I have recieved cards from retailers for store credit that look like fake credit cards (Ikea). I assume that the fake credit cards look like the real thing. That's why when you go to Lowes, the cashier will ask to see the last four digits on your card. According to one of the clerks, Lowes has been a victim of phoney credit cards - theives will take a card and reprogram the magnetic strip on the back with a valid number.

Also, do the British police have that kind of power that they can just investgate all of that over just a traffic stop?

Re:Police found fake card.

[hey!]

How does one know if it's a fake credit card?

By noticing that the name on the card didn't match the name on his driver's license?

Re:

[fredklein]

Why are the cops comparing names on all the cards in his wallet for a trafic stop??

Re:Police found fake card.

[hey!]

TFA doesn't say that they went through his wallet. Only that they "They found a fake bank card in his possession..."

Whether it was proper or not depends on how they found the bank card, and what the rules in UK say about searches. Remember -- clever doesn't necessarily mean smart. It took a clever person to dream up the scam. But a smart person wouldn't travel around with incriminating evidence unless it is well hidden. For all we know he may have had a pile of loose credit cards on the passenger seat. That's the kind of blunder many clever people I know would be likely to commit.

Re:

[aoteoroa]

Another possibility is that this crook is neither clever, nor smart, and is not the one who dreamed up the scheme but is just a lacky who doing the dirty work for somebody else. From the article:

Though £200,000 was spent on the cards, police said they believed that Parsons himself only earned £14,000 through it.

This implies that there are more people involved.

Re:

[frakir]

You can have a credit card issued with Donald Duck printed on it. Some banks will ask you what name do you want on the CC they issue. It is up to you and no law says it has to be your legal name.

Re:

[hey!]

I don't know about the rules regarding searches in the UK.

To do the kind of home search performed by the Manchester England police in the US, you need a warrant supported by probable cause. Probable cause is not definitive proof, it is "Information sufficient to warrant a prudent person's belief that the wanted individual had committed a crime or that evidence of a crime or contraband would be found in a search."

A credit card in the name "Donald Duck" might not be enough to raise a prudent person's suspici

Re:

[twosmokes]

Yeah, but I'm curious as to why the cops were even looking at his CC.

Re:Police found fake card.

[Anonymous Coward]

I'm not sure about the UK, but in the US cops are trained to notice everything.

I have so much crap in my car that they wouldn't even notice a dead cop on my floorboard.

Re:

[N Monkey]

I'm not sure about the UK, but in the US cops are trained to notice everything. I have so much crap in my car that they wouldn't even notice a dead cop on my floorboard.

You (and the investigating policemen) must have pretty badly block sinuses (euurgh!)

Re:

[Anonymous Coward]

Um, what do cops ask for over there when they pull you over for a u-turn? Licence, registration, and credit card???

Re:

[emilyridesabmx]

I imagine that the card was an unprinted blank, and this guy just programmed the mag strip with the correct info needed to withdrawal money. The actual printed info on the card has no bearing on how an ATM, or other reader,perceives it. That's only for cashiers. It's pretty difficult to imprint a blank with the raised numbers, colors and holograms. It's simple to program a mag strip. I'm suprised this doesn't happen much more frequently.

Re:

[adolf]

Perhaps.

But you must realize that none of these cards are really very secure.

I can only speak of Ohio, but: Driver's licenses here are produced using commercial, off-the-shelf printers. There's barcodes and a magstripe, but those are hardly authentication mechanisms. The information contained in those stripes and barcodes is only a plaintext copy in industry-standard form of some of the same information that is printed plainly on the front of the card, and is therefore useless for authentication. There'

Re:

[adolf]

Er. Ok. So your Lowe's store is particularly trusting; mine is not.

When I go to Lowe's and pay with my debit card, they always ask me to hand it to them. And then they look at the back of it, see that my signature is vague/distorted/old, and ask to see my license. Every fucking time. Therefore, both items (the bank card and the license card) need to match.

And: The cardholder name is recorded on the mag stripe, and is often shown various POS displays during the sale, and is trivially compared to the na

Re:

[REBloomfield]

erm... you could always carry the credit card sized portion in your wallet, couldn't you?? I got pulled over once for having "intermittent brakelights", and they were quite happy only seeing one half of my license. They were quite happy with it when my wife got pulled over on New Years Eve for "driving overly cautiously" too.

Re:

[stuffL0r]

Also, do the British police have that kind of power that they can just investgate all of that over just a traffic stop?

There's no concept of Probable Cause in British law. A cop doesn't even need to witness an illegal u-turn to stop and search you and your car.

Re:

[Crusty Cracker]

US police have the right to search you over a simple traffic violation as well...

NO THEY DON'T!!!!!

[no reason to be here]

US police DO NOT have the right to search your car for a routine traffic stop. It is a violation of the 4th amendment, and every time a cop asks to search your vehicle without reason, and you let him, you are just throwing your constitutional rights away. If a cop pulls you over because you were speeding or your inspection is expired or because you didn't come to a complete stop at a stop sign, et al, he does not have the right to search your vehicle. I repeat:

POLICE DO NOT HAVE THE RIGHT TO SEARCH YOUR CAR DURING A ROUTINE TRAFFIC STOP IN THE US!!!

Now then, if something else is amiss, like say, when the cop turned on his lights, you started throwing bags of white powder out the windows onto the highway median, then he does have the right to search your vehicle.

MOD PARENT UP

[xstonedogx]

Also, watch this video: How to Avoid being Arrested by Cops [google.com]

The video shows people obviously doing things both legal and illegal, and explains how they can avoid arrest and conviction.

4th, 5th, 6th Amendment Wallet Cards to carry

[bewert]

NORML's is here [norml.org], and another one from a lawyer is here. [legalpaladin.com] Well worth printing out and laminating and keeping in your billfold. Two things to note: 1) If you happen to be on a military base, even just to turn around and leave because you made a wrong turn, your rights are severely abridged. If you are on their property the military is free to search anything they want. 2) The War On Drugs has created a lot more room for officers to manuever in if the key phrase "drugs" is used. Here [blogspot.com] is a rather disheartening

There's law, and there's reality

[Beryllium Sphere(tm)]

If you're African-American on a lonely road with N Caucasian police officers around you from a jurisdiction known for unprofessionalism, standing on your rights might be unwise.

Also be civil to the officer and don't make his/her job any harder than it already is. Remember that if the officer swears in court that you were throwing bags of white powder out the window and you swear that you weren't, the judge will believe the officer and uphold the search. *The officer knows this*. This happens in real life: I

Specifically

[Sycraft-fu]

They have to have probable cause to search a car without permission. What that boils down to basically is a reasonable belief that a crime has been committed. The bags out the window in the parents example would provide that. However a simple traffic stop does not, by itself. Now of course they could always force the issue, it's not like you can really stop them, but it does mean that if they don't have probable cause, anything they find will be thrown out in court (and a good defense attorney will challeng

Re:

[Thansal]

The standard is actually the same for searching a home, the difference is that except in some extenuating circumstances the police have to present the probable cause to a judge beforehand and get a warrant for a home search, whereas they can conduct a search of a car with no warrant and then present the probable cause later in court. Either way the standard is basically the same, they've got to have some reason to believe a crime was committed.

For refference, the piece of law you are reffering to is reffere

Re:

[Fastolfe]

I had a friend of mine in college get pulled over for something benign, but they suspected something more was going on, so they asked to search his car. He stood up to them and said no. 3 hours later, surrounded by 3 other police cars and after some drug-sniffing dogs had gone over the outside of their car, they were allowed to leave with tickets for 2 or 3 minor offenses (basically everything the police could find to charge them with).

But you're right: they never searched his car. I understand it was qu

"I thought I smelled marijuana"

[bigtrike]

...and your rights are gone. They might even bring the K9 unit out and get the dog to bark on command.

Re:

[loraksus]

I did the math and pissing on your average male cop (taking into account height and weight) will not actually put out the fire, but will extend the agony by approximately 5.2 seconds, and smell really bad.

Re:

[oliderid]

If I'm arrested by British policemen in London, I won't forget to remind them the constitution and its 4th amendment...And if they laugh and I will ask kindly but firmly to talk to their president.

Re:

[Thansal]

well, 2 soloutions.

1) Stop speeding (seriously, what every you have done to get pulled over 10 times, just stop).

2) Make your objections clear, if they insist, LET THEM. Anything they find is inadmisable as evidence (any decent lawyer will get it thrown out).

3) If you regularly are gettign harrassed, report it. If nothing gets done, escelate your report to the next highest point you can find (lather, rinse, repeate)

Re:

[The_Wilschon]

2) Make your objections clear, if they insist, LET THEM. Anything they find is inadmisable as evidence (any decent lawyer will get it thrown out).

Bzzt! If you waive your rights, then your rights are gone. You consent to a search of your car, and anything they find is admissible as evidence. If they search your car without your consent, then anything they find is inadmissible.

Re:

[mzwaterski]

I'm pretty sure that when he said let them, he meant don't try to physically restrain them, not give consent. If the cop really plans to search there is nothing that you can do, but as the GP said, "make your objections clear" and nothing that they find will be admissible evidence (probably).

Just some thoughts

[Lando]

Not really commenting on your comments, but wanted to put in a couple of thoughts on the subject.

I wonder, I don't have to have anything illegal in order for me to not want the police to search my vehicle. I have been stopped in the past and had the vehicle searched even when I did not give persmission. I had nothing illegal. I just don't feel that a police state is a good thing. Another thing that pisses me off is the fact that in the name of fighting drunk drivers many police dep

Re:

[runcible]

A few years ago while working a contract doing security software, I found myself in possession of several exciting pieces of tech, including a mag strip reader/writer and a stack of blanks -- actual blanks, totally white on both sides except for the mag strip itself, no numeric impressions. Bored one Saturday, I cloned one of the credit cards in my pocket and walked around the corner to a bodega, got a pack of cigarettes and a coke, and attempted to pay with the totally unmarked card. The guy took it -- loo

Re:

[MWoody]

Well, presumably, the card wasn't designed to fool a person; just an ATM machine. So it was probably just a rectangular slice of plastic with a magnetic strip that he couldn't explain.

No encryption

[TorKlingberg]

Banks don't encrypt the communication between ATMs and the bank? Seriously?

Re:

[multisync]

Exactly. Why is it we always see headlines about people "hacking" this and that, but we never read about people responsible for putting our information - not to mention our credit ratings - at risk being hauled in front of a judge to answer for their negligence.

Re:

[fixer007]

Usually only the PIN block is encrypted between an ATM and a Host. This wouldn't really stop anyone from getting the card information, but without the PIN, theoretically that information would be useless.

I've also seen encrypting modems being used between ATMs and Hosts.

Re:

[OmnipotentEntity]

But what good is that? There's only 10000 possible pins, for current computers that can do millions of hashes a second that's a bit on the useless side.

Re:

[asuffield]

This wouldn't really stop anyone from getting the card information, but without the PIN, theoretically that information would be useless.

I have been making online purchases with my cards for years, and at no point have I been asked for a PIN. This one falls under "security through weakly hoping that nobody wants to steal any money".

Standard technique is to capture the card numbers and use them to make online purchases of goods which are highly liquid on the grey market - jewelry, DVDs, consumer electronics.

Re:

[Salvance]

Maybe not in Europe, but in the U.S. all information is encrypted using 3DES or other encryption algorithms (it's now mandatory by law). On some machines (like the Diebold ATMs), hardware encryption is used in the keypad. This ensures that even if you somehow planted a device inside the ATM to capture data sent from the keypad to the CPU you still wouldn't be able to get personal information.

Re:

[GooberToo]

As someone posted above, only the PIN is encrypted. The card number is available as clear text.

Re:

[popsicle67]

Most of the time an atm in a bar isn't owned by any bank and keeping up with all the different encryption methods would be cost prohibitive unless everyone who owns atm's decided on one to use exclusively. You know that won't work because any encryption will be cracked and it would be "dog chasing tail" from then on. The pragmatic truth is that the fraud generated is cheaper than prevention and the publicity that comes with it's failure.

Re:

[dami99]

I disagree.

I think we can consider things like AES to be safe for awhile yet. (At the mimiumum, not worth cracking for someones PIN # or CC#)

All the same, implementing a new encryption algorithm on these machines should, for the most part, be no more difficult than a firmware upgrade. I don't imagine that's too involved of a process to do every few years.

"keeping up with all the different encryption methods would be cost prohibitive"
--- I don't buy that either, encryption standards neither change often, no

Re:No encryption - Worse than you think.

[MtlDty]

Its probably worse than you think. (I write software for card authorisation and Electronic Funds Transfer systems.)

In my eyes the end of day polling file is the easiest attack. At the end of the working day each store will gather all of that days transactions into a file and submit them to the bank for collection. The file contains the card number, expiry date, value of the transaction etc etc. Most stores will submit this file over PSTN dialup, and without encryption. A few banks (Natwest/Streamline for example) encourage encryption, but none mandate it.

You can imagine for large stores that the file will contain thousands of live card numbers. Its like a wet dream to a fraudster and all it would take is a phone tap on the line (similar to what this guy did).

Re:

[shish]

not only that, but some are indirectly connected to the net -- the only things between them and it being unfirewalled windows boxes, hence a flood of them getting hit by blaster. If one could have exploited that hole to get a rootkit instead of a reboot, a lot of ATMs could have been thoroughly owned :-/

There's only one solution

[Anonymous Coward]

Really. We need to ban MP3 players and send terrorists (illegal MP3 player users) to Gitmo.

Re:

[jerkface.us]

If you outlaw mp3 players, only outlaws will have them.

Re:

[edwardpickman]

Really. We need to ban MP3 players and send terrorists (illegal MP3 player users) to Gitmo.

Actually just make them use Zune players. They won't play music so I doubt they'd be any good for hacking bank security.

So the criminal is convicted...

[Limax Maximus]

But what about the companies that send data in clear down an insecure medium?

Perhaps it is time our government created another act (Yes, I know we've got too many) which would be called the 'Computer responsible use act' which bans anyone from sending sensitive data in clear, bans all none bluetooth wireless keyboards and makes it an offense to have an unpatched machine on the internet.

Ok, what he did was illegal however what the ATM makers did is far far worse. So which banks care about ID theft?

Re:

[YrWrstNtmr]

How about we call it the "Computer Responsibility Act (Provosional)"

It's already illegal to do what this guy did. Make it harder, and you simply 'make it harder' for criminals, not impossible. I don't think what the ATM makers did (non-encryption) is 'far far worse'. Leaving your car unlocked is not 'far far worse' than the clown who steals it.

Re:

[GeffDE]

Bad analogy -5. A better analogy is a clown leaving a rental car unlocked and having it stolen. In this case, the rental car company is the person using the machine, the personal info is the car and the clown is the insecure ATM. The thief stars in a cameo role. The ATM makers did do something far, far worse. They are leaving personal information that is not theirs available to anyone who tries to get it. That is called Gross Negligence and should be prosecuted. I mean, some people have been, but not

Re:

[bsantos]

I think it's like the car manufacturer didn't build locks on the doors.

Re:

[Limax Maximus]

I've always used the idea of an act such as that as a piss take for whenever we see hacked boxes that is clearly the users fault. Obviously such an act would never come into force and nor would I support it (except on 1st April). On the whole theft of details business I'd disagree over it being worse to steal details than making them available. Banks are always blaming their customers for leaving details in bins and so on yet when they make such a monumental fuck up all they do is get the person prosecute

Re:

[Beryllium Sphere(tm)]

>I don't think what the ATM makers did (non-encryption) is 'far far worse'.

Thief: steals from dozens or hundreds and extracts tens of thousands of dollars.
ATM system designers: endanger millions of people and billions of dollars.
Thief: subject to all the machinery of the criminal justice system.
ATM system designers: legally protected.
Thief: expected to be a thief. We have a chance to take precautions.
ATM system designers: trusted by default. Very few of us have checked the encryption on ATMs before using

now you can get $$

[badran]

So now all mp3 player owners can pay the RIAA ..... well i guess it all will workout ....

On the downside

[edwardpickman]

The ATM charged him for all the illegal download music on his MP3 player so the robbery was a net loss.

Wow

[Demona]

Life imitates art [imdb.com] :)

Re:

[Patik]

I was thinking of the beginning of another movie [imdb.com], when the boy plugs a device into an ATM to scan for a card number and/or PIN so he can finagle some cash out of it.

Re:

[Demona]

(looks at respective UID's) Hey! You kids get off my lawn!

Movie

[z_gringo]

I saw this movie! Harrison Ford was in it, and lots of people were talking about how stupid it was, except he used the MP3 wired to a fax machine to "read" the numbers off the screen, which was pretty stupid.

It's too bad they didn't think up something more plausible like what this guy did.

Wow

[Joebert]

I'm suprized nobody ever noticed this guy rigging the back of the ATMs.
Surely there isn't a ready-made plugin for my iPod in the back of theese things. Is there ?

Re:

[leenks]

Just go in looking like a technician, with a briefcase of tools, plus a fake ID with the logo of the ATM manufacturer on it. Nobody would know, especially in a hotel etc, and you'd probably get unrestricted access to the machine - maybe even more than that, eg access to all the documentation for it, the hotel account details etc.

Re:

[kd5ujz]

Possibly using an acoustic pickup?

What brand of mp3 player?

[xwizbt]

It's just me wondering what brand of mp3 player he used, then, is it?

I don't suppose it matters if he's just capturing audio data; in fact it's hardly even important that he was using an mp3 player - he could just have easily used one of those handheld cassette recorders.

Re:

[pimpimpim]

Yes, but mp3 players are the source of all Evil! In fact, the ATM designer probably has the best chance to nail this guy by sueing him for copying the sound combinations (aka music) from the device, that are of course the IP of the ATM designer. He's not even a thief, he's a bloody pirate!

Phreaking...

[Cyno01]

So payphones are more secure than ATMs? I still always keep a $.25 tone on my MP3 players, more for nostalgia than anything else.

Wow

[breadiu]

That is so Firewall. Harrison Ford would be proud.

Oh Noes!

[SeaFox]

Oh no! We must immediately ban all MP3 players! Terrorists could use them to fund their War Against America.

Ogg Players

[Anonymous Coward]

If it had been an Ogg Vorbis player, instead of allowing the man to steal for himself, it would have taken the total balance on the cash machine and redistributed it equally to all accounts.

One more thing I didn't think of

[lateralus_1024]

He wouldn't have got caught had he used Ogg Vorbis!!

Whose liability is it?

[Myria]

When this man stole the money, whose liability was it? To the bank, the withdrawals looked like those customers, and they couldn't have known it was fraud. When the victims find out, can they go to the bank to get their money back, or is the bank immune?

Melissa

Re:

[jb.hl.com]

Probably the bank, but you can bet that the banks will fight any attempt to get compensation out of them every step of the way. Part of the beauty of the new Chip and PIN (EMV) system in the UK is that the liability for fraud is shifted from the bank (they thought the fraudster was a legitimate customer) to the cardholder (who can't prove they didn't make the payments). I presume the same deal applies here.

there's a better way...

[Anonymous Coward]

....just become a bank. Really, why go low scale? You are allowed to loan money which doesn't even exist, and to receive back the theoretical principal along with *interest*. It's the biggest economic scam and legalized theft scheme out there, and it is widespread in the vast number of nations simply because it is such a wonderful way for those goons to "make money" without working for it.

http://en.wikipedia.org/wiki/Fractional-reserve_ba nking [wikipedia.org]

Cops are in general just retarded, just follow orders from their

Re:

[xenocide2]

Maybe I'm just reading this Wikipedia wrong, but isn't this just talking about loaning money placed in savings accounts? It's not like they're secretly minting money in the back room, they're just not holding onto all the money given to them in the bank. The amount they keep on hand is the fractional reserve. The money they loan out comes directly from deposits. Now, economically, giving out these loans does create money, but you'd have to have had quite a few drinks before your econ class to learn this and

Re:

[FooAtWFU]

Really, why go low scale? You are allowed to loan money which doesn't even exist, and to receive back the theoretical principal along with *interest*.

How is this any different from the rest of the money supply? I don't know if you noticed this, but we're using fiat money [wikipedia.org] around these parts, which is really just money because people believe it's money. It's as immaterial and illusionary as everything else. (The one thing in particular about this illusion, people frequently believe they will be able to pay t

Technology being used was Ukraine origin

[jjMick]

This Guardian (UK) article states that Technology imported from Ukraine was used to decode the tones from the transactions and turn them into [computer] information:
http://www.guardian.co.uk/crime/article/0,,1948026 ,00.html [guardian.co.uk]

I guess...

[k3vlar]

I guess MP3 player owners really are thieves [neowin.net] after all.

DMCA

[GooberToo]

Seems like he should be charged under the DMCA too.

Re:

[Marcion]

Seems like he should be charged under the DMCA too.

He is in the UK, And US laws do not apply here... Unless they are Illinois laws!!! [spamhaus.org]

Re:

[GooberToo]

Actually, if you were not such an idiot, and if he lived in the US (as the other poster pointed out), charging him under the DCMA would be great because it would help show the abuse this law has created. It would have the potential to create support to repeal that horribly broken law.

But, since you're such a loser, too dumb to realize how the world works, we'll just have to laugh and point at you while the world goes on.

novelty value only

[pbjones]

the same could be done several different ways, just because they use an MP3 player as a recording device, shock/horror, doesn't mean that is should even have been the subject of a /. entry. I prefer th stories about the micro-camera above the keypad and the cardreader in the phoney face plate. I check for this each time. Or even better. friend ends up with the wrong card after leaving a bar, the barman had swapped the card and is recording pin numbers via a repositioned security camera.

Yes, it's illegal, and yes...

[jpellino]

.. he should go to jail, and it was bad thing to do.

But what a monstrously cool - um - "solution".

I am having difficulty reconciling...

[mark-t]

... the fact that I don't condone what he did at all with the fact that I am nevertheless also thoroughly impressed with the fact somebody actually did it. I mean, serously... hacking a bank machine with an MP3 player? Before this became news, who woulda thunk it?

Re:

[Anonymous Coward]

I AM A FISH!

Fishes are mute, dammit!

Re:

[finity]

Fishes are mute, dammit!

That doesn't mean they can't type...