Automatic Teller Fraud is not a particularly easy scam to pull off, as it requires either advanced hacking techniques (TRW

or banks) or serious balls (trashing a private residence or outright breaking & entering), but it can net a thief up to $500 a day. Laws that will be broken: Credit Fraud, Wire Fraud, Bank Fraud, Mail Fraud, Theft Over $200, Forgery, and possibly a few others in the course of setting the scheme up. The first step is to target the victim. The type of person a thief is looking for is rich. Very rich. Now, don't go trying to hit on J.P. Getty or Johnny Carson or someone who carries a high name recognition. This will just get you into trouble as everyone notices a famous person's name floating across their desk. Instead look for someone who owns a chain of hog feed stores or something discreet like that. We targeted a gentleman who is quite active in the silver market, owning several mines in South Africa and not wanting this to be widely known (he had no desire to be picketed.) Next step, take out a p.o. box in this person's name. Now comes the fun part, requiring some recon on your part. You need to know some fairly serious details about this person's bank dealings. 1) Find out what bank he deals with mainly. This isn't too difficult as a quick run through his office trash will usually let you find deposit carbons, withdrawal receipts, or *anything* that has the bank name on it. 2) Find out the account number(s) that he has at the bank. This can usually be found on the above-mentioned receipts. If not, you can get them in TRW (easier said than done) or you can con them out of a hassled bank teller over the phone (Use your imagination. Talk slowly and understandingly and give plausible excuses ["I work for his car dealership, we need to do a transfer into his account"].) 2a) [optional] If you can, find out if he has an ATM (Automatic Teller) card. You don't need to know numbers or anything, just if a card exists. This can also be ascertained over the phone if you cajole properly. 3) Armed with this information, go into action. a) Obtain some nice (ivory quality) stationary. It doesn't have to be engraved or anything, but a $5 or $10 investment to put a letterhead with his initials or something on it couldn't hurt. But the most important thing is that it look good. b) Type a nice letter to the bank notifying them of your address change. Some banks have forms you have to fill out for that sort of thing, so you need to check with the bank first (anonymously, of course). You will have to have a good copy of his signature on hand to sign all forms and letters (again, trash his office).

c) Call the bank to verify the new address. d) IMMEDIATELY upon verifying the change of address, send a second letter. If he already has an ATM card, request a second card with the business name engraved in it be sent for company use. If he doesn't have an ATM card, the letter should request one for account number xxxxxx. Ask for two cards, one with the wife's name, to add authenticity. e) Go to the bank and ask for a list of all ATM's on the bank's network. Often the state has laws requiring *all* machines take *all* cards, so you'll probably be in good shape. f) Await the arrival of your new card. The PIN (personal identification number) is included when they send out a card. After picking up the card, forget that you ever even *knew* where the p.o. box was, and make sure you didn't leave fingerprints. g) Begin making the maximum daily withdrawal on the card (in most cases $500/day), using a different machine each time. Since many of these machines have cameras on them, wear a hat & jacket, or a ski mask to be really paranoid. To cut the number of trips you have to make in half, be at an ATM a few minutes before midnight. Make one $500 withdrawal right before midnight, and another one right after. This cuts down on the number of trips, but police or bank officials may spot the pattern and start watching machines around midnight. Use your own judgement. Conclusion: Before using the card, make sure that all fingerprints are wiped from it. Usually the first hint you will have that they have caught on to your scam is that the machine will keep the card. Also, avoid using machines in your own town unless it is a big city (Chicago, Milwaukee, Dallas, etc.).

NOTE: There has been a few files written about how to 'RIP OFF' ATM's of some sort but this file will not contain technical shit on the card tracks or a xxxyyyooo17ss type of format. This text will tell you how to rip off ATM's with out all of that technical stuff that you can't really use because most of the stuff are too hard. So I give you methods on how you can defeat ATM's with things you may or may not need to pay a-lot for! This file is real unlike a file I came accross that a user uploaded on Blitzkreig called KRAD#1 which I feel was written by 10year olds. That file is totally SHIT! Now there was a-lot of Valid writers on the subject of ATM's but I feel they were on the subject of PINs & PANs which is very hard to do right. NOTE II: ATM theift is a Federal Crime and the Government doesn't like there funds fucked with. The author does not, DOES NOT bare responsiblity for the misuse of the information, if you are able to commit any of the crimes listed then your able to be responsible for your own damn actions! Dont tell'em I made you do it!

I. CON JOBS

New York City (My Home!) is the leader in ATM con jobs. Altogether, about 2,000 Citibank users were victimized by ATm con artist in one years time for a tune of $495,000!!So I'm going to spread some light on what and how these cons are pulled off. Method 1: THE "DEFECTIVE ATM" CON A con method popular with Citibank ATMs netted one con artist $92,000- with the unwitting assitance of his 374 victims. The scheme works in lobbies with more than one ATM, and a service phone. The well dressed and articulate con man poses as a legit user and stands between two ATMs, pretending to be talking to the bank service personnel over the service phone. After a user inserts his card into the ATMs card reader slot he tells his that the machine is not working. The user withdraws his card leaving the ATM activated. THe con man then observes theuser enterring his PIN into the adjecent ATM. Then, still holding the phone, the con man enters the users PIN into the first ATM. In make-believe conversation with the bank, the con man acts like he is receiving instructions from the bank. To complete the theft he talks the user (major social engineering!) into entering his card into the first ATM again to "test" or "clear" the ATM. He claims that bank personnel think that the user's card "locked up" or "jammed" the ATM and or that ATM may have made the users card defective, and the insertion of it is required to "unlock" or "unjam" the ATM and/or to verify that the user's card is still vaild. After the users leaves, the con manenters into the keypad and withdraws the maximum daily amount from the users account. This only works on Citibank ATMs cause they don't take the users card, but once the card is slipped in the ATM is activated. Method 2. PHONE PIN-EXTRACTION SCAMS Another popular con is for the con man to call up an ATM user whose card he's found or stolen. He identifies himself as a police officer, and obtains the PIN from the user by stating that it is required by law to verify the card owner. This works really well if you can bullshit them good like act like you have to do something and tell them to call you right back (on a loop!) and have a friend answer as the police station! Method 3. THE BANK DICK CON A subject was recently was recently convicted in N.Y. and Boston of defrauding ATM accounts of $150,000. He dubed over 300 ATM users into believing he was a bank security officer who needed assistance in the apprehending of a dishonest bank employee. The users were convinced to leave their bank cards under the locked door of the bank. The con man would then "fish" the cards out. The next morning the con man would have someone make a phone call to the card holder saying that they have caught the employee and dective "hacker" would like to thank you to. But since the employee did come is contact with there card the bank is going to give them a new PIN # after the get the old one! Then the con man's helper would say come pick up your new card and we will tell you your new PIN #.

II. Physical Methods

Some folks just dont like to outsmart a system or person. They prefer the more physical approach by either breaking or removing the ATM. The hazards are obvious-several built-in silent alarms,heavy stainless steel safe like construction, the amount of commotion and noise that results from their efforts, hard to dispose of evidence, etc. Those who have the most success with physical methods, plan and execute their operation as if it were commando mission. The methods described below can also be used on night depositories, payphones, dollar changers, candy machines, parking meters,etc. Physical attacks must be completed within 10 minutes as ATMs abound with vibration, heat and proximity detectors, and most are silent. To defeat any internal alarm mechanism,refer to the phone tapping approach (described in detail later) that hooks-up both the ATM and main computer to a programmed micro. So while Hood one is ripping-off or -up the ATM, the micro is whispering sweet nothings to the main computer. NOTE that not all ATM alarms transmit thru the ATM como lines, particulary with thru-the-wall ATMs. To minimize the noise and commotion, heavy blankets(used by movers) can be drapped over the ATM. Method 1. SUPER COLD GASES Liquid nitrogen can be used. It is simply poured onto or into the offending part of the ATM and when it hits 100 degrees or so, a sledge or a ballpeen hammer is smartyl slammedin to. THe metal SHOULD shatter like glass. Then one just simply reaches in and examines the untold riches stored inside. Super-cooled gases can also wreck havoc on electronics, cameras and films, and bullet-proof glass, and can be purchased from suppliers of medical and chemical supplies. Method 2. WATER & ICE We have also herd that pouring warm water into an isolated ATM on a very cold night is effective. When water freezes, it expands with a terrific force, and will shatter or tear apart anything made by man. The water is poured or pumped in thru the card slot or cash dispenser. It is heavily mixed with wood shavings or fiberglass to stop-up any drainage hole in the ATM. Leaks can also be plugged up with window putty or bubble gum. Method 3. MORE FREEZE METHODS ATMs use ACE locks (the ones found on most vending machines, the circle type lock) Freon works on these locks. Somw outlaws empty a can of freon into an ATM lock, pound a screwdriver into the key way, and wrench the lock out. And motor-driven ACE lock pick will vibrate pins into the right positions withine a few minutes. The ACE lock picks can be aquired from STEVE ARNOLDS GUN ROOM call (503)726-6360 for a free catalog they have a-lot of cool stuff! Method 4. ACETYLENE & DRILLS ATMs are notorisly vulnerable to attacks using acetylene torches. With most ATMs no more than 5 minutes are required for the entire job! And most ATMs can be drilled out in under 15

minutes, using carbide bits and high rpm drills (check on my SAFECRACKING text to see more about drilling.). Method 5. SHAPED CHARGES Placing shaped charges on each support and detonating them all at the same time liberates the ATM. You can firgue this out by yourself.You can also check most BBS's to find out how to make explosives but I wouldn't recommed it, since most of the expolsive files I've seen are inaccurate and leaves out MAJOR measurements and cautions! Your best best is to use black powder that you can get form almost all gun stores. Method 6. BLOCKING THE DISPENSER Some ATMs use money drawers. The ATM outlaw screws or epoxies the drawer solidly shut, at the onset of a busy three-day holiday. At the end of each night he returns and he removes the money by unscrewing or with a hammer & chisel, shatter the epoxy bond.

III. ELECTRONIC & COMPUTER SCAMS

Scarcely a week goes by that I don't hear about one scheme or another successfully used by phreaks & hackers to penetrate large systems to access data banks and to perform various manipulations. Although we have only been able to verify one or two of the methods that we will discribe, numerous cases have arisen in recent years in which an ATM was defrauded with no evidence of a hardware or software bug to account for the robbery. The outlaw can use several approaches. One is to use wiretapping. Another is to obtain the secrets of the cipher, or hardware or software defeats to the system and proceed accordingly. Another one that works with banks is to set up phony debit accounts and program the computer to beleive that the debit accounts are full of money. Then when a three day weekend comes around proceed with friend to deplete all of these debit accounts by making various rounds to ATMs. Electronic frauds of ATMs require an excellent technical understanding of phone and-or computers all of which you can obtain from worthy underground news letters such as TAP, and 2600, etc. OR from a H/P BBS. "Tapping" or "wiretapping" consists of the unauthorized electronic monitering of a signal (voice or digital) transmitted over a phone or computer (commo) circuit. A "tap" is the monitoring device that does this. Athough a tap is usually placed somewhere on a phoneline or junction box, it may be placed inside of a phone, modem or computer. With the advent of isolated stand-alone ATMs (with vulnerable phone lines, including POS terminals) and computer technology. The phone circuits that connect ATMs to their host computer (located in the banks data processing center) can be tapped anywhere between the two.

An "invasive tap" is one in which a hard electronic connection is made between the tap and the commo circuit. A "non-invasive" tap is one in which an induction loop or antenna is used to pick up the EMI generated by the signal, and there is no physical connection between the commo circuit and the line. A "passive tap" is one in which the tap simply tramits to a recorder or directly records the tapped signal and in no way interfers with it. An "active tap" is one in which the tap ALSO interferes (changes,adds to or deletes) the tapped signal in some way. Active taps are more sophisted. A typical ATM active tap is one that records a signal, the later plays it back over the line. Be sure to look for my text "HIGH TECH TOYS" it lists were to get things that are VERY hard to get or things that you may need a license to obtain without those hassles all you need will be money! Method 1. PASSIVE TAPS All tapped ATM transactions are recorded over a period of time (but not interfered with). Once the serial protocal and MA codes are understood, the transmitted data is decrypted (if encrypted) using known entry data to the ATM. Note that some systems use a MA code that is complex and very difficult to crack. Messages to and from the ATMs host computers are composed of various fields. One field identifies the transaction type, one the PIN, one the PAN, one the amount, one the approval code, one the transaction number and perhaps other fields. In most systems, either nothing is encrypted or only the PIN field. In others, the entire message is encrypted. The ATM/host circuit is monitored over a period of time to deterive PINs,PANs and other entry data of other ATM users based upon (decrypted) transmitted data. Phony debit cards are then made to defraud ATM accounts with known PINs and PANs. Method 2. ACTIVE TAPS Active tapping is one method of spoofing. The c4ritical part of the host computer's message are the approval and amounts fields. The critical parts of the ATMs transmission are the continuous transmission it makes to the host computer when NO one is using it to indicate that it is OK, and the PIN and amount fields. Booth good and bad cards and good and bad PINs are entered at various times and days to differentiate between the various massage components. Various quiescent periods is also recorded. Once the message structures are understood, a computer is then substituted to act as both the host computer and the ATM. That is, a computer is then connected between the ATM and the host computer. This computer acts like the host computer to the ATM, and like the ATM to the host computer.

An accomplice uses the ATM to go thru the motions of making legitimate transactions. If his procedures are correct, the ATM communicates, with the host computer for permission to discharge the money. Several methods: (A) The phreaker changes the approval field in the hosts message to OK the transaction regardless of its real decision. The phreaker may interdict the message regardless of iits real decision. The phreaker may interdict the message from the ATM to tell the host that the ATM is inactive while it interdicts the host message to tell the ATM to disburse the cash. Since the ATM is no longer connected to the host computer, and the host computer believes that it is talking to an unused ATM (or one engaged in balance inquiry transaction), no monies will be deducted from any debit account, no denials will be made based upon daily maximum limits, and no alarm will be sounded due to suspicious behavior. Even if the ATM sounds an alarm, the host computer wont hear it as long as the phreaker is whispering sweet nothings into its ear. Also by using this method, as long as the PIN & PAN check digits are legitimate ones based upon the ATMs preliminary and cursory checks, the PINs and PANs themselves can be phony because the host won't be there to verify legitimacies! That is no legal PINs and PANs need be known nor the algorithm for encrypting PINs. (B) The ATMs message is replaced by a previously recorded legitimate transaction message played back by the phreaker. The cash is despense as before. The play back method won't work if the encryption or MA process embed a transaction, clock or random code into the message, making all messages unique. (C) The phreaker/hacker changes the PIN field in the ATMs message to a legitimate PIN of a fatcat like DONALD TRUMPs account. The phreaker/hacker then withdraws someone else's money. (D) The phreaker/hacker changes the amount field in the ATMs message to a much lower one, and then changes the amount field in the host's message back to the higher amount (debit transactions- the opposite changes are made for credit transactions). Sooo the phreaker can withdraw $200 from his account with only $10 actually debited from it by the host. He can then make many withdrawals before the host cuts him off for exceeding the daily max. Method 3. TEMPEST IV A thin induction pick-up coil, consisting of many turns of one thickness of #28 or thinner enamel wire sandwiched between two self-adhesive labels, no larger than a debit card, can be inserted at least part way inside the card slot of most ATMs. This coil is then used to "listen in" on the electrical activity inside of the ATM to try to determine which signals control the release of money. Using this same coil as a transmitter anteenna, these signals are then transmitted ti the realse logic to activate it. It is believed that a thin coil about the size of a dime can be maneuvered quite a ways inside most ATMs for sensing purpose, and that small metal hooks have also been fed into ATMs to obtain direct hookups to logic and power circuits.

It is believe that some outlaws have obtained ATM cards. They then machined out the inside of the cards, except the magnetic strip. They then place flat coils inside the machined out area. They then monitor the coils during legitimate transactions. They can also use the coils to transmit desired signals. This is kind of the method used in TERMINATOR 2. IV. BOGUS CARD, GETTING PINs Almost all credit cards now come with either a hologram or an embedded chip ("Smart Card"), and are thus nearly impossible to counterfeit to date. However, since most debit cards are not optically read by ATMs, they are much easier to counterfeit. To counterfeit a card the following is needed: (1) A card embosser, which can be readily obtained from commercial sources (see "Embossing Equipment and Supplies" or similar in the Yellow Pages) without question asked. A used, serviceable embosser ran use $210 + shipping & handling. (2) A magnetic stripe decoder/encoder (skimmer), which can be purchased from the same company as the embossing equipment or just look in the back of Computer Magazines. (3) PIN checkers are not known to be available to the general public. However, if one were stolen, the user could guess at card PINs by trial-and-error effort based upon the knowledge of how PINs are derived. (4) PANs,PINs and ciphers, which can be obtained from a number of ways usually involving theft. About 50% of ATM users write their PINs either on their debit card or somewhere in there wallet or purse. And most user-chosen PINs are easily guessed. The encrypted PINs can be directly lifted or read from the magnetic stripe, and the encryption scheme determined by comparing the encryption with the known PIN # of a dozen or so cards.

V. NOTE
Now this text covers the file that I have put together on ATMs but I know that there is more on the subject that I have left out either because I dont want to put it or because my staff: The HighTech Hoods did get or know the info. now I am open to suggestions for ATM 2 but I dont want any ideas I want proof. !! Then I'll publish it and give credit where credit is due.

CORRUPT COMPUTING 0203 76831 TYPE OF FRAUD ABUSE WITH CASH DISPENSERS DATE 1986 REFERENCES DTEL29586

DTEL04886 COMP05686 VICTIM HIGH STREET BANK PERPETRATOR BANK CUSTOMER SCHEME The culprit had devised a method of obtaining money from a high street bank`s cash dispensers located in the Liverpool area. He divulged how it was done to police and the bank. The bank initially regarded him with some sceptiscm. The bank admitted later that a design fault had been to blame for allowing the thefts. A modification was being incorporated in the machine to prevent it. A number of thefts of this kind have been perpetrated in the Mersyside area with several people being caught. AMOUNT Probably hundreds of pounds HOW DISCOVERED The culprit confessed to his solicitors and to the police PENALTY The culprit admitted stealing a specimen charge of stealing #20 from the bank and was sentenced to six months jail suspended for two years. COMMENT A number of fraud cases involving cash dispensers have come to light from various parts of the world. In the US and Australia, thieves have been known to adopt a brute force approach to drag free standing cash dispensers out of supermarkets with a heavy vehicle and to escape with the machine. In New Zealand a 14 year old boy used a

cardboard lollipop packet to make a huge but fictitious deposit of #340,000 in the countrys biggest building society`s cash dispenser in Auckland. During the next three weeks he withdrew #700 before he got nervous and told his teachers. In the UK a report published by the National Consumer Council has highlighted a number of incidents in which bank customers have lost money either through using their cash dispensers either because or bank error or because of unexplained "phantom" withdrawals. Some of the cases arose through mechanical problems with the computer terminal where the customer received less money than was asked for, although the full total appearted on the till ^ receipt and the subsequent statement. The banks believe that in some cases phantom transactions were made through another person, probably a relative or a close friend, with knowledge of the customer`s PIN, who "borrowed" the card without the customer`s knowledge. Some phantom transactions were made innocently, For example through human error, a bank issued the same card number for more than one customter. There has also been one case where a customers mail has been intercepted and his card and PIN stolen. ????????????????????????????????????????????????????????????????????????? ???????????????> ReMeMbEr WhErE YoU sAw ThIs pHile fIrSt <??????????????? ???????????> ArReStEd DeVeLoPmEnT +31.77.547477 H/p/A/v/AV/? <??????????? ?????????????????????????????????????????????????????????????????????????

+-------------------------------+ ||

| A. T. M. Fraud Made Easy | || | summary and research by | | Count Zero | || | (A CHiNA Info-Net Prod) | || +-------------------------------+ Have you ever looked longingly upon the sight of your local PULSE machine and thought, "There must be some way that I can make some money REAL easy here."? Well, there is. But it won't be easy. Protection methods can be overcome, but the technology involved must be understood IN ITS ENTIRETY before an [PAUSE] attempt at illegal access is to be made. There are hundreds of people, guests of the state, that figured their plans infallible, only to fall victim to a well-hidden camera. This article will not be a lesson on HOW to break into the machine, it is merely a summary of the operations involved with a normal ATM transaction. This information is being presented on a "for information's sake"-only basis. I, Count Zero, do not promote nor remotely condone any illegal acts of any sort. So there.

I. MAGNETIC STRIP FORMAT This would seem to be the most efficient method of trying to access illegal sums of cash. You could: a. steal somebody's card and PIN code b. synthesize a card c. attempt to "jackpot" the system We will only look at option B. As "A" is up to your own devices and "C" has several good text files written about it already. So "B" it is. [PAUSE] Let's look at the format of the data written to the magnetic strips. This has been taken from a recent HARTWELL, INC manual. [ XX XX XX XX XX XX XX XX ] [ YYYY ] [ - 20 CHARS - ] [ ZZ ZZ ZZ ] [ CC CC ]

\-----------------------/ \------/ \--------------/ \----------/ \-------/ Your individual acct. PIN Name of card Bank route CHKSUM number/serial code Code issuee code/rem. access # For validation, each entry is written twice but not written here for ease of typing. But it is repeated in the form of: "ACCT NUM" "ACCT NUM" "PIN CODE" "PIN CODE" etc... These codes may be examined by building a simple code-reader as many have done which can be easily interfaced to your IBM-PC. Full plans to be put into a future CHiNA newsletter. If you were to attempt to write a magnetic strip or change a currently existing one, you would need to be using a head-write circuit based on the popular Motorola BCX119221-A...C series of head control chips. NOTE: Make sure to change the last 2 values! They constitute the checksum of the entry. Merely add all existing characters written (only the first entry, not both [PAUSE] of them) using the following chart: CHARACTER VALUE -------------------------------0..9 0..9 A..Z 10..36 EOL 37 EOT 38 CLR 39 HMX 40 PTT 41 RIA-1 42 RIA-2 43 I doubt anyone in the communications biz needs an explanation of these terms so I'll move on. II. ATM HARDWARE Usually consists of: ------------------------------------

|| [PAUSE] \-----\ | B | |A||| \-----\ -----------------------------------|| | ----------- /---/ E | | / / / / ---- | |/C//D/F| | / / / / ---- | | ------------ /---/ | || -----------------------------------A. Camera Mount B. Hidden Voice-Activated recorder & printout link C. Display Monitor D. Options buttons E. Card Slot F. Receipt Slot Your machine may vary slightly. But the concept will almost always hold true. Simple rules for each. A. Wear a paper bag or mask. See also Part II A [PAUSE] B. Do NOT speak. This is the most crucial part! See also Part II A C. Nothing D. Wear gloves E. See Part I F. TAKE YOUR RECEIPT AND BURN IT!! One of the neat flaws in many machines made prior to 1989 involved the use of the "CANCEL" button. This button was made to be pressed when the user decided, at any time during the transaction, that he didn't wish to continue. The display would jump immediately to: "TRANSACTION CANCELLED - CHOOSE ANOTHER?" This was all well and good, but the machines did not disable this feature between the time your cash was dispensed and you were prompted for your next activity. In effect, you could push the "CANCEL" button after your money has been withdrawn and it would not be added to your account record!

THIS STILL WORKS IN MANY PLACES! OVER 85% OF ALL MACHINES MADE BEFORE MAR. 1989 STILL HAVE NOT BEEN UPGRADED. Although most machines of that period would only work if you were withdrawing amounts larger than $20 (usually $25 is the next possible choice!) [PAUSE] This is ideal if you are using another's card! II A. CAMERA/SOUND HARDWARE You can go other routes when dealing with camera systems. You do not have to wear a bag on your head (unless the cosmetic improvement is quite large) Thin alloy metal such as common aluminum/tin foil, which are full of impurities, react in a bizarre way when photographed through the special lenses that are commonly used. The effect is to "blur" or "bleed" the image, rendering it indestinguishable from an accident in your local Sherwin-Williams store. Most people prefer to make a "headband" of this metal, lined with copper wire in a sine wave pattern when accosting a machine. You should seriously consider this possibility! For further reading on this subject, consult: BANKER'S WORLD - Apr 1989 "Where Have All the Dollars Gone?" pp 24-29 P. I. - Apr 1989 "The Last Straw" pp 37-41 (p 38 in particular has a nice [PAUSE] diagram. Fig 1) Sounds, these articles also suggest an indirect method of dealing with the voice-activated recording device. Oddly, a pure square wave tone (roughly around 3100 hz) will cause a major screwup in the sound-sensing abilities of the recorder. It usually will have to be replaced. Suggested volume, given at 6" range is 8.5+ db. Obviously, anything louder will do. An interesting side-note is that this has become a past-time of suburban teenagers! Well, hope this gets you started! More will be coming in the next exciting file!

---------------------------> OVER AND OUT! -----------> COUNT ZERO HAHAHAHA NAPPA IS A BUNCH OF FLY-BY-NIGHT LOSERS, EH CONFLICT?! Call us on: HYPERCARD BBS (406) 538-2101 1200/2400 BAUD (CHiNA Node #3) SYSOP: GEORGE VON JUNGLE [PAUSE] FAWLTY TOWERS (202) 781-6420 2400 BAUD ONLY (CHiNA Node #9) SYSOP: BASIL FAWLTY A big hello to: Rubix the Cube, The Conflict, Monalisa Overdrive /e +- Shamelessly Leeched from The Mudd Club -+ Press a key... CHiNA Discussion [5]: 2 of 2 [Message Bases [5-2/ Which G-file (Q=Quit) ?

+-------------------------------+ || | A. T. M. Fraud Made Easy | || | summary and research by | | Count Zero | || | (A CHiNA Info-Net Prod) | || +-------------------------------+

Have you ever looked longingly upon the sight of your local PULSE machine and thought, "There must be some way that I can make some money REAL easy here."? Well, there is. But it won't be easy. Protection methods can be overcome, but the technology involved must be understood IN ITS ENTIRETY before an [PAUSE] attempt at illegal access is to be made. There are hundreds of pe ople, guests of the state, that figured their plans infallible, only to fall victim to a well-hidden camera. This article will not be a lesson on HOW to break into the machine, it is merely a summary of the operations involved with a normal ATM transaction. This information is being presented on a "for information's sake"-only basis. I, Count Zero, do not promote nor remotely condone any illegal acts of any sort. So there.

I. MAGNETIC STRIP FORMAT This would seem to be the most efficient method of trying to access illegal sums of cash. You could: a. steal somebody's card and PIN code b. synthesize a card c. attempt to "jackpot" the system We will only look at option B. As "A" is up to your own devices and "C" has several good text files written about it already. So "B" it is. [PAUSE] Let's look at the format of the data written to the magnetic strip s. This has been taken from a recent HARTWELL, INC manual. [ XX XX XX XX XX XX XX XX ] [ YYYY ] [ - 20 CHARS - ] [ ZZ ZZ ZZ ] [ CC CC ] \-----------------------/ \------/ \--------------/ \----------/ \-------/ Your individual acct. PIN Name of card Bank route CHKSUM number/serial code Code issuee code/rem. -gwy 03133-ITT: call reset (c 0,d 85): dte originated ,Q) : NIZATIONPRESENTS XXXXXXXXXXXXXXXXXXXXXXXX XX XXXX XXXX XXXX XX

XXX XX XXXXXX XX XXX XXXX XXXXXXXX XXXX XXX XX XXXXXX XX XXX XX XXXX XXXX XXXX XX XXXXXXXXXXXXXXXXXXXXXXXX "HOW TO LOGIN TO A C.B.I. SYSTEM" WRITTEN BY: L.E. PIRATE THANKS TO: ZANGIN The following is the login procedure to login to a C.B.I. system, a few C.B.I. login port numbers, information on the system, and obtain C.B.I. accounts. *** HOW TO GET CBI INFORMATION *** Ok, you can get CBI accounts and CBI printouts at your local mall. The best places to check are: Insurance Places, Lawyers, Doctors, and Car Dealerships, and check some places in the mall that might have to check a person's credit. Trash in their dumpster looking for printouts. Most places buffer capture their whole call to CBI including the number, everything on buffer, it's better than christmas. Ok, so look obtain these CBI printouts and cruise home to the old computer. *** WHAT YOU NEED *** The next step should be, obtain a drivers license or some other form

+-------------------------------+ || | A. T. M. Fraud Made Easy | || | summary and research by | | Count Zero | || | (A CHiNA Info-Net Prod) | || +-------------------------------+ Have you ever looked longingly upon the sight of your local PULSE machine and thought, "There must be some way that I can make some money REAL easy here."?

Well, there is. But it won't be easy. Protection methods can be overcome, but the technology involved must be understood IN ITS ENTIRETY before an attempt at illegal access is to be made. There are hundreds of people, guests of the state, that figured their plans infallible, only to fall victim to a well-hidden camera. This article will not be a lesson on HOW to break into the machine, it is merely a summary of the operations involved with a normal ATM transaction. This information is being presented on a "for information's sake"-only basis. I, Count Zero, do not promote nor remotely condone any illegal acts of any sort. So there.

I. MAGNETIC STRIP FORMAT This would seem to be the most efficient method of trying to access illegal sums of cash. You could: a. steal somebody's card and PIN code b. synthesize a card c. attempt to "jackpot" the system We will only look at option B. As "A" is up to your own devices and "C" has several good text files written about it already. So "B" it is. Let's look at the format of the data written to the magnetic strips. This has been taken from a recent HARTWELL, INC manual. [ XX XX XX XX XX XX XX XX ] [ YYYY ] [ - 20 CHARS - ] [ ZZ ZZ ZZ ] [ CC CC ] \-----------------------/ \------/ \--------------/ \----------/ \-------/ Your individual acct. PIN Name of card Bank route CHKSUM number/serial code Code issuee code/rem. access # For validation, each entry is written twice but not written here for ease of typing. But it is repeated in the form of: "ACCT NUM" "ACCT NUM" "PIN CODE" "PIN CODE" etc... These codes may be examined by building a simple code-reader as many have done which can be easily interfaced to your IBM-PC. Full plans to be put into a future CHiNA newsletter.

If you were to attempt to write a magnetic strip or change a currently existing one, you would need to be using a head-write circuit based on the popular Motorola BCX119221-A...C series of head control chips. NOTE: Make sure to change the last 2 values! They constitute the checksum of the entry. Merely add all existing characters written (only the first entry, not both of them) using the following chart: CHARACTER VALUE -------------------------------0..9 0..9 A..Z 10..36 EOL 37 EOT 38 CLR 39 HMX 40 PTT 41 RIA-1 42 RIA-2 43 I doubt anyone in the communications biz needs an explanation of these terms so I'll move on. II. ATM HARDWARE Usually consists of: -----------------------------------|| \-----\ | B | |A||| \-----\ -----------------------------------|| | ----------- /---/ E | | / / / / ---- | |/C//D/F| | / / / / ---- | | ------------ /---/ | || ------------------------------------

A. Camera Mount B. Hidden Voice-Activated recorder & printout link C. Display Monitor D. Options buttons E. Card Slot F. Receipt Slot Your machine may vary slightly. But the concept will almost always hold true. Simple rules for each. A. Wear a paper bag or mask. See also Part II A B. Do NOT speak. This is the most crucial part! See also Part II A C. Nothing D. Wear gloves E. See Part I F. TAKE YOUR RECEIPT AND BURN IT!! One of the neat flaws in many machines made prior to 1989 involved the use of the "CANCEL" button. This button was made to be pressed when the user decided, at any time during the transaction, that he didn't wish to continue. The display would jump immediately to: "TRANSACTION CANCELLED - CHOOSE ANOTHER?" This was all well and good, but the machines did not disable this feature between the time your cash was dispensed and you were prompted for your next activity. In effect, you could push the "CANCEL" button after your money has been withdrawn and it would not be added to your account record! THIS STILL WORKS IN MANY PLACES! OVER 85% OF ALL MACHINES MADE BEFORE MAR. 1989 STILL HAVE NOT BEEN UPGRADED. Although most machines of that period would only work if you were withdrawing amounts larger than $20 (usually $25 is the next possible choice!) This is ideal if you are using another's card! II A. CAMERA/SOUND HARDWARE You can go other routes when dealing with camera systems. You do not have to wear a bag on your head (unless the cosmetic improvement is quite large) Thin alloy metal such as common aluminum/tin foil, which are full of impurities,

react in a bizarre way when photographed through the special lenses that are commonly used. The effect is to "blur" or "bleed" the image, rendering it indestinguishable from an accident in your local Sherwin-Williams store. Most people prefer to make a "headband" of this metal, lined with copper wire in a sine wave pattern when accosting a machine. You should seriously consider this possibility! For further reading on this subject, consult: BANKER'S WORLD - Apr 1989 "Where Have All the Dollars Gone?" pp 24-29 P. I. - Apr 1989 "The Last Straw" pp 37-41 (p 38 in particular has a nice diagram. Fig 1) Sounds, these articles also suggest an indirect method of dealing with the voice-activated recording device. Oddly, a pure square wave tone (roughly around 3100 hz) will cause a major screwup in the sound-sensing abilities of the recorder. It usually will have to be replaced. Suggested volume, given at 6" range is 8.5+ db. Obviously, anything louder will do. An interesting side-note is that this has become a past-time of suburban teenagers! Well, hope this gets you started! More will be coming in the next exciting file! ---------------------------> OVER AND OUT! -----------> COUNT ZERO HAHAHAHA NAPPA IS A BUNCH OF FLY-BY-NIGHT LOSERS, EH CONFLICT?! Call us on: HYPERCARD BBS (406) 538-2101 1200/2400 BAUD (CHiNA Node #3) SYSOP: GEORGE VON JUNGLE FAWLTY TOWERS (202) 781-6420 2400 BAUD ONLY (CHiNA Node #9) SYSOP: BASIL FAWLTY

A big hello to: Rubix the Cube, The Conflict, Monalisa Overdrive ---------------------------------------------------------------------------R.O.L.M. Sorcerer XII PBX Remote System Control CHiNA By... The Conflict INTRO : I know right off you people are thinking, "How in the Hell do I know if I am calling a R.O.L.M. Sorcerer XII PBX?". Well, that will be covered here, along with all system commands available on that PBX.**Of course, this file is meant for educational purposes only. We at CHiNA hereby waive any legal reprimand due to misuse of the information contained in this file (so there!).** HOW : A R.O.L.M. Sorcerer XII PBX has a unique answer; thus, it IT is quite distinguishable from most other PBX's. I will list SOUNDS some PBX's with similar answer devices at the end of this section. The Sorcerer XII's answer consists of: A.) No ring, B.) A short diverting tone of 2600 Hz, and C.) A standard, no interrupt AT&T 4.2c dial tone. Unfortunately, there are four known PBX's that have a similar answer device, but not exact. These four are as follows: A.) R.O.L.M. Sorcerer III, B.) SouthWestern Bell WizSys I, C.) Northern Telecom SL-Net V, and D.) Siemans WebLink v.Ia. The slight differences between these systems answer devices are the dial tones. The dial differ either in tone, volume, or interrupt/no interrupt. With practice, you will find the Sorcerer XII easy to distinguish. WHAT : Now, most often Sorcerer XII requires a four digit code, but TO DO this can be altered at the source, so it is not entirely consistent. To be able to utilize the Remote System Control (RSC from here out) commands, you must obtain the System Command Code. The System Command Code consists of the original number of digits plus a two digit authorization check. Thus, if we were dealing with a four digit Sorcerer XII system, we would find the four digit System Command Code followed by two more digits. *How do you know if you have the

first set of the SCC?* A four tone confirmation, similar to the one given by ASPEN VMNetworks, is given when you have the first digit set of the SCC; then, you must discover the two digit confirmation code. The confirmation code is updated every week. Finding the SCC is not going to be easy, as you can not utilize a cutesy code hacker on your computer. Essentially, the process will take dedicated hand hacking, and scanning for that matter. SYSTEM: Since this is a PBX, there are no voice instructions; thus, COMMAND you must know what the hell you're doing! After you have LEVEL obtained the correct confirmation code, two short beeps are transmitted. This is your cue; you're in! The commands are two digits followed by the asterisk (*) key. Since there are many commands, I will list only those which are essential to your life and needs. You can experiment with the other ones. 07* - input 1, 2, or 3; alters error transmission. 1 is fake carrier, 2 is fast-busy, 3 is sweep-siren. 19* - allows removal of codes from the programed code array. You must enter the code to be removed, followed by the pound key (#). 20* - allows insertion of codes. You must input the code, followed by the pound key (#). Be careful, as a precise log of all code insertions is kept. 43* - enables calls to toll numbers, such as 0700, 1900, and 976. 44* - disables calls to toll numbers. Be sure to disable the function immediately after you are done with it. If it is left on, the administrator knows what's going on and will investigate. 73* - enables making log of all calls placed through Sorcerer XII lines. 74* - disables making log of all calls placed through Sorcerer XII lines. Once again, disable 73 if you use it, as it is obvious to the administrator what's going

on. 99* - disconnect from the system command level. Make sure to do this before hanging up, as it will hang the PBX, and things will definantly be switched around. Have fun, be careful, and take it easy. All the information included should be enough to provide hours of safe enjoyment. If you have any questions for CHiNA concerning anything, give us a call at one of the below-listed CHiNA Nodes. Spread this around!!! Tinsel Town Rebellion 12/24/96 713-451-9548 The Forbidden Passage 12/24 713-774-0449 Optical Illusions 12/24 713-578-0722 The Ultimate Revolution 12 713-492-0438 Later, The Conflict <CHiNA> Thanks go out to Maxwell Smart for acquiring a partial R.O.L.M. manual; Count Zero for being a swell guy; The Viper for giving us a 'home'; Monalisa Overdrive for anti-procrastination support; and last but not least, NAP/PA for instilling in us a realization that we do not want to do nothing! ------------------------------------------------------------------------------- InfoFile on Operation Wolf -- CHiNA As most of you have now heard this wonderful long awaited game suddenly was released, but not by Taito, FiRM, PTL or MCM, but by a guy named General Zaroff. If you downloaded this 'game' somewhere then you probably noticed that it said it was cracked by PTL. How can PTL crack a game when it hasn't even been released out on the market, according to The Viper he called Taito and they told him that it wouldn't be released until the third week of July.

Therefore this guy obviously did this to frame PTL (against FiRM) General Zarhoff (also known as The Gipper) did this Sunday I do believe and was stupid enough to put it up on his own board (where several people downloaded it) and then proceded to upload it to The House of Phreaks and you know how it goes it was easily distibuted around. This guy can be found around a few boards but you can pay him a personal visit on the board he runs Crystal Chasm (408) 997-9107 CASJO. I didn't think it would be neccesary to post his Voice #, Address and Real Name. o What the file does o When you first run the program it will tell you that it is PTL. Next it will ask you for your graphics mode and sound ability. After that it will clear the screen, delete Config.Sys Command.Com Autoexec.Bat IBMBIO.Com IBMCOM.Com and then it will lock up. The files are Wolf.001 Wolf.Exe Runme.Bat Title.Ptl The rest of the files on disk one are useless garbage and on Disk 2 the entire disk is all docs. I hope this file helped to prevent the use of this program and make sure you keep a look out for this guy because he is obviously wanted by PTL and FiRM. Created by : Maxwell Smart Thanks to : The Viper and Master Ryu (another CHiNA original) -------------------------------------------------------------------------------- Exterior Terminal Telephones ----- CHiNA by... The Conflict.... Salutations and welcome to CHiNA InfoFile #5. What are Exterior Terminal Telephones? After reading this file, you should understand what an ETT is and how to manipulate it to your liking. We at CHiNA are supplying this information to educate the user. We do not condone implementing this information for illegal use. We at CHiNA hereby waive any legal reprimands which may be

directed at us, and the USA protects us with its First Amendment priveleges (SO THERE!). Exterior Terminal Telephones are the extension phones located at various locations. Some commonplace locales include secured apartment buildings, small office buildings, or buildings with after business hours time locks. An ETT is a branch off of the building PBX. Most often, you dial in a four digit number, and the phone processes that and dials the seven digit pre-suff for your extension...the dial mode is commonly pulse. Remote tone controls often control security locks. Logically, if you seize the dial tone before any call goes through, you can call out using the PBX. This can be easily accomplished using a portable dual-tone multi-frequency generator. Either you can pre-record the destination numbers on a portable cassette, or you can contruct a portable DTMF generator. ---------------------------------------------------------------------------Cellular Phone File - #1 written, created and tested by Count Zero {CHiNA} This simple (?) mod has been tested on the: UNIDEN CS-1000/1200 Series Cellular MPPS Red 12/13 (Pretty much same as above model) and has proven effective for over four months running. However, (yes, here comes the big disclaimer...) ---------------------------------------------------------------------------DISCLAIMER CHiNA and its members claim no responsibility for irresponsible use of the information and designs contained herein. This file is being presented on a "for knowledge's sake" basis to the members of the modemming community at large. Any use of this file except for educational and operational efficiency purposes is hereby forbidden. So there!

The Conflict * Maxwell Smart * Count Zero * Monalisa Overdrive * The Viper & Rubiks the Cube ---------------------------------------------------------------------------What this mod does is prevent a correct unit identification code (called UIC from here on) from being transmitted. The messages sent to and from the local transmittal stations should be surpisingly familiar to any one of our readers. But here's the mod and a bit of theory that I used to discover it. (1) Your individual UID is "burned into" a simple 8x8 EPROM that may be erased and "re-written" to accomodate a new code. This may be difficult, and in fact IS difficult because you will have a lot of trouble finding where it begins and ends. (2) The contact sequence when you first power up the unit (which usually goes on while the handset's "NO SERVC" or "SVC UNAVAIL" is lit) goes like this: YOU A0 A0 A0 A0 A0 A0 A0 A0 IT ACK or NAK (up to a max of 4 times) YOU 12 3A + UID IT 12 3A + UID YOU ACK or NAK IT 00 00 00 or FF FF FF (Available / Not Available) The best route to handle this is to FORCE your system to ACK when asked if a false code is its code. The following should outline the procedure: You will need: * A Temperature-Controlled Soldering Iron * Rosin-Core Solder * Solder wick (for you slobs) * Pair of Diag-Cutters (or wire-cutters) * About 15 minutes of time.

Step 1 - Unplug the unit and allow to sit for at least a half hour to allow all capacitors to become completely discharged. Also, as a precaution, "discharge" yourself on a common ground (no woolly socks, ok?) Remove cover from "handset" portion (yes, the one with the keypad) Step 2 - Locate the indicated EPROM should have a serial number that begins with an "IA" prefix and will be noted on the circuit board as "IC4" or "IC5". Given this knowledge and the following picture: +5v -!-------!- GND -! IA... !- RST -! !+1.5v -! !IC4 D1 -! !- D5 D2 -! !- D6 D3 -! !- D7 D4 -!-------!- D8 ...you should be able to find it. Step 3 - Cut the D1 pin and pull completely back from the motherboard at a 90 deg angle. This will not interfere with your system messages but will disable any "odd number" from being sent! Thus your code alone will come out false. Step 4 - Locate the following components: R14 - Resistor #14 1.5 ohm Cut and jumper with solder and small gauge wire R15 - Resistor #15 3.5 ohm Cut and replace with 1.5 ohm from previous step C22 - Capacitor #22 Cut and leave out! Now make sure you have no "cold" joints and all soldered points are secure! If you are going to screw up at any point in the procedure, this will be it. Make sure to double-check your work! I don't want anyone weeping to me

because their handset if now fused to their right ear! Step 5 - (explanation of Step 4) This step "forces" the system to send an ACK (by routing the NAK trigger through ACK output) and thus verifying the bogus code. Step 6 - Reassemble handset. Just a hint, do NOT go overboard on your calls as these calls are not free, they are just being billed to another person's code (if it is a legit code) Again, re-read the disclaimer. Step 7 - Operate the unit normally. TROUBLESHOOTING: Problem Solution * NO POWER Be sure all power leads were reconnected correctly when you put the handset back together. * STILL GETTING CHARGED FOR Cut the correct pin from the IC! CALLS If still getting charged, cut D2 The House of Phreaks and you know goes it was easily disuted around. This guy can be found around a few boards but you can pay him a personal visit on the board he runs Crystal Chasm (408) 997-9107 CASJO. I didn't think it would be neccesary to post his Voice #, Address and Real Name. o What the file does o When you first run the program it will tell you that it is PTL. Next it will ask you for your graphics mode and sound ability. After that it will clear the screen, delete Config.Sys Command.Com Autoexec.Bat IBMBIO.Com IBMCOM.Com and then it will lock up. The files are Wolf.001 Wolf.Exe Runme.Bat Title.Ptl The rest of the files

+----------------------------------+ ++ + --> HACKING ATM'S <-- + ++ + Written By: + ++ + =-=-=-=-=-=-=-=-=-=-=-=-=-= + +=BLUETHUNDER=+ + =-=-=-=-=-=-=-=-=-=-=-=-=-= + ++ ++ ++ +----------------------------------+ Welcome everybody to my first article dealing with the manipulation of the Bank's Automated Teller Machines for the gain of money.. In this article I will show you many ways to 'beat' the system. Some methods of hacking into ATM's are very easy and others are a bit more difficult. I suggest you pick the method that mostly suits you. Okay Lets get straight into it.... 1.0 Different types of Automatic Tellers ============================================ There are 3 major types of Automatic teller machines. IBM === The first of these (and the most popular) is the IBM model. This is easily distinguised from the others by the IBM logo in the top right hand corner of the front of the machine. This unit features a touch sensitive keypad and a 1 line display with a visor that moves up and down. (The newer models have a 5 line display).. NCR === The second unit is the NCR unit, which is MUCH smaller than than the IBM front panel. This unit has a small VDU as well as a touch sensitive keypad. The only banks that seem to be using this unit in Australia is the 'STATE BANK' of Victoria, so you will not see many of them around. PHILIPS ======= The third and final unit is made by Philips as is only used by the credit unions or Building Societys. This is usually known as 'CASHCARD'. These units feature a push-button keyboard and a VDU (like the NCR). All these above units provide the same functions...

1.1 Information on the Plastic Cards ====================================== The Plastic Cards that you put into these cash carrying monsters have a Number that is printed on the front of the card (which is also the same number, that is stored on the MAGNETIC STRIP on the back of the card.) What do these numbers mean????? Well here is some information on them... The Numbers are split up into 2 groups, the first group ALWAYS contains SIX numbers while the second group contains anywhere between 6 to 13 numbers. EG) 560192 3012565214782 \ /\ / | |__ This 3 digit number identifies the Bank. | |__ This is the Australian ID code and ALL banks have this. Some ID's for banks =================== 192 - Westpac Banking Corporation 251 - National Australia Bank 220 - Commenwealth Bank The Second part of the number seems to be a jumble of digits for 6 to 13, which only seem to make sense to the banks computer. The banks computer simply looks the second number up in a Table and finds out your assigned PIN number (A password for your card consisting of 4 digits), and any other information. eg) Your savings account no. Cheque a/c etc. Since the four Digit PIN (Personal Identification Numbers) range from 0000 to 9999, then more than one person has the same PIN number for his card. (Banks do have more that 10,000 customers !!) Okay now that we have some simple background information we can learn how to 'defeat' the system.. 1.2 The "CABLE CUTTER METHOD" =============================== For this method you will require the Follwing: (1) - Guts (2) - Good Pair of SIDCHROME cutters (3) - Fake ID (library cards, Concession Cards etc.) Okay the First Step is to open up a bank savings account at one of the banks that gives you access to the ATM.. The Major banks have the following Packages: Westpac - Advantage Saver National - Flexi Card C'wealth - Key Card

I suggest you go for National Bank as their limit is $500 per day, where Westpac has a $200 Max Limit per day.. Give them an address where you can check the mail everyday (so you can receive your card and PIN number)...An old house etc. will do very well. Make sure you open the account at a 'small' suburb branch, that has computer equipment installed. Once you have finally received your brand new savings account with fake name and addreYour account record is kept at your branches computer. So what the main computer does is get in touch with the branches (on the network) and ask it information on your account. (Balance etc.). Ok so what do we do with the cutters??? Well go to your banks branch (at about 10.00 - 11.00 pm), Find the Concrete Telecom cover near the bank and lift it off using the handle of the Cutters. Ok, See if there are cables leading from the main tube into a smaller tube that leads underground into the bank...Well take your cutters and snip them..Ok well congratulations you have just cut the phone cables for all their phones and their branch computer system.. If you wanna be a bit more sure that you cut the cable to the computer, Snip every cable in sight of the bank. (Use insulated cutters and don't be afraid of the sparks and mini fire works.) Ok the banks compuer should be disabled now, so go to the nearest ATM you can find and pop your card in and try to do a ' ACCOUNT BALANCE '. You should get a NOT AVAILABLE - try again Later ERROR..If you do then start jumping up and down cause you have done it!! You see the main computer is programmed to give you whatever money you ask for when the lines are down, so they will not inconvenience the customers. So punch in the max. LIMIT any time before 12 midnight and then take out another batch after 12.00 midnight (or whatever other time you can).. When they Fix the Lines, the main computer will update the balance in the branches computer... (he he). Your account will have a Debit Balance and the bank manager will come after you..But he won't find you will he!! The major banks that to use this new system are: Westpac and National. I have tried it with both banks and it works great. Although I prefer National Bank since you can make $1,000 in a few minutes. 1.3 The "Snatch and Grab Method" ================================= STAY TUNED FOR THE REST!!

AtM HACK

+----------------------------------+ ++ + --> HACKING ATM'S <-- + ++ + Written By: + ++ + =-=-=-=-=-=-=-=-=-=-=-=-=-= + +=BLUETHUNDER=+ + =-=-=-=-=-=-=-=-=-=-=-=-=-= + ++ ++ ++ +----------------------------------+ Welcome everybody to my first article dealing with the manipulation of the Bank's Automated Teller Machines for the gain of money.. In this article I will show you many ways to 'beat' the system. Some methods of hacking into ATM's are very easy and others are a bit more difficult. I suggest you pick the method that mostly suits you. Okay Lets get straight into it.... 1.0 Different types of Automatic Tellers ============================================ There are 3 major types of Automatic teller machines. IBM === The first of these (and the most popular) is the IBM model. This is easily distinguised from the others by the IBM logo in the top right hand corner of the front of the machine. This unit features a touch sensitive keypad and a 1 line display with a visor that moves up and down. (The newer models have a 5 line display).. NCR === The second unit is the NCR unit, which is MUCH smaller than than the IBM front panel. This unit has a small VDU as well as a touch sensitive keypad. The only banks that seem to be using this unit in Australia is the 'STATE BANK' of Victoria, so you will not see many of them around. PHILIPS ======= The third and final unit is made by Philips as is only used by the credit unions or Building Societys. This is usually known as 'CASHCARD'. These units feature a push-button keyboard and a VDU (like the NCR). All these above units provide the same functions...

1.1 Information on the Plastic Cards ====================================== The Plastic Cards that you put into these cash carrying monsters have a Number that is printed on the front of the card (which is also the same number, that is stored on the MAGNETIC STRIP on the back of the card.) What do these numbers mean????? Well here is some information on them... The Numbers are split up into 2 groups, the first group ALWAYS contains SIX numbers while the second group contains anywhere between 6 to 13 numbers. EG) 560192 3012565214782 \ /\ / | |__ This 3 digit number identifies the Bank. | |__ This is the Australian ID code and ALL banks have this. Some ID's for banks =================== 192 - Westpac Banking Corporation 251 - National Australia Bank 220 - Commenwealth Bank The Second part of the number seems to be a jumble of digits for 6 to 13, which only seem to make sense to the banks computer. The banks computer simply looks the second number up in a Table and finds out your assigned PIN number (A password for your card consisting of 4 digits), and any other information. eg) Your savings account no. Cheque a/c etc. Since the four Digit PIN (Personal Identification Numbers) range from 0000 to 9999, then more than one person has the same PIN number for his card. (Banks do have more that 10,000 customers !!) Okay now that we have some simple background information we can learn how to 'defeat' the system.. 1.2 The "CABLE CUTTER METHOD" =============================== For this method you will require the Follwing: (1) - Guts (2) - Good Pair of SIDCHROME cutters (3) - Fake ID (library cards, Concession Cards etc.) Okay the First Step is to open up a bank savings account at one of the banks that gives you access to the ATM.. The Major banks have the following Packages: Westpac - Advantage Saver National - Flexi Card C'wealth - Key Card

I suggest you go for National Bank as their limit is $500 per day, where Westpac has a $200 Max Limit per day.. Give them an address where you can check the mail everyday (so you can receive your card and PIN number)...An old house etc. will do very well. Make sure you open the account at a 'small' suburb branch, that has computer equipment installed. Once you have finally received your brand new savings account with fake name and addreYour account record is kept at your branches computer. So what the main computer does is get in touch with the branches (on the network) and ask it information on your account. (Balance etc.). Ok so what do we do with the cutters??? Well go to your banks branch (at about 10.00 - 11.00 pm), Find the Concrete Telecom cover near the bank and lift it off using the handle of the Cutters. Ok, See if there are cables leading from the main tube into a smaller tube that leads underground into the bank...Well take your cutters and snip them..Ok well congratulations you have just cut the phone cables for all their phones and their branch computer system.. If you wanna be a bit more sure that you cut the cable to the computer, Snip every cable in sight of the bank. (Use insulated cutters and don't be afraid of the sparks and mini fire works.) Ok the banks compuer should be disabled now, so go to the nearest ATM you can find and pop your card in and try to do a ' ACCOUNT BALANCE '. You should get a NOT AVAILABLE - try again Later ERROR..If you do then start jumping up and down cause you have done it!! You see the main computer is programmed to give you whatever money you ask for when the lines are down, so they will not inconvenience the customers. So punch in the max. LIMIT any time before 12 midnight and then take out another batch after 12.00 midnight (or whatever other time you can).. When they Fix the Lines, the main computer will update the balance in the branches computer... (he he). Your account will have a Debit Balance and the bank manager will come after you..But he won't find you will he!! The major banks that to use this new system are: Westpac and National. I have tried it with both banks and it works great. Although I prefer National Bank since you can make $1,000 in a few minutes. 1.3 The "Snatch and Grab Method" ================================= STAY TUNED FOR THE REST!!

^\ /^\ /^\ /^\ /^\ //^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\

/^\ Real Credit Card Fraud /^\ /^\ /^\ /^\ by /^\ /^\ /^\ /^\ Emergency Interrupt /^\ /^\ h /^\ /^\ Advanced Telecommunications Inc. /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\

I have seen files on Credit Card Fraud using carbons to get shit though mail order. Well I have a solution for those of you who can't get anything this way. Maybe you sound to young, maybe UPS doesn't drop shit in bushes or back porches anymore, well I have a way around this. Buy remember Credit Card Fraud is a Federal offense! Probably because they never catch you doing it, just like stealing mail is a federal offense but who gets caught doing that! Also when I refer to sting I mean steal. Because stealing is against the law, but stinging isn't. Har har har, maybe it's not funny but it just stuck after a while. Step 1: Location -=-=-=Find a secluded place where men/women leave their wallets and purses in there cars. It is best if you live near a beach where there are tons of cars and they will not be near there cars for hours. I have found that resturants are these such places also. Since I live near the beach this is my best location. I have never been to the mountains or anything like this, but a place like Ski Mountain or someting could also be veby effective. I think places like Disney World, Circus World, Sea World, Wild Waters and shit like that would be good! Step 2: Looking for the purse -=-=-=Once you have found a good spot with tons of cars walk around and look inside cars for shit like purses under seats or under towels or anything like that hidden somewhere. Try not to look to obvious because some people will call the police. While looking for purses try to social engineer a way so it doesn't look obvious, I have tried acting like I have to piss every five seconds or something like "Is that Freeda's car, humm I can't tell, let's look

inside." This ban be effective too. Step 3: How to get the Hell out of there once you have the purse -=-=-=Now that you have found a car with a purse you have to think of what 9o| are going to do and after you get it how the hell are you gonna get out of there. A] Getaway Car - A fast one, the cars I use are my friend I go stinging with. I would suggest something that is not to flashy. B] Run like hell - this works best anytime, especially when your doing it on your own. Step 4: Getting into the Car -=-=-=Since you know how you are gonna get away you need a good way to get into the car. Sometimes it is best to check all cars with purses for unlocked doors but if all of the cars are locked then I suggest choosing the car that looks the nicest or is the most expensive (ie-Mercedes,Porche, and shit like that!!) I have three methods of breaking into cars: A] Slim Jim - workr best when you have time to get in, but if you are in a hurry I suggest another way. B] Screwdriver - this sucker works good, just put it between the top of the gindow and pry the window out till it shatters. C] BB Gun - in case you don't feel like having a piece of glass hit you when you use the Screwdriver then I suggest a small BB handgun. When the window has shattered reach in a grab the purse, take your time and don't cut your self if you spaz out. Always check the glove compartment for shit and if you have time look for objects that say 'Hide-A-Key'. These can be very useful when stinging the car. Also check ashtray, because not all people smoke but some people put shit there. If the car has tint then it will prabably spider, so you will need a glove to knock all the glass out of the way. There are other methods of breaking a window, but the pwo I have are very quiet.

Step 5: Looking for Important Merchandise -=-=-=You have the purse, you have searched the car thoroughly for hide-a-keys, extra cash, maybe even try to sting their nice brand new top of the line Alpine stereo with Compact disc player and complete cassette collection. Whatever you get just don't get caught. Once you have you main goal, the purse of course, check the billfold for cash and credit cards. Also look for gas cards, MCI cards AT&T calling cards movie rental cards, Honor cards, and other crap. There are a number of things you can do with the plastic you just got: A] Gas Cards - free tank of gas and food if it is a convient store. These cards are usually good for about two weeks, although some place don't call them in. For instance Gulf,some Amoco's, Chevron and otherf) : + +$Tc=9 9M!11 5R

___________________________________________ /___________________________________________\ || | TRW Terminolgy | | Understanding What You Read | || | By | || | Master Blaster | | Advanced Telecommunications Inc. | \___________________________________________/ Type of Account \_____________/ Abrevation Explanation \________/ \_________/ AUT Auto UNS Unscured SEC Secured P/S Partially Secured H/I Home Improvement FHA FHA Home Improvement ISC Installment Sales Contract

CHG Charge Account R/E Real Estate Specific Type unknowen-in terms of years SCO Secured by Co-Signer BUS Busness REC Recreational Merchandise EDU Educational LEA Lease COM Co-Maker(not borrower) C/C Check Credit or Line of Credit F/C FHA Co-Maker(not borrower) M/H Mobil Home CRC Credit Card R/F FHA Real Estate Mortgage-in terms of years NTE Note Loan NCM Note Loan With Co-Maker HHG Secured by Household Goods H+O Secured by Household Goods & other Collateral ASL Auto R/V VA Real Estate Mortgage-in Terms of Years R/C H| Conventional Real Estate Mortgage-Terms in Years R/O Real Estate Mortgage-with or without other collateral Usually a seccond mortgage-Terms in months Amount shown in $100.00 incerments SLC Co-Maker(not Borrower) REN Rental Agreement SUM Summary of Accounts with same status UNK Unknowen (that's the meaning not that i don't know) DCS Debit Counseling Service CCP Combined Credit Plan AST Account Reviewed by Credit Grantor A/M Account Monitor by Credit Grantor RVW Account Review by Credit Grantor EMP Employment PSC Solicitation D/C Debit Card DCP Data Correction Profile ADD Address information for Mailing IDV Address information for the Government CLS Credit Line Secured

COL Collection Attorney INS Insurance Claims C/S Child Support Court Codes \_________/ CIR Circut CITY City CVL Civil CO County CT Court DIS District IRS Internal Revenue Service JUS Justice MUN Municipal REG Registrar ST State SPR Superior SUP Suprame

Explination of Status Comments \____________________________/ BK ADJ PLN Debit included in or completed through Bankruptcy Chapter 13. BK LIQ REO Debit included in or discharged through Bankruptcy Chapter 7 or 11. CHARGE OFF Unpaid balance reported as a loss by credit grantor. CLOS INAC Closed inactive account COLL ACCT Account seriously past due/account assigned to attorney. Collection agency or credit grantors internal collection department. CO NOW PAY Now paying - Was charge off. CR CD LOST Credit card lost or stolen. CR LN CLOS Credit line closed/reason unknowen or by consumer request/there may be a balance due. CR LN RNST Account now available for use and is in good standing. Was closed account. CURR ACCT This is either an open or closed account is a

credit card or charge account. It should be available for use and there may be a balance due. If the account is closed. There were no past due amounts reported and it was paid. CUR WASCOL Current account was collection account. CUR WAS DL Current account was past due. CUR WASFOR Current account Foreclosure was started. CUR WAS 30 Current account was 30 days past due. CURWAS30-2 Current account was 30 days past due twice. CURWAS30-3 Current account was 30 days past due three times. CURWAS30-4 Current account was 30 days past due four times. CURWAS30-5 Current account was 30 days past due five times. CURWAS30-6 Current account was 30 days past due six times or more. CURWAS 60 Current account was 60 days delinquent. CUR WAS 90 Current account was 90 days delinquent. CUR WAS 120 Current account was 120 days delinquent. CUR WAS 150 Current account was 150 days delinquent. CUR WAS 180 Current account was 180 days delinquent or more. DECEASED Consumer deceased. DELINQ 60 Account delinquent 60 days. DELINQ 90 Account delinquent 90 days. DELINQ 120 Account delinquent 120 days. DELINQ 150 Account delinquent 150 days. DELINQ 180 Account delinquent 180 days. DEL WAS 90 Account was delinquent 90 days/now 30 or 60 days delinquent. DEL WAS 120 Account was delinquent 120 days/now 30,60 or 90 days delinquent. GOVCLAIM Claim filed with government for insured portion of balance on an educational loan. FORECLOSURE Credit grantor sold collateral to settle defulted mortgage. INQUIRY A copy of the credit profile has been sent to this credit grantor at their request. INS CLAIM Claim filled for payment of insured portion of balance. NOT PD AA Account not being paid as agreed.

PAID ACCP Closed account/zero balance.not rated by credit grantor. PAID SATIS Closed account/paid satisfactory. PD BY DLER Credit grantor paid by company who originally sold the merchandise. PD CHG OFF Paid account/was charge-off. PD COLL AC Paid account was a collection account insurance claim or education claim. PD FORECLO Paid account A forclosure was started. PAID NOT AA Paid account. Some payments were made past the agreed due dates. PD REPO Paid account/was a repossession. PD WAS 30 Paid account/was 30 days past due. PD WAS 30-2 Paid account/was 30 days past due 2 or 3 times. PD WAS30-4 Paid account/was 30 days past due 4 times. PD WAS30-5 Paid account/was 30 days past due 5 times. PD WAS30+6 Paid account/was 30 days past due 6 or more times. PD WAS 60 Paid account/was 60 days delinquent. PD WAS 90 Paid account/was 90 days delinquent. PD WAR 120 Paid account/was 120 days delinquent. PD WAS 150 Paid account/was 150 days delinquent. PD WAS 180 Paid account/was 180 days delinquent or more. REDMD REPO Account was a repossession/now redeemed. REFINANCED Account renewed or refinanced. REPO Merchandise was taken back by credit grantor, there may be a balance due. SCNL Credit grantor cannot locate consumer. SCNL NWLOC Credit grantor could not locate consumer/consumer now located SETTLED Account leagally pain in full for less than the full balance. TRANSFERRED Account transfered to another office. VOLUN REPO Voluntary repossession. 30 DAY DEL Account past due 30 days. 30 2 TIMES Account past due 30 days 2 times. 30 3 TIMES Account past due 30 days 3 times. 30 4 TIMES Account past due 30 days 4 times. 30 5 TIMES Account past due 30 days 5 times. 30 6+ TIMES Account past due 30 days 6 times or more. 30 WAS 60 Account was delinquent 60 days/now 30 days.

TOONEWRT Account too new to rate. Items of Public Record \____________________/

BK 7 -FILED Voluntary or Involuntary RE\Q%Q%=9 J95R 2HBankruptcy Chapter 7 - (Liqufiled. BK 7 -DISCH Voluntary or involuntary PetiP%=9 J95P 9-IUAQ e

An Algorithm for Credit Cards by Crazed Luddite & Murdering Thug K00l/RaD Alliance! Transcribed from 2600 Volume Seven, Number Three (Autumn, 1990) by Psyberdelic Relic - 12/25/90 As some of you know, the credit card companies (Visa, MC, and American Express) issue card numbers which conform to a type of checksum algorithm. Every card number will conform to this checksum, but this is not to say that every card number that passes this checksum is valid and can be used, it only means that such a card number can be issued by the credit card company. Often this checksum test is used by companies which take credit cards for billing. It is often the first step in checking card validity before attempting to bill the card, however some companies stop here. Some companies only check the first digit and the card number length, others use this very convenient algorithm, while others continue on to check the bank ID portion of the card number with a database to see if it is a valid bank. These tests are designed to weed out customers who simply conjure up a card number. If one were to try to guess at an Amex number byusing the right format (starts with 3 and 15 digits long), only about 1 in 100 guesses would pass the checksum algorithm. Why do companies use the algorithm for verification instead of doing an actual credit check? First, it's much quicker (when done by computer). Second, it doesn't cost anything. Some credit card companies and banks charge merchants each time they wish to bill or verify a card number, and

if a merchant is in a business where a lot of phony numbers are given for verification, this can become rather costly. It is a known fact that most, if not all, online services (i.e., Compuserve, Genie, etc.) use this method when processing new sign-ups. Enough said about this, you take it from here. The majority of transactions between credit card companies and merchants take place on a monthly, weekly, or bi-weekly basis. Such bulk transactions are much less expensive to merchants. Often a company will take the card number from a customer, run it through the algorithm for verification, and bill the card at the end of the month. This can be used to your advantage, depending on your situation. If you trade card numbers with your friends, this is a quick way to verify the numbers without having to call up the credit card company and thus leave a trail. Also, a few 1-800 party line type services use this algorithm exclusively because they don't have a direct link to credit card company computers and need to verify numbers real fast. Since they already have the number you're calling from through ANI, they don't feel it necessary to do a complete credit check. I wonder if they ever heard of payphones. Here's how the algorithm works. After the format is checked (correct first digit and correct number of digits), a 21212121... weighing sccheme is used to check the whole card number. Here's the english pseudocode: check equals 0 go from first digit to last digit product equals value of current digit if digit position from end is odd then multiply product by 2 if product is 10 or greater then subtract 9 from product add product to check end loop if check is divisible by 10, then card passed checksum test Here is a program written in C to perform the checksum on a Visa, AMEX or MC card. This program can be easily implemented in any language, including ACPL, BASIC, COBOL, FORTRAN, PASCAL or PL/I. This program may be modified, with the addition of a simple loop, to generate credit card numbers that pass the algorithm within certain bank prefixes (i.e. Citibank). If you

know the right prefixes, you can generate valid card numbers (90 percent of the time). /* CC Checksum Verification Program by Crazed Luddite and Murdering Thug of the K00l/RaD Alliance! (New York, London, Paris, Prague.) Permission is given for free distribution. "Choose the lesser of two evils. Vote for Satan in '92" */ #include <stdio.h> main() { char cc[20]; int check, len, prod, j; printf("\nAmex/MC/Visa Checksum Verification Program"); printf("\nby Crazed Luddite & Murdering Thug\n"); for(;;) { printf("\nEnter Card Number [w/o spaces or dashes.] (Q to quit)\n:"); scanf("%s",cc); if ((cc[0]=='Q')||(cc[0]=='q')) break; /* exit infinite loop, if 'Q' */ /* Verify Card Type */ if ((cc[0]!='3')&&(cc[0]!='4')&&(cc[0]!='5')) { printf("\nCard number must begin with a 3, 4, or 5."); continue; } else if ((cc[0]=='5')&&(strien(cc)!=16)) { printf("\nMastercard must be 16 digits."); continue; } else if ((cc[0]=='4')&&(strien(cc)!=13)&&(strien(cc)!=16)) { printf("\nVisa numbers must be 13 or 16 digits."); continue; } else if ((cc[0]=='3')&&(strien(cc)!15)) { printf("\nAmerican Express numbers must be 15 digits."); continue; }

/* Perform Checksum - Weighing list 2121212121212121.... */ check = 0; /* reset check to 0 */ len = strien(cc); for (j=1;j<=len;j++) /* go through entire cc num string */ { prod = cc[j-1]-'0'; /* convert char to int */ if ((len-j)%2) prod=prod*2; /* if odd digit from end, prod=prod*2 */ /* otherwise prod=prod*1 */ if (prod>=10) prod=prod-9; /* subtract 9 if prod is >=10 */ check=check+prod; /* add to check */ } if ((check%10)==0) /* card good if check divisible by 10 */ printf("\nCard passed checksum test."); else printf("\nCard did not pass checksum test."); } } -69-