Two 14-year-olds succeeded in hacking into a Bank of Montreal ATM cash machine, simply by reading an operator's manual online and typing in the default administrator password.
Whiz kids Matthew Hewlett and Caleb Turon found an old operator's manual on the internet and decided to take it to an ATM in a Safeway supermarket during their lunch hour and see if they could access the system, according to the Winnipeg Sun.
"We thought it would be fun to try it, but we were not expecting it to work," said Hewlett. "When it did, it asked for a password."
To their surprise, just by following the instructions and typing in a common default six-digit password, the cash machine granted them access.
A default administrator password
The boys immediately went to the nearest branch of the Bank of Montreal to alert the bank to the security vulnerability, but at first the bank's staff misunderstood, and thought that one of the boy's PIN numbers had been stolen.
When the boys explained that they had hacked into the ATM and gotten into the operator mode, the bank's staff didn't believe them.
"He said that wasn't really possible and we don't have any proof that we did it [so] I asked them: 'Is it all right for us to get proof?' He said: 'Yeah, sure, but you'll never be able to get anything out of it,'" said Hewlett.
"So we both went back to the ATM and I got into the operator mode again. Then I started printing off documentation like how much money is currently in the machine, how many withdrawals have happened that day, how much it's made off surcharges.
"Then I found a way to change the surcharge amount, so I changed the surcharge amount to one cent."
The bank didn't believe them
Hewlett also changed the ATM's standard greeting from "Welcome to the BMO ATM" to "Go away. This ATM has been hacked."
The boys printed out six documents showing what they had done, and then returned to the bank. This time round, they were taken seriously and the bank manager personally came out to talk to them.
The Bank of Montreal is now upgrading the security of its ATMs to prevent unauthorised access, and says that the contents of the ATM in question are still secure.
Best of all, the bank's financial services co-ordinator signed off on a special note asking the boys' school to excuse them for being late returning from their lunch hour.