Copy Link
Add to Bookmark
Report
Phrack Inc. Volume 03 Issue 32 File 06
==Phrack Classic==
Volume Three, Issue 32, File #6 of 12
+----------------------------------+
] Exploration of: ]
] Automatic Teller Machine Cards ]
] ]
+----+-------------------------+---+
] Written by: ]
] Jester Sluggo ]
] ]
] Released: May 13, 1989 ]
](to Black-Ice:For Review)]
] Released: Jan 12, 1990 ]
] (to Phrack Inc.) ]
] Released: Nov, 10, 1990 ]
] (to Phrack Classic) ]
+-------------------------+
With the North American continent the being the worlds biggest
consumer of goods and services liquidity of the banking system has
become an important factor in our everyday lives. Savings accounts
were used by people to keep money safe and used by the banks to
provide money for loans. However, due to 'Bankers Hours' (10 AM to
3 PM) it was often difficult for people to get access to thier
money when they needed it.
The banking system then created the Checking Account system. This
system allowed people to have much easier access to thier money.
Unfortunately the biggest drawback of this system is that people can
not manage thier own money and accounting procedures. Millions of
times each day throughout the North American continent people are
writing checks for more money than they have in thier savings accounts.
This drawback also causes the already-backed up judicial system to
become backed up further. The banking system soon reacted to this
problem by producing 'check verification' methods to prevent people
from forgery, and overdrawing from thier accounts.
"Money makes the world go 'round" and there are many different ways
to make this world spin. Today we have checking accounts, credit
cards, travelers checks, and the most 'liquid' form of money: cash.
Cash transactions are untrackable and widely accepted, so I feel
the "Paperless Society" will never happen. Automated Teller Machines
provide consumers with 24-hour access to cash-sources. By simply
inserting a plastic card into the machine and keypadding-in the
owners' "account password", you can access the owners bank account
and receive cash in-hand. This file will explain some details of
the automated tellers and the plastic card used by the Teller-system.
The automated teller is connected by wires and cables to a "Main
Computer". During each transaction the teller sends signals to
the main computer. The main computer records each transaction
(a deposit or withdrawl) and updates the card-holders account.
It also sends 'approval' or 'denial' signals to the ATM in regard
to the transaction requested. If a card-holder attempts to withdraw
$150.00 from his account and he has only $100.00 in it, the main
computer will tell the ATM to deny the transaction.
The ATM has 2 compartments to store cash in. The first is the "deposits"
compartment. This is a small area that receives the daily deposits.
It is located in the upper-part of the machine, near all the mechanical
devices. However, because most ATM transactions are withdrawls the
complete bottom-half is filled with cash where the withdrawls are
extracted from.
The plastic card inserted into the machine is the same size as a
credit card. The front of the card is embossed with information
about the card-holder. The back-side of the card has a thin strip
of magnetic tape which also holds some important information.
+--------------------------+ +--------------------------+
] CIRRUS ] ]--------------------------]
] INSTANT CASH CARD ] ]/////(magnetic strip)/////]
] ] ]--------------------------]
] Acct: 12345675 Exp. ] ] ]
] Joe Schmoe 01/91 ] ] "card-holders signature" ]
] ] ] ]
+--------------------------+ +--------------------------+
Front-side Back-side
When a cardholder inserts his card into the machine and requests a
transaction, the machine reads the embossed information from the
front-side and compares it with the data stored on the magnetic
strip; looking for a 'match' of the information on both sides.
The information on the front-side is easily readable with your
eyes. However, you can not read the data on the magnetic-strip
so easily. You may ask , "What is stored on the magnetic strip ?".
The answer is; the same information as the embossing plus some
'confidential' information regarding the cardholders' financial
status is stored there. The magnetic strip has 3 "tracks" on it.
The first track can store 210 BPI (Bytes per inch), and the second
stores 75 BPI, and the third stores 210 BPI. So, we have:
+---------------------------+
Track 1: (210 BPI density)
+---------------------------+
Track 2: ( 75 BPI density)
+---------------------------+
Track 3: (210 BPI density)
+---------------------------+
THE MAGNETIC STRIP
Now, here's the information stored on each track of the strip in
my example:
Track 1: " ;B 12345675 ^ Schmoe/Joe ^ ; LRC "
Track 2: " ;12345675 01/91 ^ 1234 ^ (discriminate data) ; LRC "
Track 3: " ;12345675 ^ 01/91 ^ 5 (discriminate data) ; LRC "
Here's the decoding of the above information:
Track 1: ";" = Beginning of the data character
"B" = Field-Control Character: I believe this character
tells the ATM what type of account (or status)
the user has.
"12345675" = This is the account number of the cardholder.
"^" = Data-field seperator.
"Schmoe/Joe" = Last/First name of cardholder.
"^" = Data-field seperator.
";" = End of data character.
"LRC" = Longitude Redundancy Check (end of track character).
Track 2: ";" = Beginning of data character
"12345675" = Account number of the cardholder.
"01/91" = Month/Year the card expires.
"^" = Data-field seperator.
"1234" = Process Identification Number (The cardholders 'password',
I think... or it could be a number to verify the
the transaction between the ATM and the Main Computer).
"^" = Data-field seperator
"(dscrmn. data)" = Discriminate Data. Not much is known exactly what is
stored here. Perhaps Bank Identification data or
bank account type (savings, checking?) ?
";" = End of data character.
"LRC" = Longitude Redundancy Check.
Track 3: ";" = Beginning of data character.
"12345675" = Account number of the cardholder.
"^" = Data-field seperator.
"01/91" = Month/Year the card expires.
"^" = Data-field seperator.
"5" = The crypting-digit. When the transaction request
is sent to the main computer, it is encrypted.
This digit tells which encryption-key is used.
"(dscrmn. data)" = A duplicate of the discriminate data stored on
Track 2.
";" = End of data character.
"LRC" = Longitude Redundancy Check.
When the card is being processed the ATM tries to match the
account number, expiration date and name stored on each track.
The reason they duplicate data is for verification purposes. But,
notice that the duplicate data is stored on different tracks, each
having different recording densities. Once the information on the
tracks are confirmed to match, the ATM compares them to the embossed
information on the front-side. If all of the information matches
then the transaction will proceed. If it doesn't match, then the card
is considered to be damaged and the ATM will keep the card. It will
give the cardholder a piece of paper instructing the user to notify
the bank who issued his ATM-card so he can receive a replacement
card in the mail (this process takes about 3 weeks).
Now that you know how the ATM-system is designed and what information
is kept where on the card, what "security defects" does this system
contain ? I will outline 4 methods of attacking this system that
have been tried (not by me!).
1) Vandalization: If you want, you can break-in to the ATM.
However, most ATM's contain 'sensor' devices which sound an
alarm when this is tried. Therefore, if you're going to try
this method I do not suggest using a hammer and chisel on the
ATM because it will take 1/2 an hour to get the machine open
and by that time the police will be there. You could try a
much faster way, dynamite; but that might scatter the money
all-over, making it hard to collect. Also, the bottom-half
is where most of the money is stored (unless you happen to
choose a machine that has issued all of its withdrawl-cash)
so you'll want to break into the bottom-half of the ATM.
In relation to this, you could wait outside the ATM for a
valid-user to complete his withdrawl-transaction and mug him.
As far as I know, the bank holds no responsibilty for placing
the ATM in a 'secure' enviroment. However, usually they will
have lights nearby and placed in 'reasonable' places where
people need money (example: Grocery store) and where the chance
of mugging is slim.
2) Physical Penetration: There are several ways of doing this.
If you have a stolen card, you could randomly try guessing his
account-password. But, I feel this is a primitive method.
If you try too many attempts at guessing the 'password',
the ATM will return the card to you. But, your attempts
*might* be recorded in the central computer; allowing the
bank to decide whether to cancel that card... However,
this has not been verified by me. If you do get a cash-card,
you can make counterfeit-cards.
A) Counterfiet ATM-cards: The same method for producing
counterfiet credit cards applies to ATM-cards. If you
have a valid ATM-card you can 'clone' it simply by embossing
a blank-card with the same information. Copying the mag-
netic strip is also easy. To do this, you place a blank
strip of the magnetic tape on top of the valid magnetic
strip. Then, using an iron on low-heat, gently rub the
iron across the two strips for a few seconds. Lastly,
peel the new strip apart from the valid one and you've
got a copy of all the data from the valid ATM-card.
B) Also, I've heard a case where some guys had a machine
that could read and write to the magnetic strips (probably
they were employees of a company that produces the ATM-cards).
Using this machine, they were able to create and change
existing data on ATM-cards (such as the expiration date
so they could keep using the same card over a long period
of time).
In relation to this there are other devices available that
can read and write to magnetic strips. Using your own
microcomputer, you can buy a device that allows you to
read and write to these magnetic strips. It looks
similar to a disk drive. If you're interested in
exploring this method, I'll suggest that you contact
the following company:
American Magnetics Corporation
740 Watsoncenter Road
Carson, California 90745
USA
213/775-8651
213/834-0685 FAX
910-345-6258 TWX
C) WARNING: During each transaction attempted on an ATM a
photo of the person requesting the transaction is taken.
How long this film is stored is unknown, but it probably
is different for each bank (unless there is a federal
regulation regarding this). Also, it is possible that
this is not done at all ATMs.
3) "Insider" Theft: The above case also crosses over into this
section. The biggest 'security leaks' in any company are
its employees. This is also the easiest way to steal money
from ATMs. The man who collects the deposits from the machine
and inserts cash for withdrawls has the easiest and most
open access to these machines. I was told that this person
can easily steal money from ATMs and not be detected. Another
person with access to these machines is the technician. The
technician who fixes ATMs is the most-knowledgeable person
about ATMs within the bank, therefore he should be a trust-
worthy guy and receive a 'comfortable' salary.. otherwise
he'll begin to collect 'retirement benefits' from the ATM
and this may go undetected.
However, I have heard of some embezzlement-cases involving ATMs,
so I think it's not as easy as it seems. It's only common sense
that a bank would account for every dollar of every transaction.
Whether the accounting is done inside the ATM or the main
computer doesn't make a difference... some form of accounting
is *probably* done.
4) Data-link Intercept: This method has been very successful. What
you do is 'tap' into the wires that connect the ATM to the Main
computer. By doing this you can intercept and send signals to
the ATM. However, some 'inside information' is needed because
the transmission is encrypted (refer to the Cryptography Digit
stored on the magnetic strip). But, I think you don't need to
know *everything* being transferred. You should need to know
when to send the 'approval' signal to the ATM telling it to
dispense its' cash. I read a case (it may be in Phrack World
News; 1985?) where some guys netted $600,000 from various ATMs
using this method. This seems to be one of the better, and
more ingenious methods of stealing from these machines.
The information in this file should be 'adequate' to introduce you
to how ATMs work. How did I get this information? I went into a
bank and inquired about the computer-technology of ATMs. The man
who was responsible for the ATMs was a bureaucrat and actually knew
very little about the 'guts' of ATMs. Luckily the ATM-technician
was there that day and I agreed to buy him dinner later that evening.
(Please refer to: "Insider" Theft and the principle of Company-Loyalty).
During the dinner at "Toppers" (a neat 1950's Burgers/Milkshake/Beer
restaurant) he provided me with Operation and Repair manuals for the
ATMs. I feel this information is well-worth the $3.82 dinner and
will be of some value to its' readers. Some good information was
screened-out due to its 'delicate nature', but the information I've
provided has been confirmed.
+---------+
] CREDITS ]
+---------+
The Mentor (Phrack #8, File #7; "Fun with Automatic Tellers")
Deserted Surfer
Hyudori
Lex Luthor
Please distribute this file in its complete form.
_______________________________________________________________________________