- A TikTok of a girl getting an abortion is going viral—and the internet is divided Friday 3:06 PM
- FCC proposes $200 million fine for T-Mobile, others over data sharing Friday 3:03 PM
- Which ‘Love is Blind’ couples are still together? Friday 2:01 PM
- Review: ‘The Invisible Man’ reboot is thrilling but basic Friday 1:25 PM
- Sex workers speak out after OnlyFans leak Friday 1:21 PM
- Normani addresses Camila Cabello’s racist social media posts Friday 1:07 PM
- Mike Huckabee’s defense of Trump’s coronavirus response will make you nauseous Friday 12:06 PM
- Gmail’s email filtering may affect what candidate emails you are seeing Friday 11:08 AM
- Woman shares aftermath of domestic abuse: ‘This is only to raise awareness’ Friday 10:40 AM
- Skai Jackson gets restraining order against Bhad Bhabie after death threat Friday 10:19 AM
- Taylor Swift shades Scooter Braun in ‘The Man’ video Friday 10:15 AM
- Porn stars are lining up behind Bernie Sanders Friday 10:10 AM
- YouTube mom says she ‘beat’ her 2-year-old daughter for ruining her makeup kit Friday 10:02 AM
- Ajit Pai’s net neutrality victory lap comes as his own repeal is under review Friday 9:20 AM
- Alissa Violet is in Italy—and fans are worried she’ll get coronavirus Friday 9:19 AM
Teens politely inform bank they can crack all its ATMs
At first, the bank’s manager’s didn’t believe them. So they hacked it again.
The line between felony and favor is getting ever more blurry.
Last Tuesday, Matthew Hewlett and Caleb Turon, both in ninth grade, found an ATM operators’ manual online that showed how to easily take control of the money machines all around their city. They decided to try their luck on a Wednesday lunch hour and headed to Winnipeg’s Grant Avenue to see if they could break into the first ATM they found.
They didn’t expect it to be so easy.
Following the instruction manual’s direction, Hewlett and Turon were asked for one password to gain access to the ATM’s operator mode. They took a long shot at a common six digit password—it wasn’t revealed but we’re going to assume it was ‘123456’—and suddenly found themselves in control of the machine.
When they told the local Bank of Montreal branch manager that their ATM had been hacked, the teenagers weren’t taken seriously.
“I said, ‘No, no, no. We hacked your ATM. We got into the operator mode’,” Hewlett told the Toronto Sun. “He said that wasn’t really possible and we don’t have any proof that we did it.
“I asked them, ‘Is it alright for us to get proof?’
The teenagers went back and printed out documents “like how much money is currently in the machine, how many withdrawals have happened that day, how much it’s made off surcharges. Then I found a way to change the surcharge amount, so I changed the surcharge amount to one cent.”
Hewlett then changed the ATM’s startup greeting to “Go away. This ATM has been hacked.”
That was enough to convince the Bank of Montreal branch manager who promptly contacted the company’s head of security. In return for their help, the bank’s financial services coordinator wrote a letter to the teens’ school explaining why they didn’t come back from their lunch hour on time:
“Please excuse Mr. Caleb Turon and Matthew Hewlett for being late during their lunch hour due to assisting BMO with security.”
The Bank of Montreal insisted on Friday that no customer information was ever at risk.
ATM operators’ manuals are extremely easy to find online—a simple Google search will do the trick—and then potentially use to exploit the money machines in various ways.
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.