Ex-con helps feds foil an ATM hacking scheme

Thor Alexander Morris had a plan.

The plan involved reprograming certain ATMs so that they would overpay him when he made a withdrawal, giving out $20 instead of $1 bills – or, at least, this is what the prosecutors say.

He allegedly asked Brian Rhett Martin, an ex-con from Texas, to help him identify the locations in and around Huston where specific ATM models are located – ATMs that have a flawed feature that allows a specific passcode to be used to gain administrative access and reprogram the machine.

Unfortunately for Morris, the ex-con was finished with his criminal ways and saved the chats and photos of Morris, then handed them over to the FBI and helped them organize a sting operation by introducing Morris to an undercover agent who posed as a fellow ATM thief.

According to the Wired, while driving towards the first ATM on the hit list, Morris allegedly bragged about previous hacking trips in different U.S. states and about having stolen credit card information at a grocery chain he was working for.

After he had bought and activated a prepaid debit card in the amount of $400, they drove together to an ATM located at a flea market. The managers had been warned beforehand and were cooperating with the FBI, and the ATM was already modified and would not accept the default passcode. After a few tries, Morris was arrested by the agents who were surveilling him.

Morris tried to place the blame on Martin and the undercover agent, claiming that they were the minds behind the scheme. He also said that he invented the stories he told to the undercover agent about the previous ATM hacking exploits. He has been charged, but has yet to enter a plea.

The ATMs in question were manufactured by Tranax, and it is a well known fact among this type of criminals that the have a default administrative code that is printed in the manual, which can be found online. Or, at least, it used to be so. After similar heists, Tranax and Triton (another ATM manufacturer with the same problem) updated the firmware, making new machines force owners to change the passcode in question immediately upon booting the machine for the first time.




Share this