Two Tennessee Men prove how easy it is to Crack ATMs

Two little known Tennessee men used factory default passcode to dupe ATM machines into giving more cash in an 18 months hacking spree cut short by Secret Service.  The money minting operations proves how low-tech street criminals poses a threat to poorly configured and serviced ATMs all over the world.

A recent shocker in the tech world revealed that over 80% of ATM’s use outdated Windows XP which run out commercial support years ago. Just to show how ATMs machines are vulnerable to low-tech street crime, two little know  Tennessee men, Khaled Abdel Fattah and his accomplice Chris Folad,  went on an ATM hacking spree in Nashville, netting over $400,000 hard cash in their 18 moths expedition.

Note that this was a not typical hack employing sophisticated banking malwares to steal money. Instead the two used a sequence of key combinations on the Keypad to configure the ATM into “Operator mode” and crack the cash dispensers. Once on operator’s modes the ATM was configured to dispense $20 for $1 requested. For example a $20 withdrawal would dispense $400 hard cash.

Fattah and his accomplice now face an array of computer frauds charges following their short-live money minting operations in Nashville. “Fattah and an associate named Chris Folad are facing 30 counts of computer fraud and conspiracy, after a Secret Service investigation uncovered evidence that the men had essentially robbed the cash machines using nothing more than the keypad,” reported wired in a blog.

Technically, ATM can be configured into operators mode using passcode initial provided the manufacturer.  Once on operator’s mode, the operator is able to configure how the ATM dispenses cash including the denomination loaded on the cartridges. In this case, Fatah was a former employee of ATM firm and all he needed was to key in the factory-set passcode.

The fraud was first discovered by the business owner who realized an abnormality in cash flows in one of ATM kiosks visited by the duo. He informed the secret service who analyzed surveillance footage, tracked and nailed Fattah and his accomplice.

“They were little kiosk ATMs, like you would find in a business or a convenience store,” says Greg Mays, assistant special agent in charge of the US Secret Service’s Nashville office. “I believe the businesses noticed there was a problem when the machine was running out of money.”

Fortunately, Fattah and his friend conducted their operation in the full glare of security cameras, they also used their real debit cards making it easy for Secret Service to trail and net them.

Exploits of this nature are common in the Tech world, but majority of the incidences go unreported by banks and other financial institutions who fear the possibility of a bank run. The problems lies with the factory resent passcode given by the ATM vendor and usually written on ATM manual. A majority of the small business owners fail to reset the default code on a new machine or when an employee leaves.  In reality, the code should be changed frequently and maintained within a small circle of employees if necessary.

In a similar ATM hack in 2005, fraudsters discovered the factory set passcode of Tranax and Triton ATMs, was freely available online. They went viral hacking every available Machine prompting Triton and Tranax to reprogram their machine and force operators to change the passcode on first use.

In another incidence a 14-year old boy in Winnipeg followed an instruction manual to crack the operator’s passcode to access a Bank of Montreal ATM in June this year. The boy notified the bank to change its passcode.

Top/Featured Image: By Adrian Grycuk / Wikipedia (

Pierluigi Paganini Cyber Security Analyst; Member, European Union Agency for Network and Information Security Threat Landscape Stakeholder Group; Founder, Security Affairs Blog. Co-author of The Deep Dark Web: The Hidden World.
Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.