I Bought an ATM off Craigslist for $750 w/1000 CC#s on it. Yup.

Robert Siciliano Identity Theft Expert

After the Vegas DEFCON ATM debacle where hackers hacked hackers by setting up a fake ATM in front of the facilities security office, I needed to see how stupid easy it was to buy and ATM and just set it up anywhere. So my search began.

I started looking on e-bay and found plenty of new and used ATMs ranging from $500-2500 but quickly determined I didn’t want to pay $300 for shipping. Next was Craigslist, where anyone can rent out an apartment, buy a boat, get an erotic massage and buy an ATM.

I quickly found an ad from a bar north of Boston. They were selling pool tables, Budweiser neon signs and an ATM. I took my hacker with me and met Bob. Bob rented a room above the bar and was doing the deed for the owner. The bar was an old relic that was closing and liquidating its grungy assets. The ATM was sitting right next to the bar covered in 5 years of beer. Thank heavens they were smart enough to cover the keypad in clear plastic. While Bob was explaining the ATMs operation and providing us its history, he farted.

Needless to say I wanted to unbolt this thing as quickly as possible, get out of there and douse myself head to toe in pure alcohol hand sanitizer. After my hacker played with the manual, got it working and determined it was worth the financial risk, we loaded it on my trailer, paid $750 (down from a grand) and brought it home and put it in my garage.

There’s something about having an ATM in your garage that makes for a restless night of sleep, kind of like the next day is Christmas.  The next day, like 5 am, I used an entire bottle of Windex and a whole roll of paper towels and went through 4 pairs of rubber gloves and gave this thing an enema.

My hacker comes over to my garage, manual in hand, all giggly, like hackers sometimes do and says “Watch this”. He punches the master codes to access the machines data on a device called an eprom and hundreds of credit and debit card numbers just start falling all over the floor.

A few days later a TV producer friend of mine came over and we devised an evil plan to scam millions of $$ from unsuspecting suckers and then spend the rest of our lives hopping from island to island and buying a villa in Sicily. But my wife said “NO”.

Here’s the first of a few upcoming videos of what happened next. I’ll share more of my ATM adventures as they occur. There’s a lot more to this story, so stay tuned!I’ll talk more about my ATM adventures as they roll out.

You can protect yourself from these types of scams by paying attention to your statements. Refute unauthorized transactions within 60 days. Consider never using a debit card again, since credit cards are safer. When using an ATM, pay close attention to details, and look for anything that seems out of place. If your card gets stuck in the machine or you notice anything odd about the appearance of the machine, such as wires, double sided tape, error messages, a missing security camera, or the machine seems unusually old and run down, don’t use it. Don’t use just any ATM. Instead, look for ATMs in more secure locations. Cover your pin!!

And invest in McAfee Identity Protection includes proactive identity surveillance to monitor subscribers’ credit and personal information and access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano Identity Theft Speaker rolling an ATM around on Fox and on Extra with Mario Lopez.

8 replies
  1. Jason M.
    Jason M. says:

    I have been in the ATM industry since 1993. Started as a help desk tech, then field tech then moved into management. If the ATM you purchased was printing full card numbers then that ATM would have been shut down by the processor years ago. There was a regulation implemented to protect card holders from their PAN (card number) being revealed. The only numbers allowed to print on the reciept or journal are the last 4 digits of the customers card. The ATM keeps no data that can be traced back to the customers account, unless there has been a phishing device installed that is recording numbers and PIN’s. The only way the PIN could be obtained is from a camera as the key pad encrypts the PIN with 3DES encryption and the data is only stored in the key pad. The ATM you purchased would never be allowed to process in the US.

    Reply

Trackbacks & Pingbacks

  1. […] and watch the money roll in. All without anyone ever suspecting foul play. Identity theft expert Robert Siciliano, in conjunction with the local police, demonstrated how easy it actually is using an old ATM bought […]

  2. […] Dummy ATMs: ATMs can easily be purchased through eBay or other outlets, and installed in any heavily trafficked location. The machine, which might be powered by car batteries or plugged into the nearest outlet, is programmed to read and record card data. I found one advertised on Craigslist and picked it up at a nearby bar, for $750 from a guy named Bob. […]

  3. […] theft expert Robert Siciliano did exactly this last year with an ATM he bought off of Craigslist. He eventually walked away with thousands of card numbers […]

  4. […] theft expert Robert Siciliano did exactly this last year with an ATM he bought off of Craigslist. He eventually walked away with thousands of card numbers […]

  5. […] a friend’s 40th birthday party, we wound up discussing my Craigslist ATM, and that led to a conversation about how easily people can be conned. One friend’s new […]

  6. […] two. Seems my little stunt got the attention of industry insiders, and not all of them believe that I bought a used ATM on Craigslist, which turned out to contain thousands of credit card numbers. Well, it did actually happen, and […]

  7. […] a hackle or two. Seems my little stunt got the attention of industry insiders and not all believe I Bought an ATM off Craigslist for $750 w/1000 CC#s on it. Well, it actually happened and despite what many say that there weren’t 16 digit credit and […]

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *