A Bank of Montreal’s ATM cash machine has been hacked by two teens using a simple method that a monkey could pick up. Just how security conscious are our banks?
Two Canadian 14-year-olds, Matthew Hewlett and Caleb Turon, were browsing on the web one day when they stumbled across an old operator’s manual for a Bank of Montreal ATM, complete with passwords.
Not being hardened criminals, but inquisitive teens, the duo decided to print out a copy of the old operator’s manual and take it to an ATM on a Safeway supermarket during their lunch break.
Perhaps this would be considered an ill-advised move by someone of more advanced years, nevertheless, it was an understandable one, considering the teens’ age.
Besides which, you’d think in a era riddled with cyber crime and happy hordes of have a go hackers that we could at least trust our mighty financial institutions to ensure no stone lies unturned when it comes to keeping our cash and personal details safe.
After all, it’s not like banks haven’t go the money to afford that the proper security precautions are put in place to deter even the most skilled criminal from having a pop and chancing their arm.
So what happened. Was the ATM really hacked by the two teens in such a gob-smacking primitive way?
Well, just by following the on-screen instructions and typing in the default administrator password when prompted, the two teens were granted complete access to the ATM.
In other words it was a rock star hack, all because the Bank of Montreal had actively left instructional manuals on the internet on how best to hack into their ATMs and cash in on their brazen stupidity. Doh!
Hewlett told the Winnipeg Sun:
“We thought it would be fun to try it, but we were not expecting it to work.”
But work it did. Fortunately for the bank the two teens were an honest pair and immediately paid a visit to the nearest Bank of Montreal to alert them of their epic fail.
Banks being banks, the staff at the branch took somewhat of a pompous and patronizing attitude towards the two teen hackers and refused to believe their tale.
Hewlett explained: “A member of staff said that wasn’t really possible and we don’t have any proof that we did it so I asked them: ‘Is it all right for us to get proof?’ He said: ‘Yeah, sure, but you’ll never be able to get anything out of it.'”
Rather than really rubbing the somewhat arrogant noses of the bank’s staff in it by returning with two carrier bags stuffed full of cash, the teens took a different approach.
“We both went back to the ATM and I got into the operator mode again. Then I started printing off documentation like how much money is currently in the ATM, how many withdrawals have happened that day, how much it’s made off surcharges. Then I found a way to change the surcharge amount, so I changed the surcharge amount to one cent.”
No doubt enjoying themselves a fair bit by this point, the teens also changed the ATM’s standard greeting from “Welcome to the BMO ATM” to “Go away. This ATM has been hacked.” Which considering the circumstances was quite a civic thing for them to do.
The two teens returned to the bank, and this time it was a different story. The bank manager greeted them personally and was more than willing to discuss the matter in an amicable manner.
The Bank of Montreal said it is currently upgrading the security of its ATMs to prevent unauthorized use, and insists that the contents of the ATM in question are still secure.
Which is just as well, because imagine how many people are trawling the internet for ATM manuals right now?