MP3 Player Hack Cash Machine

A man in Manchester, England has been convicted of using an MP3 player to hack cash machines. Maxwell Parsons, 41, spent £200,000 of other people's money after using the machine to read card details.
Parsons plugged his MP3 player into the back of free standing cash machines and was able to use it to read data about customers' cards. That data could then be used to 'clone' cards and use them for bogus purchases.
Free-standing machines are typically found in shops and bars, and they allowed Parsons to plug his machine into the back of them in a way that would be impossible in wall mounted dispensers.
The MP3 player recorded customer details as they were transmitted over phone lines to the bank. Tones were read as they were transmitted and used to clone cards.
The case was heard at Minshull Street Crown Court in Manchester. Parsons was sentenced to 32 months in prison for the scam. Though £200,000 was spent on the cards, police said they believed that Parsons himself only earned £14,000 through it.
Police uncovered the scam almost by accident when they stopped Parsons for making an illegal u-turn in a car in London. They found a fake bank card in his possession and searched his home in Manchester, where they found the evidence with which to prosecute.
He denied the charges of fraud at first but eventually admitted to possessing equipment to make a false instrument, deception and unlawful interception of a public telecommunication transmission. He is believed to have had accomplices.

Fraud in India

A big fraud was made in India, in 1992, by a great success broker with over 10 years of experience. Having a broker company at the beginning of the '90's , Harshad Mehta obtained funds from the bank market, which he operated at Bombay Stock Exchange. In 1992 the Indian stock exchange collapsed, the total lost being around 1.3 billion dollars, all being made by Mehta. "The Big Bull", as he was called ended in jail , where he died 10 years later.
Beside the 72 penal accusations, there were another 600 civil processes opened against him, many of them not being solved until his dead.
The manipulation of prices with the role of dominating a market was signaled in Japan in 1996. In this case, Yasuo Hamanaka, chief of copper trading department on Japan market, made in 10 years operations that lead to lost of 2.6 billion dollars. He was sentenced to 8 years in prison.
But there are frauds which cause major loses, but no profit for the one that makes it. One trader from Allied Irish Bank, the biggest Irish bank, managed to lose about 750 million dollars with foreign exchange market. Beside the damage he made to the corporate in USA where he was employed, trader John Rusnak made 850,000 dollars from salary bonuses between 1997 and 2001. Rusnak covered his loses with fake reports to the bank, for which he was sentenced to 8 years in prison.
Another famous case for the big sum involved, but which doesn't implicate fraud is the one of the american John Meriwether, financial director of investment bank Salomon Brothers. Long Term Capital Management, created by him, raised in 2 years to 1.3 billion dollars, but failed because the financial crises in Russia , in 1998. But he went further and now he is ruling his own investment fund, JWM Partners, created in 1999 with 250 million dollars, sum that raised until now to 2.6 billion dollars.

ATMs programmed to Believe $20 Bills Are $5 Bills

A man reprogrammed an automated teller machine at a gas station on Lynnhaven Parkway to spit out four times as much money as it should.
He then made off with an undisclosed amount of cash.
No one noticed until nine days later, when a customer told the clerk at a Crown gas station that the machine was disbursing more money than it should. Police are now investigating the incident as fraud.
Police spokeswoman Rene Ball said the first withdrawal occurred at 6:17 p.m. Aug. 19. Surveillance footage documented a man about 5-foot-8 with a thin build walking into the gas station on the 2400 block of Lynnhaven Parkway and swiping an ATM card.
The man then punched a series of numbers on the machine's keypad, breaking the security code. The ATM was programmed to disburse $20 bills. The man reprogrammed the machine so it recorded each $20 bill as a $5 debit to his account.
The suspect returned to the gas station a short time later and took more money, but authorities did not say how much. Because the account was pre-paid and the card could be purchased at several places, police are not sure who is behind the theft.
What's weird is that it seems that this is easy. The ATM is a Tranax Mini Bank 1500. And you can buy the manuals from the Tranax website. And they're useful for this sort of thing:
I am holding in my hands a legitimately obtained copy of the manual. There are a lot of security sensitive things inside of this manual. As promised, I am not going to reveal them, but there are:
Instructions on how to enter the diagnostic mode Default passwords
Default Combinations For the Safe
Do not ask me for them. If you maintain one of these devices, make sure that you are not using the default password. If you are, change it immediately.
This is from an eWeek article:
"If you get your hand on this manual, you can basically reconfigure the ATM if the default password was not changed. My guess is that most of these mini-bank terminals are sitting around with default passwords untouched," Goldsmith said.
Officials at Tranax did not respond to eWEEK requests for comment. According to a note on the company's Web site, Tranax has shipped 70,000 ATMs, self-service terminals and transactional kiosks around the country. The majority of those shipments are of the flagship Mini-Bank 1500 machine that was rigged in the Virginia Beach heist.
So, as long as you can use an account that's not traceable back to you, and you disguise yourself for the ATM cameras, this is a pretty easy crime.
eWeek claims you can get a copy of the manual simply by Googling for it. (Here's one on Buscape.
And Tranax is promising a fix that will force operators to change the default passwords. But honestly, what's the liklihood that someone who can't be bothered to change the default password will take the time to install a software patch?