So they just plugged it directly into the same network switch the ATM is on? That sounds incredibly dumb. The only ATMs I’ve seen the inside of had the network switch locked inside with the vault.
Also our bank had some kind of port security so if it wasn’t a recognized MAC address, the port just switched off.
Also our bank had some kind of port security so if it wasn’t a recognized MAC address, the port just switched off.
And serious company will have this as basic security. It’s a fundamental function even available on your consumer grade router at home. While it’s overkill for that use, it’s basic security for a company.
That’s why it’s not surprising at all that a bank didn’t bother to do that. Banks have some of the most egregious security issues.
… Which financial company do you work for?
That’s why it’s not surprising at all that a bank didn’t bother to do that. Banks have some of the most egregious security issues.
Remember when John Stewart only had SOME grey hair?
Hey, no judgement. 2020 had my hair looking like santa claus.
Don’t stress mate. We’ve all aged in the 20 years between 2019 and 2025.
2019? Wow. That’s in the before times.
Yeah my beard has gone fully salt-and-pepper, and I’m getting a lot more grays on my head nowadays :/
Same as anywhere else. Complacency, lax auditing, temporary fixes which are in place for years, non-technical people making technical decisions (choosing convenience over security, generally).
Any of the major banks consider breaches as cost of doing business at their scale compared to smaller banks. My bank prides itself on never having a breach, and it is insufferable to develop code for, but I guess it’s the price of security
You would be surprised how many companies don’t even have something fundamental like a custom SSID and password, or a backup, etc.
Oh I wouldn’t be surprised at all, most businesses are pretty small. I would be surprised if a Bank was that irresponsible, although not very surprised.
That’s why it’s not surprising at all that a bank didn’t bother to do that. Banks have some of the most egregious security issues.
And really shitty auditors apparently. A good one would have at least spot checked for unsecured ports.
Yup, this is the way. Pretty crazy a bank doesn’t have proper security lol
Ah yes, the most devious of exploits, the bind mount.
This is quite an awesome attack if you think about it.
deleted by creator
Wouldn’t the 4G connection be easily traceable? Like law enforcement could pretty easily figure out who owns the line.
It’s not too hard to get a SIM in someone else name.
They’d have an account owner name, but that person may not exist or they only remember some person paying them to get a phone in their name which isn’t illegal.
Don’t forget, burner phones still exist.
You can handle everything in cash if you’re smart.
The phone isn’t important, you just want a cheap sim with no tracks leading to you.
Its like Ocean 11
Don’t give hackers a bad name.
