Once again, ATMs have been “hacked” by individuals taking advantage of default, factory-set passcodes. This time the passcode hasn’t been guessed, or ended up online for everyone to know because it was printed in the ATM’s service manual – the individual who, with the help of an accomplice, managed to cash out $400,000 in 18 months was a former employee of the company that operated the kiosk ATMs they targeted.
Tennessee-based Khaled Abdel Fattah had insider knowledge of the code that, when typed in, set the machines into Operator Mode, which allowed him and accomplice Chris Folad to reconfigure the ATM to dispense $20 bills when asked for $1 dollar ones.
They would do this, then ask the machine to dispense, for example, $20, and they would get away with $400. After this, they would revert back the change so that the theft would go unnoticed.
Read more about the two Tennessee youths who hacked ATM to steal money on Help Net Security.