Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Change your default passwords now

Protect yourself with one very simple step

Article comments

Last month, the FBI arrested a 19-year-old grocery store employee for trying to steal hundreds of thousands of dollars from ATMs. He planned to use default passwords he found online to reprogram the ATMs, convincing them they held $1 bills instead of $20 bills. Moral of the story: Change your default passwords.

Wait, did that advice come a little too soon? After all, there's a lot more to the story of Thor Alexander Morris, according to the affidavit from the FBI agent who led the investigation.

It seems Morris got the idea from a YouTube video that showed how to hack a widely deployed ATM made by Tranax Technologies. And the manual for those machines was available online, laying out all the information for adjusting an ATM so it gives out more money than it should, including the default maintenance passwords.

An ATM programmed to give out $1 bills when it actually held twenties would respond to a request for $500 by counting out 500 $20 bills, or $10,000. At that rate, hitting just 30 ATMs would net $300,000. At least, that was Morris' plan. Moral of the story: No kidding, change those default passwords.

So Morris flew to Texas, after making contact online with a Houston con man who said he could find dozens of Tranax ATMs. Morris bought a prepaid debit card, just as he'd seen online. He found an unsecured Wi-Fi signal and activated the card using the name "Barack Obama," then asked a friend of the con man to drive him to a flea market that had the right kind of ATM, where Morris put on a wig and fake beard and set to his task.

Unfortunately for Morris, the con man was feeding information to the FBI. The "friend" was an undercover agent. And the ATM was under surveillance. Oops. Moral of the story: Really, change those default passwords. And pray you get an attacker this hapless.

Maybe you're thinking another moral should be: Curse the Internet for making it easy for crooks to find things like default passwords.

But the Internet made it much easier for the FBI, too. The law enforcement agency had clear photos of Morris, straight from his Facebook page. And his emails and instant messages to the con man let investigators know pretty much everything he planned to do.

Oh yeah, and the con man let FBI agents use his online identity to contact Morris directly. On the Internet, nobody knows you're a fed. (Besides, your help desk probably saves itself a lot of work by pulling manuals from the Internet instead of searching among shelves, boxes and piles of documentation. Of course manuals are on the Internet, along with tips, how-to's and dirty tricks. That's what the Internet is for.)

As it turned out, Morris' scheme was probably doomed from the start. That YouTube video was based on an ATM heist that took place in Virginia in 2006. After that, Tranax patched its software so installers had to change the default passwords before ATMs went into service. Morris never had a chance.

Make sure the would-be thief who goes after your systems doesn't do any better. Moral of the story: Honest, you should change your default passwords. And apply your vendors' security patches. And when in doubt, call the FBI.

And never, ever get your security advice from YouTube.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *