Feeds

ATM hacking spree foiled by tip from ex-con

Rick James look-alike apprehended

The Power of One eBook: Top reasons to choose HP BladeSystem

A North Carolina man's scheme to steal as much as $350,000 during an automatic teller machine hacking spree was thwarted by an ex-convict, who turned the man in to authorities, federal prosecutors allege.

Thor Alexander Morris approached the Texas-based ex-con looking for help identifying the locations of specific models of ATMs that are known to be vulnerable to tampering, the prosecutors said in court documents filed late last month. With that information in tow, Morris allegedly planned to reprogram the machines to overpay him by changing the cash denominations from $20 bills to $1 bills.

It would appear Morris contacted the wrong man. Brian Rhett Martin turned over a CD containing chat transcripts, photos of Morris, and other evidence to FBI agents. He also put Morris in touch with a purported ATM thief named Leo, who in reality was an undercover FBI agent.

Wearing a wig fashioned after 80s pop star Rick James, Morris was arrested inside a South Houston market after unsuccessfully trying to hack the first of 35 targeted machines, prosecutors said.

The targeted ATMs contain a backdoor that gives unfettered administrative access to anyone who enters a simple series of keystrokes. Wired.com, which reported the arrest earlier, said ATMs manufactured by both Tranax and Triton are known to have the backdoor, though both have updated the firmware on newer machines to force owners to change the passcodes when the ATMs are first booted.

Morris allegedly planned to travel to locations throughout the Houston area where and reprogram their cash denominations. He then planned to use prepaid payment cards worth $410, authorities said.

The ATMs would then deliver $8,000 instead of $400. The remaining $10 was left over for banking fees.

To disguise himself, Morris allegedly "donned a long black curly hair wig" that he dubbed his "Rick James wig."

Morris has not yet entered a plea, according to court records. His attorney didn't return a phone call seeking comment. ®

Designing a Defense for Mobile Applications

More from The Register

next story
DARPA-derived secure microkernel goes open source tomorrow
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.