Automatic Teller Fraud is not a particularly easy scam to pull off, as it requires either advanced hacking techniques (TRW or banks) or serious balls (trashing a private residence or outright breaking & entering), but it can net a thief up to $500 a day.

Laws that will be broken: Credit Fraud, Wire Fraud, Bank Fraud, Mail Fraud, Theft Over $200, Forgery, and possibly a few others in the course of setting the scheme up.

The first step is to target the victim. The type of person a thief is looking for is rich. Very rich.

Now, don't go trying to hit on J.P. Getty or Johnny Carson or someone who carries a high name recognition. This will just get you into trouble as everyone notices a famous person's name floating across their desk.

Instead look for someone who owns a chain of hog feed stores or something discreet like that. We targeted a gentleman who is quite active in the silver market, owning several mines in South Africa and not wanting this to be widely known (he had no desire to be picketed.)

Next step, take out a p.o. box in this person's name.

Now comes the fun part, requiring some recon on your part. You need to know some fairly serious details about this person's bank dealings.

1) Find out what bank he deals with mainly. This isn't too difficult as a quick run through his office trash will usually let you find deposit carbons, withdrawal receipts, or *anything* that has the bank name on it.

2) Find out the account number(s) that he has at the bank. This can usually be found on the above-mentioned receipts. If not, you can get them in TRW (easier said than done) or you can con them out of a hassled bank teller over the phone (Use your imagination. Talk slowly and understandingly and give plausible excuses ["I work for his car dealership, we need to do a transfer into his account"].)

2a) [optional] If you can, find out if he has an ATM (Automatic Teller) card. You don't need to know numbers or anything, just if a card exists. This can also be ascertained over the phone if you cajole properly.

3) Armed with this information, go into action.

a) Obtain some nice (ivory quality) stationary. It doesn't have to be engraved or anything, but a $5 or $10 investment to put a letterhead with his initials or something on it couldn't hurt. But the most important thing is that it look good.

b) Type a nice letter to the bank notifying them of your address change. Some banks have forms you have to fill out for that sort of thing, so you need to check with the bank first (anonymously, of course). You will have to have a good copy of his signature on hand to sign all forms and letters (again, trash his office).

c) Call the bank to verify the new address.

d) IMMEDIATELY upon verifying the change of address, send a second letter. If he already has an ATM card, request a second card with the business name engraved in it be sent for company use. If he doesn't have an ATM card, the letter should request one for account number xxxxxx. Ask for two cards, one with the wife's name, to add authenticity.

e) Go to the bank and ask for a list of all ATM's on the bank's network. Often the state has laws requiring *all* machines take *all* cards, so you'll probably be in good shape.

f) Await the arrival of your new card. The PIN (personal identification number) is included when they send out a card. After picking up the card, forget that you ever even *knew* where the p.o. box was, and make sure you didn't leave fingerprints.

g) Begin making the maximum daily withdrawal on the card (in most cases $500/day), using a different machine each time. Since many of these machines have cameras on them, wear a hat & jacket, or a ski mask to be really paranoid. To cut the number of trips you have to make in half, be at an ATM a few minutes before midnight. Make one $500 withdrawal right before midnight, and another one right after. This cuts down on the number of trips, but police or bank officials may spot the pattern and start watching machines around midnight. Use your own judgement.

Conclusion: Before using the card, make sure that all fingerprints are wiped from it. Usually the first hint you will have that they have caught on to your scam is that the machine will keep the card. Also, avoid using machines in your own town unless it is a big city (Chicago, Milwaukee, Dallas, etc.).

 

NOTE: There has been a few files written about how to 'RIP OFF' ATM's of some sort but this file will not contain technical shit on the card tracks or a xxxyyyooo17ss type of format. This text will tell you how to rip off ATM's with out all of that technical stuff that you can't really use because most of the stuff are too hard. So I give you methods on how you can defeat ATM's with things you may or may not need to pay a-lot for! This file is real unlike a file I came accross that a user uploaded on Blitzkreig called KRAD#1 which I feel was written by 10year olds. That file is totally SHIT! Now there was a-lot of Valid writers on the subject of ATM's but I feel they were on the subject of PINs & PANs which is very hard to do right.

NOTE II: ATM theift is a Federal Crime and the Government doesn't like there funds fucked with. The author does not, DOES NOT bare responsiblity for the misuse of the information, if you are able to commit any of the crimes listed then your able to be responsible for your own damn actions! Dont tell'em I made you do it!

I. CON JOBS

New York City (My Home!) is the leader in ATM con jobs. Altogether, about 2,000 Citibank users were victimized by ATm con artist in one years time for a tune of $495,000!!So I'm going to spread some light on what and how these cons are pulled off.

Method 1: THE "DEFECTIVE ATM" CON

A con method popular with Citibank ATMs netted one con artist $92,000- with the unwitting assitance of his 374 victims. The scheme works in lobbies with more than one ATM, and a service phone. The well dressed and articulate con man poses as a legit user and stands between two ATMs, pretending to be talking to the bank service personnel over the service phone. After a user inserts his card into the ATMs card reader slot he tells his that the machine is not working. The user withdraws his card leaving the ATM activated. THe con man then observes theuser enterring his PIN into the adjecent ATM. Then, still holding the phone, the con man enters the users PIN into the first ATM. In make-believe conversation with the bank, the con man acts like he is receiving instructions from the bank. To complete the theft he talks the user (major social engineering!) into entering his card into the first ATM again to "test" or "clear" the ATM. He claims that bank personnel think that the user's card "locked up" or "jammed" the ATM and or that ATM may have made the users card defective, and the insertion of it is required to "unlock" or "unjam" the ATM and/or to verify that the user's card is still vaild. After the users leaves, the con manenters into the keypad and withdraws the maximum daily amount from the users account.

This only works on Citibank ATMs cause they don't take the users card, but once the card is slipped in the ATM is activated.

Method 2. PHONE PIN-EXTRACTION SCAMS

Another popular con is for the con man to call up an ATM user whose card he's found or stolen. He identifies himself as a police officer, and obtains the PIN from the user by stating that it is required by law to verify the card owner. This works really well if you can bullshit them good like act like you have to do something and tell them to call you right back (on a loop!) and have a friend answer as the police station!

Method 3. THE BANK DICK CON

A subject was recently was recently convicted in N.Y. and Boston of defrauding ATM accounts of $150,000. He dubed over 300 ATM users into believing he was a bank security officer who needed assistance in the apprehending of a dishonest bank employee. The users were convinced to leave their bank cards under the locked door of the bank. The con man would then "fish" the cards out. The next morning the con man would have someone make a phone call to the card holder saying that they have caught the employee and dective "hacker" would like to thank you to. But since the employee did come is contact with there card the bank is going to give them a new PIN # after the get the old one! Then the con man's helper would say come pick up your new card and we will tell you your new PIN #.

II. Physical Methods

Some folks just dont like to outsmart a system or person. They prefer the more physical approach by either breaking or removing the ATM. The hazards are obvious-several built-in silent alarms,heavy stainless steel safe like construction, the amount of commotion and noise that results from their efforts, hard to dispose of evidence, etc. Those who have the most success with physical methods, plan and execute their operation as if it were commando mission.

The methods described below can also be used on night depositories, payphones, dollar changers, candy machines, parking meters,etc. Physical attacks must be completed within 10 minutes as ATMs abound with vibration, heat and proximity detectors, and most are silent.

To defeat any internal alarm mechanism,refer to the phone tapping approach (described in detail later) that hooks-up both the ATM and main computer to a programmed micro. So while Hood one is ripping-off or -up the ATM, the micro is whispering sweet nothings to the main computer. NOTE that not all ATM alarms transmit thru the ATM como lines, particulary with thru-the-wall ATMs. To minimize the noise and commotion, heavy blankets(used by movers) can be drapped over the ATM.

Method 1. SUPER COLD GASES

Liquid nitrogen can be used. It is simply poured onto or into the offending part of the ATM and when it hits 100 degrees or so, a sledge or a ballpeen hammer is smartyl slammedin to. THe metal SHOULD shatter like glass. Then one just simply reaches in and examines the untold riches stored inside. Super-cooled gases can also wreck havoc on electronics, cameras and films, and bullet-proof glass, and can be purchased from suppliers of medical and chemical supplies.

Method 2. WATER & ICE

We have also herd that pouring warm water into an isolated ATM on a very cold night is effective. When water freezes, it expands with a terrific force, and will shatter or tear apart anything made by man. The water is poured or pumped in thru the card slot or cash dispenser. It is heavily mixed with wood shavings or fiberglass to stop-up any drainage hole in the ATM. Leaks can also be plugged up with window putty or bubble gum.

Method 3. MORE FREEZE METHODS

ATMs use ACE locks (the ones found on most vending machines, the circle type lock) Freon works on these locks. Somw outlaws empty a can of freon into an ATM lock, pound a screwdriver into the key way, and wrench the lock out. And motor-driven ACE lock pick will vibrate pins into the right positions withine a few minutes. The ACE lock picks can be aquired from STEVE ARNOLDS GUN ROOM call (503)726-6360 for a free catalog they have a-lot of cool stuff!

Method 4. ACETYLENE & DRILLS

ATMs are notorisly vulnerable to attacks using acetylene torches. With most ATMs no more than 5 minutes are required for the entire job! And most ATMs can be drilled out in under 15

minutes, using carbide bits and high rpm drills (check on my SAFECRACKING text to see more about drilling.).

Method 5. SHAPED CHARGES

Placing shaped charges on each support and detonating them all at the same time liberates the ATM. You can firgue this out by yourself.You can also check most BBS's to find out how to make explosives but I wouldn't recommed it, since most of the expolsive files I've seen are inaccurate and leaves out MAJOR measurements and cautions! Your best best is to use black powder that you can get form almost all gun stores.

Method 6. BLOCKING THE DISPENSER

Some ATMs use money drawers. The ATM outlaw screws or epoxies the drawer solidly shut, at the onset of a busy three-day holiday. At the end of each night he returns and he removes the money by unscrewing or with a hammer & chisel, shatter the epoxy bond.

III. ELECTRONIC & COMPUTER SCAMS

Scarcely a week goes by that I don't hear about one scheme or another successfully used by phreaks & hackers to penetrate large systems to access data banks and to perform various manipulations.

Although we have only been able to verify one or two of the methods that we will discribe, numerous cases have arisen in recent years in which an ATM was defrauded with no evidence of a hardware or software bug to account for the robbery.

The outlaw can use several approaches. One is to use wiretapping. Another is to obtain the secrets of the cipher, or hardware or software defeats to the system and proceed accordingly. Another one that works with banks is to set up phony debit accounts and program the computer to beleive that the debit accounts are full of money. Then when a three day weekend comes around proceed with friend to deplete all of these debit accounts by making various rounds to ATMs.

Electronic frauds of ATMs require an excellent technical understanding of phone and-or computers all of which you can obtain from worthy underground news letters such as TAP, and 2600, etc. OR from a H/P BBS.

"Tapping" or "wiretapping" consists of the unauthorized electronic monitering of a signal (voice or digital) transmitted over a phone or computer (commo) circuit. A "tap" is the monitoring device that does this. Athough a tap is usually placed somewhere on a phoneline or junction box, it may be placed inside of a phone, modem or computer.

With the advent of isolated stand-alone ATMs (with vulnerable phone lines, including POS terminals) and computer technology. The phone circuits that connect ATMs to their host computer (located in the banks data processing center) can be tapped anywhere between the two.

An "invasive tap" is one in which a hard electronic connection is made between the tap and the commo circuit. A "non-invasive" tap is one in which an induction loop or antenna is used to pick up the EMI generated by the signal, and there is no physical connection between the commo circuit and the line.

A "passive tap" is one in which the tap simply tramits to a recorder or directly records the tapped signal and in no way interfers with it. An "active tap" is one in which the tap ALSO interferes (changes,adds to or deletes) the tapped signal in some way. Active taps are more sophisted. A typical ATM active tap is one that records a signal, the later plays it back over the line.

Be sure to look for my text "HIGH TECH TOYS" it lists were to get things that are VERY hard to get or things that you may need a license to obtain without those hassles all you need will be money!

Method 1. PASSIVE TAPS

All tapped ATM transactions are recorded over a period of time (but not interfered with). Once the serial protocal and MA codes are understood, the transmitted data is decrypted (if encrypted) using known entry data to the ATM. Note that some systems use a MA code that is complex and very difficult to crack.

Messages to and from the ATMs host computers are composed of various fields. One field identifies the transaction type, one the PIN, one the PAN, one the amount, one the approval code, one the transaction number and perhaps other fields. In most systems, either nothing is encrypted or only the PIN field. In others, the entire message is encrypted.

The ATM/host circuit is monitored over a period of time to deterive PINs,PANs and other entry data of other ATM users based upon (decrypted) transmitted data. Phony debit cards are then made to defraud ATM accounts with known PINs and PANs.

Method 2. ACTIVE TAPS

Active tapping is one method of spoofing. The c4ritical part of the host computer's message are the approval and amounts fields. The critical parts of the ATMs transmission are the continuous transmission it makes to the host computer when NO one is using it to indicate that it is OK, and the PIN and amount fields. Booth good and bad cards and good and bad PINs are entered at various times and days to differentiate between the various massage components. Various quiescent periods is also recorded.

Once the message structures are understood, a computer is then substituted to act as both the host computer and the ATM. That is, a computer is then connected between the ATM and the host computer. This computer acts like the host computer to the ATM, and like the ATM to the host computer.

An accomplice uses the ATM to go thru the motions of making legitimate transactions. If his procedures are correct, the ATM communicates, with the host computer for permission to discharge the money. Several methods:

(A) The phreaker changes the approval field in the hosts message to OK the transaction regardless of its real decision. The phreaker may interdict the message regardless of iits real decision. The phreaker may interdict the message from the ATM to tell the host that the ATM is inactive while it interdicts the host message to tell the ATM to disburse the cash. Since the ATM is no longer connected to the host computer, and the host computer believes that it is talking to an unused ATM (or one engaged in balance inquiry transaction), no monies will be deducted from any debit account, no denials will be made based upon daily maximum limits, and no alarm will be sounded due to suspicious behavior. Even if the ATM sounds an alarm, the host computer wont hear it as long as the phreaker is whispering sweet nothings into its ear. Also by using this method, as long as the PIN & PAN check digits are legitimate ones based upon the ATMs preliminary and cursory checks, the PINs and PANs themselves can be phony because the host won't be there to verify legitimacies! That is no legal PINs and PANs need be known nor the algorithm for encrypting PINs.

(B) The ATMs message is replaced by a previously recorded legitimate transaction message played back by the phreaker. The cash is despense as before. The play back method won't work if the encryption or MA process embed a transaction, clock or random code into the message, making all messages unique.

(C) The phreaker/hacker changes the PIN field in the ATMs message to a legitimate PIN of a fat-cat like DONALD TRUMPs account. The phreaker/hacker then withdraws someone else's money.

(D) The phreaker/hacker changes the amount field in the ATMs message to a much lower one, and then changes the amount field in the host's message back to the higher amount (debit transactions- the opposite changes are made for credit transactions). Sooo the phreaker can withdraw $200 from his account with only $10 actually debited from it by the host. He can then make many withdrawals before the host cuts him off for exceeding the daily max.

Method 3. TEMPEST IV

A thin induction pick-up coil, consisting of many turns of one thickness of #28 or thinner enamel wire sandwiched between two self-adhesive labels, no larger than a debit card, can be inserted at least part way inside the card slot of most ATMs. This coil is then used to "listen in" on the electrical activity inside of the ATM to try to determine which signals control the release of money. Using this same coil as a transmitter anteenna, these signals are then transmitted ti the realse logic to activate it.

It is believed that a thin coil about the size of a dime can be maneuvered quite a ways inside most ATMs for sensing purpose, and that small metal hooks have also been fed into ATMs to obtain direct hookups to logic and power circuits.

It is believe that some outlaws have obtained ATM cards. They then machined out the inside of the cards, except the magnetic strip. They then place flat coils inside the machined out area. They then monitor the coils during legitimate transactions. They can also use the coils to transmit desired signals. This is kind of the method used in TERMINATOR 2.

IV. BOGUS CARD, GETTING PINs

Almost all credit cards now come with either a hologram or an embedded chip ("Smart Card"), and are thus nearly impossible to counterfeit to date. However, since most debit cards are not optically read by ATMs, they are much easier to counterfeit. To counterfeit a card the following is needed:

(1) A card embosser, which can be readily obtained from commercial sources (see "Embossing Equipment and Supplies" or similar in the Yellow Pages) without question asked. A used, serviceable embosser ran use $210 + shipping & handling.

(2) A magnetic stripe decoder/encoder (skimmer), which can be purchased from the same company as the embossing equipment or just look in the back of Computer Magazines.

(3) PIN checkers are not known to be available to the general public. However, if one were stolen, the user could guess at card PINs by trial-and-error effort based upon the knowledge of how PINs are derived.

(4) PANs,PINs and ciphers, which can be obtained from a number of ways usually involving theft. About 50% of ATM users write their PINs either on their debit card or somewhere in there wallet or purse. And most user-chosen PINs are easily guessed. The encrypted PINs can be directly lifted or read from the magnetic stripe, and the encryption scheme determined by comparing the encryption with the known PIN # of a dozen or so cards.

V. NOTE

Now this text covers the file that I have put together on ATMs but I know that there is more on the subject that I have left out either because I dont want to put it or because my staff: The High-Tech Hoods did get or know the info. now I am open to suggestions for ATM 2 but I dont want any ideas I want proof. !! Then I'll publish it and give credit where credit is due.

 CORRUPT COMPUTING 0203 76831

TYPE OF FRAUD ABUSE WITH CASH DISPENSERS

DATE 1986

REFERENCES DTEL29586

DTEL04886COMP05686

VICTIM HIGH STREET BANK

PERPETRATOR BANK CUSTOMER

SCHEME The culprit had devised a method of obtainingmoney from a high street bank`s cash dispenserslocated in the Liverpool area.

He divulged how it was done to police and the bank. The bank initially regarded him with some sceptiscm.

The bank admitted later that a design faulthad been to blame for allowing the thefts. Amodification was being incorporated in the machine to prevent it.

A number of thefts of this kind have been perpetrated in the Mersyside area with severalpeople being caught.

AMOUNT Probably hundreds of pounds

HOW DISCOVERED The culprit confessed to his solicitors and to the police

PENALTY The culprit admitted stealing a specimen chargeof stealing #20 from the bank and was sentencedto six months jail suspended for two years.

COMMENT A number of fraud cases involving cash dispensershave come to light from various parts of theworld. In the US and Australia, thieves have been known to adopt a brute force approach todrag free standing cash dispensers out of super-markets with a heavy vehicle and to escape withthe machine.

In New Zealand a 14 year old boy used a

cardboard lollipop packet to make a huge butfictitious deposit of #340,000 in the countrysbiggest building society`s cash dispenser in Auckland. During the next three weeks he withdrew #700 before he got nervous and toldhis teachers.

In the UK a report published by the NationalConsumer Council has highlighted a number of incidents in which bank customers have lostmoney either through using their cash dispenserseither because or bank error or because ofunexplained "phantom" withdrawals.

Some of the cases arose through mechanical problems with the computer terminal where thecustomer received less money than was asked for,although the full total appearted on the till^ receipt and the subsequent statement.

The banks believe that in some cases phantomtransactions were made through another person,probably a relative or a close friend, withknowledge of the customer`s PIN, who "borrowed"the card without the customer`s knowledge.

Some phantom transactions were made innocently,For example through human error, a bank issuedthe same card number for more than one customter.There has also been one case where a customersmail has been intercepted and his card and PINstolen.

????????????????????????????????????????????????????????????????????????????????????????> ReMeMbEr WhErE YoU sAw ThIs pHile fIrSt <??????????????????????????> ArReStEd DeVeLoPmEnT +31.77.547477 H/p/A/v/AV/? <????????????????????????????????????????????????????????????????????????????????????

+-------------------------------+| |

| A. T. M. Fraud Made Easy || || summary and research by || Count Zero || || (A CHiNA Info-Net Prod) || |+-------------------------------+

Have you ever looked longingly upon the sight of your local PULSE machineand thought, "There must be some way that I can make some money REAL easyhere."?

Well, there is. But it won't be easy. Protection methods can be overcome,but the technology involved must be understood IN ITS ENTIRETY before an[PAUSE] attempt at illegal access is to be made. There are hundreds of people,guests of the state, that figured their plans infallible, only to fallvictim to a well-hidden camera.

This article will not be a lesson on HOW to break into the machine, it ismerely a summary of the operations involved with a normal ATM transaction.This information is being presented on a "for information's sake"-onlybasis. I, Count Zero, do not promote nor remotely condone any illegalacts of any sort. So there.

I. MAGNETIC STRIP FORMAT

This would seem to be the most efficient method of trying to access illegalsums of cash. You could:

a. steal somebody's card and PIN codeb. synthesize a cardc. attempt to "jackpot" the system

We will only look at option B. As "A" is up to your own devices and "C" hasseveral good text files written about it already. So "B" it is.

[PAUSE] Let's look at the format of the data written to the magnetic strips. Thishas been taken from a recent HARTWELL, INC manual.

[ XX XX XX XX XX XX XX XX ] [ YYYY ] [ - 20 CHARS - ] [ ZZ ZZ ZZ ] [ CC CC ]

\-----------------------/ \------/ \--------------/ \----------/ \-------/Your individual acct. PIN Name of card Bank route CHKSUMnumber/serial code Code issuee code/rem.access #

For validation, each entry is written twice but not written here forease of typing. But it is repeated in the form of:"ACCT NUM" "ACCT NUM" "PIN CODE" "PIN CODE" etc...

These codes may be examined by building a simple code-reader as manyhave done which can be easily interfaced to your IBM-PC. Full plansto be put into a future CHiNA newsletter.

If you were to attempt to write a magnetic strip or change a currentlyexisting one, you would need to be using a head-write circuit based onthe popular Motorola BCX119221-A...C series of head control chips.

NOTE: Make sure to change the last 2 values! They constitute thechecksum of the entry.Merely add all existing characters written (only the first entry, not both[PAUSE] of them) using the following chart:

CHARACTER VALUE--------------------------------0..9 0..9A..Z 10..36EOL 37EOT 38CLR 39HMX 40PTT 41RIA-1 42RIA-2 43

I doubt anyone in the communications biz needs an explanation of these termsso I'll move on.

II. ATM HARDWARE

Usually consists of:

------------------------------------

| |[PAUSE] \-----\ | B || A | | |\-----\ ------------------------------------| || ----------- /---/ E || / / / / ---- || / C / / D / F || / / / / ---- || ------------ /---/ || |------------------------------------

A. Camera MountB. Hidden Voice-Activated recorder & printout linkC. Display MonitorD. Options buttonsE. Card SlotF. Receipt Slot

Your machine may vary slightly. But the concept will almost always hold true.Simple rules for each.

A. Wear a paper bag or mask. See also Part II A[PAUSE] B. Do NOT speak. This is the most crucial part! See also Part II AC. NothingD. Wear glovesE. See Part IF. TAKE YOUR RECEIPT AND BURN IT!!

One of the neat flaws in many machines made prior to 1989 involved theuse of the "CANCEL" button. This button was made to be pressed when theuser decided, at any time during the transaction, that he didn't wishto continue. The display would jump immediately to:

"TRANSACTION CANCELLED - CHOOSE ANOTHER?"

This was all well and good, but the machines did not disable this featurebetween the time your cash was dispensed and you were prompted for yournext activity. In effect, you could push the "CANCEL" button after yourmoney has been withdrawn and it would not be added to your account record!

THIS STILL WORKS IN MANY PLACES! OVER 85% OF ALL MACHINES MADE BEFORE MAR. 1989STILL HAVE NOT BEEN UPGRADED.

Although most machines of that period would only work if you were withdrawingamounts larger than $20 (usually $25 is the next possible choice!)[PAUSE] This is ideal if you are using another's card!

II A. CAMERA/SOUND HARDWARE

You can go other routes when dealing with camera systems. You do not haveto wear a bag on your head (unless the cosmetic improvement is quite large)Thin alloy metal such as common aluminum/tin foil, which are full of impurities,react in a bizarre way when photographed through the special lenses that arecommonly used. The effect is to "blur" or "bleed" the image, rendering itindestinguishable from an accident in your local Sherwin-Williams store.Most people prefer to make a "headband" of this metal, lined with copperwire in a sine wave pattern when accosting a machine. You shouldseriously consider this possibility!For further reading on this subject, consult:

BANKER'S WORLD - Apr 1989"Where Have All the Dollars Gone?"pp 24-29

P. I. - Apr 1989"The Last Straw"pp 37-41 (p 38 in particular has a nice[PAUSE] diagram. Fig 1)

Sounds, these articles also suggest an indirect method of dealing with thevoice-activated recording device. Oddly, a pure square wave tone (roughlyaround 3100 hz) will cause a major screwup in the sound-sensing abilitiesof the recorder. It usually will have to be replaced. Suggested volume,given at 6" range is 8.5+ db. Obviously, anything louder will do.

An interesting side-note is that this has become a past-time of suburbanteenagers!

Well, hope this gets you started! More will be coming in the nextexciting file!

---------------------------> OVER AND OUT! -----------> COUNT ZERO

HAHAHAHA NAPPA IS A BUNCH OF FLY-BY-NIGHT LOSERS, EH CONFLICT?!

Call us on:

HYPERCARD BBS (406) 538-21011200/2400 BAUD(CHiNA Node #3) SYSOP: GEORGE VON JUNGLE[PAUSE]

FAWLTY TOWERS (202) 781-64202400 BAUD ONLY(CHiNA Node #9) SYSOP: BASIL FAWLTY

A big hello to:Rubix the Cube, The Conflict, Monalisa Overdrive

/e

+- Shamelessly Leeched from The Mudd Club -+Press a key...

CHiNA Discussion [5]: 2 of 2

[Message Bases [5-2/

Which G-file (Q=Quit) ?

+-------------------------------+| || A. T. M. Fraud Made Easy || || summary and research by || Count Zero || || (A CHiNA Info-Net Prod) || |+-------------------------------+

Have you ever looked longingly upon the sight of your local PULSE machineand thought, "There must be some way that I can make some money REAL easyhere."?

Well, there is. But it won't be easy. Protection methods can be overcome,but the technology involved must be understood IN ITS ENTIRETY before an[PAUSE] attempt at illegal access is to be made. There are hundreds of people,guests of the state, that figured their plans infallible, only to fallvictim to a well-hidden camera.

This article will not be a lesson on HOW to break into the machine, it ismerely a summary of the operations involved with a normal ATM transaction.This information is being presented on a "for information's sake"-onlybasis. I, Count Zero, do not promote nor remotely condone any illegalacts of any sort. So there.

I. MAGNETIC STRIP FORMAT

This would seem to be the most efficient method of trying to access illegalsums of cash. You could:

a. steal somebody's card and PIN codeb. synthesize a cardc. attempt to "jackpot" the system

We will only look at option B. As "A" is up to your own devices and "C" hasseveral good text files written about it already. So "B" it is.

[PAUSE] Let's look at the format of the data written to the magnetic strips. Thishas been taken from a recent HARTWELL, INC manual.

[ XX XX XX XX XX XX XX XX ] [ YYYY ] [ - 20 CHARS - ] [ ZZ ZZ ZZ ] [ CC CC ]\-----------------------/ \------/ \--------------/ \----------/ \-------/Your individual acct. PIN Name of card Bank route CHKSUMnumber/serial code Code issuee code/rem.

-gwy 03133-ITT: call reset (c 0,d 85): dte originated,Q) :

N I Z A T I O N P R E S E N T S

XXXXXXXXXXXXXXXXXXXXXXXXXX XXXX XXXX XXXX XX

XXX XX XXXXXX XX XXXXXXX XXXXXXXX XXXXXXX XX XXXXXX XX XXXXX XXXX XXXX XXXX XXXXXXXXXXXXXXXXXXXXXXXXXX

"HOW TO LOGIN TO A C.B.I. SYSTEM"

WRITTEN BY: L.E. PIRATE

THANKS TO: ZANGIN

The following is the login procedure to login to a C.B.I. system,a few C.B.I. login port numbers, information on the system, and obtain C.B.I.accounts.

*** HOW TO GET CBI INFORMATION ***

Ok, you can get CBI accounts and CBI printouts at your local mall.The best places to check are: Insurance Places, Lawyers, Doctors, and CarDealerships, and check some places in the mall that might have to check a person's credit. Trash in their dumpster looking for printouts. Most placesbuffer capture their whole call to CBI including the number, everything onbuffer, it's better than christmas. Ok, so look obtain these CBI printoutsand cruise home to the old computer.

*** WHAT YOU NEED ***

The next step should be, obtain a drivers license or some other form

 +-------------------------------+| || A. T. M. Fraud Made Easy || || summary and research by || Count Zero || || (A CHiNA Info-Net Prod) || |+-------------------------------+

Have you ever looked longingly upon the sight of your local PULSE machineand thought, "There must be some way that I can make some money REAL easyhere."?

Well, there is. But it won't be easy. Protection methods can be overcome,but the technology involved must be understood IN ITS ENTIRETY before anattempt at illegal access is to be made. There are hundreds of people,guests of the state, that figured their plans infallible, only to fallvictim to a well-hidden camera.

This article will not be a lesson on HOW to break into the machine, it ismerely a summary of the operations involved with a normal ATM transaction.This information is being presented on a "for information's sake"-onlybasis. I, Count Zero, do not promote nor remotely condone any illegalacts of any sort. So there.

I. MAGNETIC STRIP FORMAT

This would seem to be the most efficient method of trying to access illegalsums of cash. You could:

a. steal somebody's card and PIN codeb. synthesize a cardc. attempt to "jackpot" the system

We will only look at option B. As "A" is up to your own devices and "C" hasseveral good text files written about it already. So "B" it is.

Let's look at the format of the data written to the magnetic strips. Thishas been taken from a recent HARTWELL, INC manual.

[ XX XX XX XX XX XX XX XX ] [ YYYY ] [ - 20 CHARS - ] [ ZZ ZZ ZZ ] [ CC CC ]\-----------------------/ \------/ \--------------/ \----------/ \-------/Your individual acct. PIN Name of card Bank route CHKSUMnumber/serial code Code issuee code/rem.access #

For validation, each entry is written twice but not written here forease of typing. But it is repeated in the form of:"ACCT NUM" "ACCT NUM" "PIN CODE" "PIN CODE" etc...

These codes may be examined by building a simple code-reader as manyhave done which can be easily interfaced to your IBM-PC. Full plansto be put into a future CHiNA newsletter.

If you were to attempt to write a magnetic strip or change a currentlyexisting one, you would need to be using a head-write circuit based onthe popular Motorola BCX119221-A...C series of head control chips.

NOTE: Make sure to change the last 2 values! They constitute thechecksum of the entry.Merely add all existing characters written (only the first entry, not bothof them) using the following chart:

CHARACTER VALUE--------------------------------0..9 0..9A..Z 10..36EOL 37EOT 38CLR 39HMX 40PTT 41RIA-1 42RIA-2 43

I doubt anyone in the communications biz needs an explanation of these termsso I'll move on.

II. ATM HARDWARE

Usually consists of:

------------------------------------| |\-----\ | B || A | | |\-----\ ------------------------------------| || ----------- /---/ E || / / / / ---- || / C / / D / F || / / / / ---- || ------------ /---/ || |------------------------------------

A. Camera MountB. Hidden Voice-Activated recorder & printout linkC. Display MonitorD. Options buttonsE. Card SlotF. Receipt Slot

Your machine may vary slightly. But the concept will almost always hold true.Simple rules for each.

A. Wear a paper bag or mask. See also Part II AB. Do NOT speak. This is the most crucial part! See also Part II AC. NothingD. Wear glovesE. See Part IF. TAKE YOUR RECEIPT AND BURN IT!!

One of the neat flaws in many machines made prior to 1989 involved theuse of the "CANCEL" button. This button was made to be pressed when theuser decided, at any time during the transaction, that he didn't wishto continue. The display would jump immediately to:

"TRANSACTION CANCELLED - CHOOSE ANOTHER?"

This was all well and good, but the machines did not disable this featurebetween the time your cash was dispensed and you were prompted for yournext activity. In effect, you could push the "CANCEL" button after yourmoney has been withdrawn and it would not be added to your account record!

THIS STILL WORKS IN MANY PLACES! OVER 85% OF ALL MACHINES MADE BEFORE MAR. 1989STILL HAVE NOT BEEN UPGRADED.

Although most machines of that period would only work if you were withdrawingamounts larger than $20 (usually $25 is the next possible choice!)This is ideal if you are using another's card!

II A. CAMERA/SOUND HARDWARE

You can go other routes when dealing with camera systems. You do not haveto wear a bag on your head (unless the cosmetic improvement is quite large)Thin alloy metal such as common aluminum/tin foil, which are full of impurities,

react in a bizarre way when photographed through the special lenses that arecommonly used. The effect is to "blur" or "bleed" the image, rendering itindestinguishable from an accident in your local Sherwin-Williams store.Most people prefer to make a "headband" of this metal, lined with copperwire in a sine wave pattern when accosting a machine. You shouldseriously consider this possibility!For further reading on this subject, consult:

BANKER'S WORLD - Apr 1989"Where Have All the Dollars Gone?"pp 24-29

P. I. - Apr 1989"The Last Straw"pp 37-41 (p 38 in particular has a nicediagram. Fig 1)

Sounds, these articles also suggest an indirect method of dealing with thevoice-activated recording device. Oddly, a pure square wave tone (roughlyaround 3100 hz) will cause a major screwup in the sound-sensing abilitiesof the recorder. It usually will have to be replaced. Suggested volume,given at 6" range is 8.5+ db. Obviously, anything louder will do.

An interesting side-note is that this has become a past-time of suburbanteenagers!

Well, hope this gets you started! More will be coming in the nextexciting file!

---------------------------> OVER AND OUT! -----------> COUNT ZERO

HAHAHAHA NAPPA IS A BUNCH OF FLY-BY-NIGHT LOSERS, EH CONFLICT?!

Call us on:

HYPERCARD BBS (406) 538-21011200/2400 BAUD(CHiNA Node #3) SYSOP: GEORGE VON JUNGLE

FAWLTY TOWERS (202) 781-64202400 BAUD ONLY(CHiNA Node #9) SYSOP: BASIL FAWLTY

A big hello to:Rubix the Cube, The Conflict, Monalisa Overdrive

----------------------------------------------------------------------------

R.O.L.M. Sorcerer XII PBX Remote System Control CHiNA

By... The Conflict

INTRO : I know right off you people are thinking, "How in the Helldo I know if I am calling a R.O.L.M. Sorcerer XII PBX?".Well, that will be covered here, along with all systemcommands available on that PBX.**Of course, this file ismeant for educational purposes only. We at CHiNA herebywaive any legal reprimand due to misuse of the informationcontained in this file (so there!).**

HOW : A R.O.L.M. Sorcerer XII PBX has a unique answer; thus, itIT is quite distinguishable from most other PBX's. I will listSOUNDS some PBX's with similar answer devices at the end of thissection. The Sorcerer XII's answer consists of: A.) Noring, B.) A short diverting tone of 2600 Hz, and C.) Astandard, no interrupt AT&T 4.2c dial tone. Unfortunately,there are four known PBX's that have a similar answer device,but not exact. These four are as follows: A.) R.O.L.M.Sorcerer III, B.) SouthWestern Bell WizSys I, C.) NorthernTelecom SL-Net V, and D.) Siemans WebLink v.Ia. The slightdifferences between these systems answer devices are thedial tones. The dial differ either in tone, volume, orinterrupt/no interrupt. With practice, you will find theSorcerer XII easy to distinguish.

WHAT : Now, most often Sorcerer XII requires a four digit code, butTO DO this can be altered at the source, so it is not entirelyconsistent. To be able to utilize the Remote System Control(RSC from here out) commands, you must obtain the SystemCommand Code. The System Command Code consists of theoriginal number of digits plus a two digit authorizationcheck. Thus, if we were dealing with a four digit SorcererXII system, we would find the four digit System Command Codefollowed by two more digits. *How do you know if you have the

first set of the SCC?* A four tone confirmation, similar tothe one given by ASPEN VMNetworks, is given when you have thefirst digit set of the SCC; then, you must discover the twodigit confirmation code. The confirmation code is updatedevery week. Finding the SCC is not going to be easy, as youcan not utilize a cutesy code hacker on your computer.Essentially, the process will take dedicated hand hacking,and scanning for that matter.

SYSTEM: Since this is a PBX, there are no voice instructions; thus,COMMAND you must know what the hell you're doing! After you haveLEVEL obtained the correct confirmation code, two short beeps aretransmitted. This is your cue; you're in! The commands aretwo digits followed by the asterisk (*) key. Since there aremany commands, I will list only those which are essential toyour life and needs. You can experiment with the other ones.

07* - input 1, 2, or 3; alters error transmission. 1 is fakecarrier, 2 is fast-busy, 3 is sweep-siren.

19* - allows removal of codes from the programed code array.You must enter the code to be removed, followed by thepound key (#).

20* - allows insertion of codes. You must input the code,followed by the pound key (#). Be careful, as aprecise log of all code insertions is kept.

43* - enables calls to toll numbers, such as 0700, 1900, and976.

44* - disables calls to toll numbers. Be sure to disablethe function immediately after you are done with it.If it is left on, the administrator knows what's goingon and will investigate.

73* - enables making log of all calls placed through SorcererXII lines.

74* - disables making log of all calls placed throughSorcerer XII lines. Once again, disable 73 if you useit, as it is obvious to the administrator what's going

on.

99* - disconnect from the system command level. Make sureto do this before hanging up, as it will hang the PBX,and things will definantly be switched around.

Have fun, be careful, and take it easy. All the information includedshould be enough to provide hours of safe enjoyment. If you have anyquestions for CHiNA concerning anything, give us a call at one of thebelow-listed CHiNA Nodes. Spread this around!!!

Tinsel Town Rebellion 12/24/96713-451-9548The Forbidden Passage 12/24713-774-0449Optical Illusions 12/24713-578-0722The Ultimate Revolution 12713-492-0438

Later,The Conflict<CHiNA>

Thanks go out to Maxwell Smart for acquiring a partial R.O.L.M.manual; Count Zero for being a swell guy; The Viper for giving us a'home'; Monalisa Overdrive for anti-procrastination support; and lastbut not least, NAP/PA for instilling in us a realization that we donot want to do nothing!

------------------------------------------------------------------------------

-- InfoFile on Operation Wolf -- CHiNA

As most of you have now heard this wonderful long awaited game suddenlywas released, but not by Taito, FiRM, PTL or MCM, but by a guy named GeneralZaroff.

If you downloaded this 'game' somewhere then you probably noticed that itsaid it was cracked by PTL. How can PTL crack a game when it hasn't evenbeen released out on the market, according to The Viper he called Taito andthey told him that it wouldn't be released until the third week of July.

Therefore this guy obviously did this to frame PTL (against FiRM)

General Zarhoff (also known as The Gipper) did this Sunday I do believe and wasstupid enough to put it up on his own board (where several people downloadedit) and then proceded to upload it to The House of Phreaks and you know how itgoes it was easily distibuted around.

This guy can be found around a few boards but you can pay him a personalvisit on the board he runs Crystal Chasm (408) 997-9107 CASJO. I didn'tthink it would be neccesary to post his Voice #, Address and Real Name.

o What the file does o

When you first run the program it will tell you that it is PTL. Nextit will ask you for your graphics mode and sound ability. After that itwill clear the screen, delete Config.Sys Command.Com Autoexec.BatIBMBIO.Com IBMCOM.Com and then it will lock up.

The files are Wolf.001 Wolf.Exe Runme.Bat Title.Ptl The rest ofthe files on disk one are useless garbage and on Disk 2 the entire diskis all docs.

I hope this file helped to prevent the use of this program and make sure youkeep a look out for this guy because he is obviously wanted by PTL and FiRM.

Created by : Maxwell SmartThanks to : The Viper and Master Ryu

(another CHiNA original)

-----------------------------------------------------------------------------

---- Exterior Terminal Telephones ----- CHiNAby... The Conflict....

Salutations and welcome to CHiNA InfoFile #5. What areExterior Terminal Telephones? After reading this file, you shouldunderstand what an ETT is and how to manipulate it to your liking.We at CHiNA are supplying this information to educate the user.We do not condone implementing this information for illegal use.We at CHiNA hereby waive any legal reprimands which may be

directed at us, and the USA protects us with its First Amendmentpriveleges (SO THERE!).

Exterior Terminal Telephones are the extension phones locatedat various locations. Some commonplace locales include securedapartment buildings, small office buildings, or buildings withafter business hours time locks. An ETT is a branch off of thebuilding PBX. Most often, you dial in a four digit number, andthe phone processes that and dials the seven digit pre-suff foryour extension...the dial mode is commonly pulse. Remote tonecontrols often control security locks. Logically, if you seizethe dial tone before any call goes through, you can call outusing the PBX. This can be easily accomplished using a portabledual-tone multi-frequency generator. Either you can pre-recordthe destination numbers on a portable cassette, or you cancontruct a portable DTMF generator.

----------------------------------------------------------------------------

Cellular Phone File - #1written, created and testedby Count Zero{CHiNA}

This simple (?) mod has been tested on the:

UNIDEN CS-1000/1200 Series CellularMPPS Red 12/13 (Pretty much same as above model)

and has proven effective for over four months running. However, (yes, herecomes the big disclaimer...)

----------------------------------------------------------------------------D I S C L A I M E R

CHiNA and its members claim no responsibility for irresponsibleuse of the information and designs contained herein. This file is beingpresented on a "for knowledge's sake" basis to the members of the modemmingcommunity at large. Any use of this file except for educational andoperational efficiency purposes is hereby forbidden.

So there!

The Conflict * Maxwell Smart * Count Zero * Monalisa Overdrive * The Viper& Rubiks the Cube----------------------------------------------------------------------------

What this mod does is prevent a correct unit identification code (called UICfrom here on) from being transmitted. The messages sent to and from thelocal transmittal stations should be surpisingly familiar to any one of ourreaders.

But here's the mod and a bit of theory that I used to discover it.

(1) Your individual UID is "burned into" a simple 8x8 EPROM that maybe erased and "re-written" to accomodate a new code. This may bedifficult, and in fact IS difficult because you will have a lot oftrouble finding where it begins and ends.

(2) The contact sequence when you first power up the unit (which usuallygoes on while the handset's "NO SERVC" or "SVC UNAVAIL" is lit) goeslike this:

YOU A0 A0 A0 A0 A0 A0 A0 A0IT ACK or NAK (up to a max of 4 times)YOU 12 3A + UIDIT 12 3A + UIDYOU ACK or NAKIT 00 00 00 or FF FF FF(Available / Not Available)

The best route to handle this is to FORCE your system to ACK when askedif a false code is its code.

The following should outline the procedure:

You will need:

* A Temperature-Controlled Soldering Iron* Rosin-Core Solder* Solder wick (for you slobs)* Pair of Diag-Cutters (or wire-cutters)* About 15 minutes of time.

Step 1 - Unplug the unit and allow to sit for at least a half hour to allowall capacitors to become completely discharged. Also, as aprecaution, "discharge" yourself on a common ground (no woollysocks, ok?) Remove cover from "handset" portion (yes, the one withthe keypad)

Step 2 - Locate the indicated EPROM should have a serial number that beginswith an "IA" prefix and will be noted on the circuit board as"IC4" or "IC5". Given this knowledge and the following picture:

+5v -!-------!- GND-! IA... !- RST-! !-+1.5v -! !-IC4 D1 -! !- D5D2 -! !- D6D3 -! !- D7D4 -!-------!- D8

...you should be able to find it.

Step 3 - Cut the D1 pin and pull completely back from the motherboard ata 90 deg angle. This will not interfere with your system messagesbut will disable any "odd number" from being sent! Thus your codealone will come out false.

Step 4 - Locate the following components:

R14 - Resistor #14 1.5 ohmCut and jumper with solder and small gauge wire

R15 - Resistor #15 3.5 ohmCut and replace with 1.5 ohm from previous step

C22 - Capacitor #22Cut and leave out!

Now make sure you have no "cold" joints and all soldered points are secure!If you are going to screw up at any point in the procedure, this will be it.

Make sure to double-check your work! I don't want anyone weeping to me

because their handset if now fused to their right ear!

Step 5 - (explanation of Step 4)This step "forces" the system to send an ACK (by routing the NAKtrigger through ACK output) and thus verifying the bogus code.

Step 6 - Reassemble handset.

Just a hint, do NOT go overboard on your calls as these calls are not free,they are just being billed to another person's code (if it is a legit code)

Again, re-read the disclaimer.

Step 7 - Operate the unit normally.

TROUBLESHOOTING:

Problem Solution

* NO POWER Be sure all power leads were reconnectedcorrectly when you put the handset backtogether.

* STILL GETTING CHARGED FOR Cut the correct pin from the IC!CALLS If still getting charged, cut D2 The House of Phreaks and you know goes it was easily disuted around.

This guy can be found around a few boards but you can pay him a personalvisit on the board he runs Crystal Chasm (408) 997-9107 CASJO. I didn'tthink it would be neccesary to post his Voice #, Address and Real Name.

o What the file does o

When you first run the program it will tell you that it is PTL. Nextit will ask you for your graphics mode and sound ability. After that itwill clear the screen, delete Config.Sys Command.Com Autoexec.BatIBMBIO.Com IBMCOM.Com and then it will lock up.

The files are Wolf.001 Wolf.Exe Runme.Bat Title.Ptl The rest ofthe files

+----------------------------------++ ++ --> HACKING ATM'S <-- ++ ++ Written By: ++ ++ =-=-=-=-=-=-=-=-=-=-=-=-=-= ++ = B L U E T H U N D E R = ++ =-=-=-=-=-=-=-=-=-=-=-=-=-= ++ ++ ++ ++----------------------------------+Welcome everybody to my first article dealing with the manipulation of theBank's Automated Teller Machines for the gain of money..In this article I will show you many ways to 'beat' the system. Some methodsof hacking into ATM's are very easy and others are a bit more difficult.I suggest you pick the method that mostly suits you.Okay Lets get straight into it....1.0 Different types of Automatic Tellers============================================There are 3 major types of Automatic teller machines.IBM===The first of these (and the most popular) is the IBM model. This is easilydistinguised from the others by the IBM logo in the top right hand corner ofthe front of the machine.This unit features a touch sensitive keypad and a 1 line display with a visorthat moves up and down. (The newer models have a 5 line display)..NCR===The second unit is the NCR unit, which is MUCH smaller than than the IBM frontpanel. This unit has a small VDU as well as a touch sensitive keypad. The onlybanks that seem to be using this unit in Australia is the 'STATE BANK' ofVictoria, so you will not see many of them around.PHILIPS=======The third and final unit is made by Philips as is only used by the creditunions or Building Societys. This is usually known as 'CASHCARD'. These unitsfeature a push-button keyboard and a VDU (like the NCR).All these above units provide the same functions...

1.1 Information on the Plastic Cards======================================The Plastic Cards that you put into these cash carrying monsters have a Numberthat is printed on the front of the card (which is also the same number, thatis stored on the MAGNETIC STRIP on the back of the card.)What do these numbers mean????? Well here is some information on them...The Numbers are split up into 2 groups, the first group ALWAYS containsSIX numbers while the second group contains anywhere between 6 to 13 numbers.EG) 560192 3012565214782\ /\ /| |__ This 3 digit number identifies the Bank. ||__ This is the Australian ID code and ALL banks have this.Some ID's for banks===================192 - Westpac Banking Corporation251 - National Australia Bank220 - Commenwealth BankThe Second part of the number seems to be a jumble of digits for 6 to 13, whichonly seem to make sense to the banks computer.The banks computer simply looks the second number up in a Table and finds outyour assigned PIN number (A password for your card consisting of 4 digits), and any other information. eg) Your savings account no. Cheque a/c etc.Since the four Digit PIN (Personal Identification Numbers) range from 0000 to9999, then more than one person has the same PIN number for his card. (Banks dohave more that 10,000 customers !!)Okay now that we have some simple background information we can learn how to'defeat' the system..1.2 The "CABLE CUTTER METHOD"===============================For this method you will require the Follwing:(1) - Guts(2) - Good Pair of SIDCHROME cutters(3) - Fake ID (library cards, Concession Cards etc.)Okay the First Step is to open up a bank savings account at one of the banksthat gives you access to the ATM..The Major banks have the following Packages:Westpac - Advantage SaverNational - Flexi CardC'wealth - Key Card

I suggest you go for National Bank as their limit is $500 per day, whereWestpac has a $200 Max Limit per day..Give them an address where you can check the mail everyday (so you can receiveyour card and PIN number)...An old house etc. will do very well.Make sure you open the account at a 'small' suburb branch, that has computerequipment installed.Once you have finally received your brand new savings account with fake nameand addreYour account record is kept at your branches computer. So what the maincomputer does is get in touch with the branches (on the network) and ask itinformation on your account. (Balance etc.).Ok so what do we do with the cutters??? Well go to your banks branch (at about10.00 - 11.00 pm), Find the Concrete Telecom cover near the bank and lift itoff using the handle of the Cutters. Ok, See if there are cables leading from the main tube into a smaller tube thatleads underground into the bank...Well take your cutters and snip them..Ok wellcongratulations you have just cut the phone cables for all their phones andtheir branch computer system..If you wanna be a bit more sure that you cut the cable to the computer, Snipevery cable in sight of the bank. (Use insulated cutters and don't be afraid ofthe sparks and mini fire works.)Ok the banks compuer should be disabled now, so go to the nearest ATM you canfind and pop your card in and try to do a ' ACCOUNT BALANCE '. You should get aNOT AVAILABLE - try again Later ERROR..If you do then start jumping up anddown cause you have done it!!You see the main computer is programmed to give you whatever money you ask forwhen the lines are down, so they will not inconvenience the customers. So punchin the max. LIMIT any time before 12 midnight and then take out another batchafter 12.00 midnight (or whatever other time you can)..When they Fix the Lines, the main computer will update the balance in thebranches computer... (he he). Your account will have a Debit Balance and thebank manager will come after you..But he won't find you will he!!The major banks that to use this new system are: Westpac and National.I have tried it with both banks and it works great. Although I prefer NationalBank since you can make $1,000 in a few minutes.1.3 The "Snatch and Grab Method"=================================STAY TUNED FOR THE REST!!

AtM HACK

+----------------------------------++ ++ --> HACKING ATM'S <-- ++ ++ Written By: ++ ++ =-=-=-=-=-=-=-=-=-=-=-=-=-= ++ = B L U E T H U N D E R = ++ =-=-=-=-=-=-=-=-=-=-=-=-=-= ++ ++ ++ ++----------------------------------+Welcome everybody to my first article dealing with the manipulation of theBank's Automated Teller Machines for the gain of money..In this article I will show you many ways to 'beat' the system. Some methodsof hacking into ATM's are very easy and others are a bit more difficult.I suggest you pick the method that mostly suits you.Okay Lets get straight into it....1.0 Different types of Automatic Tellers============================================There are 3 major types of Automatic teller machines.IBM===The first of these (and the most popular) is the IBM model. This is easilydistinguised from the others by the IBM logo in the top right hand corner ofthe front of the machine.This unit features a touch sensitive keypad and a 1 line display with a visorthat moves up and down. (The newer models have a 5 line display)..NCR===The second unit is the NCR unit, which is MUCH smaller than than the IBM frontpanel. This unit has a small VDU as well as a touch sensitive keypad. The onlybanks that seem to be using this unit in Australia is the 'STATE BANK' ofVictoria, so you will not see many of them around.PHILIPS=======The third and final unit is made by Philips as is only used by the creditunions or Building Societys. This is usually known as 'CASHCARD'. These unitsfeature a push-button keyboard and a VDU (like the NCR).All these above units provide the same functions...

1.1 Information on the Plastic Cards======================================The Plastic Cards that you put into these cash carrying monsters have a Numberthat is printed on the front of the card (which is also the same number, thatis stored on the MAGNETIC STRIP on the back of the card.)What do these numbers mean????? Well here is some information on them...The Numbers are split up into 2 groups, the first group ALWAYS containsSIX numbers while the second group contains anywhere between 6 to 13 numbers.EG) 560192 3012565214782\ /\ /| |__ This 3 digit number identifies the Bank. ||__ This is the Australian ID code and ALL banks have this.Some ID's for banks===================192 - Westpac Banking Corporation251 - National Australia Bank220 - Commenwealth BankThe Second part of the number seems to be a jumble of digits for 6 to 13, whichonly seem to make sense to the banks computer.The banks computer simply looks the second number up in a Table and finds outyour assigned PIN number (A password for your card consisting of 4 digits), and any other information. eg) Your savings account no. Cheque a/c etc.Since the four Digit PIN (Personal Identification Numbers) range from 0000 to9999, then more than one person has the same PIN number for his card. (Banks dohave more that 10,000 customers !!)Okay now that we have some simple background information we can learn how to'defeat' the system..1.2 The "CABLE CUTTER METHOD"===============================For this method you will require the Follwing:(1) - Guts(2) - Good Pair of SIDCHROME cutters(3) - Fake ID (library cards, Concession Cards etc.)Okay the First Step is to open up a bank savings account at one of the banksthat gives you access to the ATM..The Major banks have the following Packages:Westpac - Advantage SaverNational - Flexi CardC'wealth - Key Card

I suggest you go for National Bank as their limit is $500 per day, whereWestpac has a $200 Max Limit per day..Give them an address where you can check the mail everyday (so you can receiveyour card and PIN number)...An old house etc. will do very well.Make sure you open the account at a 'small' suburb branch, that has computerequipment installed.Once you have finally received your brand new savings account with fake nameand addreYour account record is kept at your branches computer. So what the maincomputer does is get in touch with the branches (on the network) and ask itinformation on your account. (Balance etc.).Ok so what do we do with the cutters??? Well go to your banks branch (at about10.00 - 11.00 pm), Find the Concrete Telecom cover near the bank and lift itoff using the handle of the Cutters. Ok, See if there are cables leading from the main tube into a smaller tube thatleads underground into the bank...Well take your cutters and snip them..Ok wellcongratulations you have just cut the phone cables for all their phones andtheir branch computer system..If you wanna be a bit more sure that you cut the cable to the computer, Snipevery cable in sight of the bank. (Use insulated cutters and don't be afraid ofthe sparks and mini fire works.)Ok the banks compuer should be disabled now, so go to the nearest ATM you canfind and pop your card in and try to do a ' ACCOUNT BALANCE '. You should get aNOT AVAILABLE - try again Later ERROR..If you do then start jumping up anddown cause you have done it!!You see the main computer is programmed to give you whatever money you ask forwhen the lines are down, so they will not inconvenience the customers. So punchin the max. LIMIT any time before 12 midnight and then take out another batchafter 12.00 midnight (or whatever other time you can)..When they Fix the Lines, the main computer will update the balance in thebranches computer... (he he). Your account will have a Debit Balance and thebank manager will come after you..But he won't find you will he!!The major banks that to use this new system are: Westpac and National.I have tried it with both banks and it works great. Although I prefer NationalBank since you can make $1,000 in a few minutes.1.3 The "Snatch and Grab Method"=================================STAY TUNED FOR THE REST!!

^\ /^\ /^\ /^\ /^\ //^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\/^\ /^\

/^\ Real Credit Card Fraud /^\/^\ /^\/^\ by /^\/^\ /^\/^\ Emergency Interrupt /^\/^\ h /^\/^\ Advanced Telecommunications Inc. /^\/^\ /^\/^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\ /^\

I have seen files on Credit Card Fraud using carbons to get shit thoughmail order. Well I have a solution for those of you who can't get anything thisway. Maybe you sound to young, maybe UPS doesn't drop shit in bushes or back porches anymore, well I have a way around this. Buy remember Credit Card Fraud is a Federal offense! Probably because they never catch you doing it, just like stealing mail is a federal offense but who gets caught doing that! Alsowhen I refer to sting I mean steal. Because stealing is against the law, but stinging isn't. Har har har, maybe it's not funny but it just stuck after a while.

Step 1: Location-=-=-=-

Find a secluded place where men/women leave their wallets and purses in there cars. It is best if you live near a beach where there are tons of cars and they will not be near there cars for hours. I have found that resturants are these such places also. Since I live near the beach this is my best location. I have never been to the mountains or anything like this, but a place like Ski Mountain or someting could also be veby effective. I think places like Disney World, Circus World, Sea World, Wild Waters and shit like that would be good!

Step 2: Looking for the purse-=-=-=-

Once you have found a good spot with tons of cars walk around and look inside cars for shit like purses under seats or under towels or anything likethat hidden somewhere. Try not to look to obvious because some people will call the police. While looking for purses try to social engineer a way so it doesn't look obvious, I have tried acting like I have to piss every five seconds or something like "Is that Freeda's car, humm I can't tell, let's look

inside." This ban be effective too.

Step 3: How to get the Hell out of there once you have the purse-=-=-=-

Now that you have found a car with a purse you have to think of what 9o|are going to do and after you get it how the hell are you gonna get out of there.

A] Getaway Car - A fast one, the cars I use are my friend I go stinging with. I would suggest something that is not to flashy.

B] Run like hell - this works best anytime, especially when your doing it on your own.

Step 4: Getting into the Car-=-=-=-

Since you know how you are gonna get away you need a good way to get into the car. Sometimes it is best to check all cars with purses for unlocked doorsbut if all of the cars are locked then I suggest choosing the car that looksthe nicest or is the most expensive (ie-Mercedes,Porche, and shit like that!!)I have three methods of breaking into cars:

A] Slim Jim - workr best when you have time to get in, but if you are in a hurry I suggest another way.

B] Screwdriver - this sucker works good, just put it between the top of the gindow and pry the window out till it shatters.

C] BB Gun - in case you don't feel like having a piece of glass hit you when you use the Screwdriver then I suggest a small BB handgun.

When the window has shattered reach in a grab the purse, take your timeand don't cut your self if you spaz out. Always check the glove compartment for shit and if you have time look for objects that say 'Hide-A-Key'. These can be very useful when stinging the car. Also check ashtray, because not all people smoke but some people put shit there. If the car has tint then it will prabably spider, so you will need a glove to knock all the glass out of the way. There are other methods of breaking a window, but the pwo I have are very quiet.

Step 5: Looking for Important Merchandise-=-=-=-

You have the purse, you have searched the car thoroughly for hide-a-keys,extra cash, maybe even try to sting their nice brand new top of the line Alpinestereo with Compact disc player and complete cassette collection. Whatever youget just don't get caught. Once you have you main goal, the purse of course, check the billfold for cash and credit cards. Also look for gas cards, MCI cards AT&T calling cards movie rental cards, Honor cards, and other crap. There are a number of things you can do with the plastic you just got:

A] Gas Cards - free tank of gas and food if it is a convient store. These cards are usually good for about two weeks, although some place don't call themin. For instance Gulf,some Amoco's, Chevron and otherf) : ++$Tc=9 9M!11 5R

___________________________________________/___________________________________________\| || TRW Terminolgy || Understanding What You Read || || By || || Master Blaster || Advanced Telecommunications Inc. |\___________________________________________/

Type of Account\_____________/

Abrevation Explanation\________/ \_________/

AUT AutoUNS UnscuredSEC SecuredP/S Partially SecuredH/I Home ImprovementFHA FHA Home ImprovementISC Installment Sales Contract

CHG Charge AccountR/E Real Estate Specific Type unknowen-in termsof yearsSCO Secured by Co-SignerBUS BusnessREC Recreational MerchandiseEDU EducationalLEA LeaseCOM Co-Maker(not borrower)C/C Check Credit or Line of CreditF/C FHA Co-Maker(not borrower)M/H Mobil HomeCRC Credit CardR/F FHA Real Estate Mortgage-in terms of yearsNTE Note LoanNCM Note Loan With Co-MakerHHG Secured by Household GoodsH+O Secured by Household Goods & other CollateralASL AutoR/V VA Real Estate Mortgage-in Terms of YearsR/C H| Conventional Real Estate Mortgage-Terms inYearsR/O Real Estate Mortgage-with or without othercollateral Usually a seccond mortgage-Termsin months Amount shown in $100.00 incermentsSLC Co-Maker(not Borrower)REN Rental AgreementSUM Summary of Accounts with same statusUNK Unknowen (that's the meaning not that i don'tknow)DCS Debit Counseling ServiceCCP Combined Credit PlanAST Account Reviewed by Credit GrantorA/M Account Monitor by Credit GrantorRVW Account Review by Credit GrantorEMP EmploymentPSC SolicitationD/C Debit CardDCP Data Correction ProfileADD Address information for MailingIDV Address information for the GovernmentCLS Credit Line Secured

COL Collection AttorneyINS Insurance ClaimsC/S Child Support

Court Codes\_________/

CIR CircutCITY CityCVL CivilCO CountyCT CourtDIS DistrictIRS Internal Revenue ServiceJUS JusticeMUN MunicipalREG RegistrarST StateSPR SuperiorSUP Suprame

Explination of Status Comments\____________________________/

BK ADJ PLN Debit included in or completed throughBankruptcy Chapter 13.BK LIQ REO Debit included in or discharged throughBankruptcy Chapter 7 or 11.CHARGE OFF Unpaid balance reported as a loss by creditgrantor.CLOS INAC Closed inactive accountCOLL ACCT Account seriously past due/account assignedto attorney. Collection agency or creditgrantors internal collection department.CO NOW PAY Now paying - Was charge off.CR CD LOST Credit card lost or stolen.CR LN CLOS Credit line closed/reason unknowen or byconsumer request/there may be a balance due.CR LN RNST Account now available for use and is in goodstanding. Was closed account.CURR ACCT This is either an open or closed account is a

credit card or charge account. It should beavailable for use and there may be a balancedue. If the account is closed. There were nopast due amounts reported and it was paid.CUR WASCOL Current account was collection account.CUR WAS DL Current account was past due.CUR WASFOR Current account Foreclosure was started.CUR WAS 30 Current account was 30 days past due.CURWAS30-2 Current account was 30 days past due twice.CURWAS30-3 Current account was 30 days past due threetimes.CURWAS30-4 Current account was 30 days past due fourtimes.CURWAS30-5 Current account was 30 days past due fivetimes.CURWAS30-6 Current account was 30 days past due sixtimes or more.CURWAS 60 Current account was 60 days delinquent.CUR WAS 90 Current account was 90 days delinquent.CUR WAS 120 Current account was 120 days delinquent.CUR WAS 150 Current account was 150 days delinquent.CUR WAS 180 Current account was 180 days delinquent ormore.DECEASED Consumer deceased.DELINQ 60 Account delinquent 60 days.DELINQ 90 Account delinquent 90 days.DELINQ 120 Account delinquent 120 days.DELINQ 150 Account delinquent 150 days.DELINQ 180 Account delinquent 180 days.DEL WAS 90 Account was delinquent 90 days/now 30 or 60days delinquent.DEL WAS 120 Account was delinquent 120 days/now 30,60 or90 days delinquent.GOVCLAIM Claim filed with government for insuredportion of balance on an educational loan.FORECLOSURE Credit grantor sold collateral to settledefulted mortgage.INQUIRY A copy of the credit profile has been sent tothis credit grantor at their request.INS CLAIM Claim filled for payment of insured portionof balance.NOT PD AA Account not being paid as agreed.

PAID ACCP Closed account/zero balance.not rated bycredit grantor.PAID SATIS Closed account/paid satisfactory.PD BY DLER Credit grantor paid by company who originallysold the merchandise.PD CHG OFF Paid account/was charge-off.PD COLL AC Paid account was a collection accountinsurance claim or education claim.PD FORECLO Paid account A forclosure was started.PAID NOT AA Paid account. Some payments were made pastthe agreed due dates.PD REPO Paid account/was a repossession.PD WAS 30 Paid account/was 30 days past due.PD WAS 30-2 Paid account/was 30 days past due 2 or 3times.PD WAS30-4 Paid account/was 30 days past due 4 times.PD WAS30-5 Paid account/was 30 days past due 5 times.PD WAS30+6 Paid account/was 30 days past due 6 or moretimes.PD WAS 60 Paid account/was 60 days delinquent.PD WAS 90 Paid account/was 90 days delinquent.PD WAR 120 Paid account/was 120 days delinquent.PD WAS 150 Paid account/was 150 days delinquent.PD WAS 180 Paid account/was 180 days delinquent or more.REDMD REPO Account was a repossession/now redeemed.REFINANCED Account renewed or refinanced.REPO Merchandise was taken back by credit grantor,there may be a balance due.SCNL Credit grantor cannot locate consumer.SCNL NWLOC Credit grantor could not locateconsumer/consumer now locatedSETTLED Account leagally pain in full for less thanthe full balance.TRANSFERRED Account transfered to another office.VOLUN REPO Voluntary repossession.30 DAY DEL Account past due 30 days.30 2 TIMES Account past due 30 days 2 times.30 3 TIMES Account past due 30 days 3 times.30 4 TIMES Account past due 30 days 4 times.30 5 TIMES Account past due 30 days 5 times.30 6+ TIMES Account past due 30 days 6 times or more.30 WAS 60 Account was delinquent 60 days/now 30 days.

TOONEWRT Account too new to rate.

Items of Public Record\____________________/

BK 7 -FILED Voluntary or Involuntary RE\Q%Q%=9 J95R 2HBankruptcy Chapter 7 - (Liqufiled.BK 7 -DISCH Voluntary or involuntary PetiP%=9 J95P 9-IUAQe

An Algorithm for Credit Cards

by Crazed Luddite & Murdering ThugK00l/RaD Alliance!

Transcribed from 2600 Volume Seven, Number Three (Autumn, 1990)by Psyberdelic Relic - 12/25/90

As some of you know, the credit card companies (Visa, MC, and AmericanExpress) issue card numbers which conform to a type of checksum algorithm.Every card number will conform to this checksum, but this is not to saythat every card number that passes this checksum is valid and can be used,it only means that such a card number can be issued by the credit cardcompany.

Often this checksum test is used by companies which take credit cards forbilling. It is often the first step in checking card validity beforeattempting to bill the card, however some companies stop here. Somecompanies only check the first digit and the card number length, others usethis very convenient algorithm, while others continue on to check the bankID portion of the card number with a database to see if it is a valid bank.These tests are designed to weed out customers who simply conjure up a cardnumber. If one were to try to guess at an Amex number byusing the rightformat (starts with 3 and 15 digits long), only about 1 in 100 guesseswould pass the checksum algorithm.

Why do companies use the algorithm for verification instead of doing anactual credit check? First, it's much quicker (when done by computer).Second, it doesn't cost anything. Some credit card companies and bankscharge merchants each time they wish to bill or verify a card number, and

if a merchant is in a business where a lot of phony numbers are given forverification, this can become rather costly. It is a known fact that most,if not all, online services (i.e., Compuserve, Genie, etc.) use this methodwhen processing new sign-ups. Enough said about this, you take it fromhere.

The majority of transactions between credit card companies and merchantstake place on a monthly, weekly, or bi-weekly basis. Such bulktransactions are much less expensive to merchants. Often a company willtake the card number from a customer, run it through the algorithm forverification, and bill the card at the end of the month. This can be usedto your advantage, depending on your situation.

If you trade card numbers with your friends, this is a quick way to verifythe numbers without having to call up the credit card company and thusleave a trail. Also, a few 1-800 party line type services use thisalgorithm exclusively because they don't have a direct link to credit cardcompany computers and need to verify numbers real fast. Since they alreadyhave the number you're calling from through ANI, they don't feel itnecessary to do a complete credit check. I wonder if they ever heard ofpayphones.

Here's how the algorithm works. After the format is checked (correct firstdigit and correct number of digits), a 21212121... weighing sccheme is usedto check the whole card number. Here's the english pseudocode:

check equals 0go from first digit to last digitproduct equals value of current digitif digit position from end is oddthen multiply product by 2if product is 10 or greaterthen subtract 9 from productadd product to checkend loopif check is divisible by 10, then card passed checksum test

Here is a program written in C to perform the checksum on a Visa, AMEX orMC card. This program can be easily implemented in any language, includingACPL, BASIC, COBOL, FORTRAN, PASCAL or PL/I. This program may be modified,with the addition of a simple loop, to generate credit card numbers thatpass the algorithm within certain bank prefixes (i.e. Citibank). If you

know the right prefixes, you can generate valid card numbers (90 percent ofthe time).

/* CC Checksum Verification Programby Crazed Luddite and Murdering Thugof the K00l/RaD Alliance! (New York, London, Paris, Prague.)Permission is given for free distribution."Choose the lesser of two evils. Vote for Satan in '92"*/

#include <stdio.h>main(){char cc[20];int check, len, prod, j;printf("\nAmex/MC/Visa Checksum Verification Program");printf("\nby Crazed Luddite & Murdering Thug\n");for(;;){printf("\nEnter Card Number [w/o spaces or dashes.] (Q to quit)\n:");scanf("%s",cc);if ((cc[0]=='Q')||(cc[0]=='q')) break; /* exit infinite loop, if 'Q' */

/* Verify Card Type */

if ((cc[0]!='3')&&(cc[0]!='4')&&(cc[0]!='5')){printf("\nCard number must begin with a 3, 4, or 5.");continue;}else if ((cc[0]=='5')&&(strien(cc)!=16)){ printf("\nMastercard must be 16 digits.");continue;}else if ((cc[0]=='4')&&(strien(cc)!=13)&&(strien(cc)!=16)){ printf("\nVisa numbers must be 13 or 16 digits.");continue;}else if ((cc[0]=='3')&&(strien(cc)!15)){ printf("\nAmerican Express numbers must be 15 digits.");continue;}

/* Perform Checksum - Weighing list 2121212121212121.... */

check = 0; /* reset check to 0 */len = strien(cc);for (j=1;j<=len;j++) /* go through entire cc num string */{prod = cc[j-1]-'0'; /* convert char to int */if ((len-j)%2) prod=prod*2; /* if odd digit from end, prod=prod*2 *//* otherwise prod=prod*1 */if (prod>=10) prod=prod-9; /* subtract 9 if prod is >=10 */check=check+prod; /* add to check */}if ((check%10)==0) /* card good if check divisible by 10 */printf("\nCard passed checksum test.");elseprintf("\nCard did not pass checksum test.");}}

-69-