By Brad Whitehouse
Associate News Editor
I kicked off the holidays by stealing $6,614.47 from Ryerson University. And it only took me five minutes.
Shortly before 10 p.m. on Nov. 29, the Eyeopener broke into the Tim Horton’s cash register in Kerr Hall to prove how easily a student could swipe thousands of dollars from right under Ryerson’s nose.
It all started late one night as I was walking back from the library. The hallway lights were already out, but the cash register’s screen glowed blue.
I wondered how easy it would be to break in. I tapped the register’s touch screen and the BlackBoard operating system came to life. It asked for a login number, so I punched in the most basic combination possible: 1, 2, 3, 4. It accepted.
Next, it asked me for a password. After a couple failed attempts, I punched in 9, 8, 7, 6.
Bingo! I was logged into the Ryerson Computing and Communications Services (CCS) account.
Weeks later, three Eyeopener editors and a photographer set out to see just how much access one student could get to the cash register system.
Faces masked, we snuck up to the Kerr Hall South Tim Horton’s.
I punched in the same code as before and, in a matter of seconds, I was back in.
I clicked the multiply button and ordered 5003 small coffees. No one needs that much java, so I tapped the return button, entered my student number and refunded my OneCard for $6,614.47 that I never spent.
Cash registers can refund a maximum of $9,999.99, but with six grand in hand, it’s hard to be greedy. We slunked away, leaving a small note in the till: “Guess Who?”
The next morning, I called Imre Juurlink, Ryerson security supervisor, to turn myself in. She said the cash registers had never been broken into before. “We’ve had a few break-ins at the Tim Horton’s kiosks but it’s mostly been aimed at people going into the cupboards…There hasn’t been much stolen,” Juurlink said.
The break-in was brought to her attention when someone reported the notes planted in the tills. Tuesday evening, Darcy Flynn, manager of the OneCard office, was working overtime in CCS’s basement office to help boost the security features.
“We’re just really having a bad day,” he said.
Brian Lesser, director of CCS, admitted the password was too easy.
“In this case they never should have used that password whether it was a default that was left in or because it was easy to remember,” he said.
Lesser said Ryerson Food Services came to CCS Tuesday morning to ask why one of their sales centres had a negative balance. By about 9 a.m. my OneCard had been frozen, and the account used to transfer the money was disabled.
CCS is changing the machines so that cashiers will need a keyboard and a more complex username and password to log in.
“It’s a weakness that there’s these machines sitting out there and all you need is a four-digit number to get into,” Lesser said. “We’re basically scrambling to make sure that, in the morning, you couldn’t repeat the performance.”
Photo: Marta Iwanek