Idealink

Icon

Ideas, Linked; Ideals, Inked.

Hack an ATM, Steal an Election!


Some people have figured out a coded “back-door” into a certain popular type of ATM found in convenience stores. Basically, you hack in using the default security code printed in the manual (though the company advises that you change it upon purchase). Then, with admin access, you change the value of the bills. Change the setting from a $20 bill to a $5 bill, then when you withdraw $100, you actually get $400.

Via Wired: http://blog.wired.com/27BStroke6/#1560245

Clearly, this is a flaw with serious consequences for lots of people. It reflects the fact that most people are lazy and like to have an easily-referenced password. And why not? I already need to remember my computer, email, ATM card, online banking, eBay, voicemail, and, of course, Amazon passwords. Why bother trying to commit another one to memory, or to some poorly-protected document (which, if electronic, may itself have a password).

Unfortunately, stolen money isn’t as bad as it could get. More after the jump.

It is the flaws computing provides because so few people know the inner workings of the machines they use. The real scary part:

Even a paper trail can be spoofed. Diebold likes to say they don’t need a paper “receipt” for votes. Clearly this is false, as people have easily hacked their voting machines already multiple times. Assuming that they relent and finally do have a paper trail, it still doesn’t mean that the software can’t be tricked. The receipt someone gets from this ATM flaw states how much you “got”. It assumes the numbers in the administrator console are correct. So if you ask for $100, you will have “$100” printed on a receipt, and, presumably, on its internal record. Extrapolating from this… Unless the paper ballots are automatically verified, they would not be counted unless there is a reason to contest the count. So, you can essentially lose the right to vote with this type of machine-hacking thing.
So what do we do? Electronic voting machines should have multiple verification procedures, including a human counter. If the total number of votes (including counting “abstains”) does not equal the total number of people who used the machine to vote, fraud has taken place. Also, a bar code reader attached to a very separate computer with its own operating system, and different security measures, and its own counter. And a separate person logging/counting the number of people scanning their ballots (all of them). If all these numbers don’t match, fraud may have taken place.

Anyway… The poor ATM company has already stated they plan to update the system to make it harder to hack. http://www.wired.com/news/technology/0,71832-0.html My thinking is that the hackers, if found, may be prosecuted under the DMCA. I wonder if they can say that the information legally-obtained (Wired was able to, after all). Clearly, the hackers can be prosecuted for fraud.

Advertisements

Filed under: Politics, Tech

One Response

  1. neil says:

    I only want back what the bank stole from my account in ileagel bank charges.if i have to break the law to do this then sobeit.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Archives

Idea(mobile)link

Blog Stats

  • 7,912 hits
Creative Commons License
Idealink by vijtable is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.
Based on a work by various sources, as cited.
%d bloggers like this: