Restaurant Owners Use Zapper To Cook the Books 454
Hugh Pickens passes along a NYTimes report on software programs called "zappers," which allow even technologically illiterate restaurant and store owners to siphon cash from computer cash registers to cheat tax officials. In the old days, restaurant owners who wanted to cheat kept two sets of books. But because cash registers make automated records, hiding the theft requires getting into the machine's memory and changing that record. "...the Canadian province of Quebec may be the world leader in prosecuting zapper cases. Since 1997, zappers have figured in more than 230 investigations, according to the tax collecting body Revenu Québec... In making 713 searches of merchants, Revenu Québec found 31 zapper programs that worked on 13 cash register systems. Only two known zapper cases have been prosecuted in the United States... The cash register security industry is focused on protecting patrons and owners from theft by employees, which may be one reason so few zappers are uncovered in the United States. No one hires security experts to protect the government from devious businesses... As hard as zapper software is to detect, it is easy to make, said Jeff Moss, organizer of the annual hacker convention Def Con. 'If it runs on a Windows system and you are a competent Windows administrator, you can do it,' he said."
Re:Windows? (Score:5, Funny)
There are cash registers that run Windows?
The cash registers have to run Wintendo [catb.org]. Otherwise, they can't use Nintendo peripherals such as the Zapper [wikipedia.org].
Re:Physical access = carte blanche (Score:5, Funny)
The government must act quickly to stop this reprehensive tax evasion. I see only one solution: federally-mandated DRM on all cash-registers. We'll use TPM to lock these things right down to the hardware! Of course, there must be no paper backup, otherwise corrupt storekeepers would "accidentally" break their machines so that they can supply the hard-working patriots at the IRS with doctored false receipts.
To implement this, we'll need someone reliable, someone with a proven track record in securing embedded systems... Someone send a briefing paper to Diebold immediately!
Re:Windows? (Score:5, Funny)
POS can be interpreted in two ways here, and both of them are accurate.
Re:Physical access = carte blanche (Score:5, Funny)
There was a case a few years ago, where the most widely used accounting/cash register software for hairdressers in France actually had a standard option to hide some cash from the tax authorities.
Couldn't find any links, sorry.
Obvious comment... (Score:4, Funny)
Spahs zappin' my cash registah!
Sorry, just got off playing about 2 hours of TF2.
Re:Physical access = carte blanche (Score:2, Funny)
Am I the only one who read the headline and pictured a guy in a chef suit firing at a pile of books with a NES lightgun?
Re:Physical access = carte blanche (Score:3, Funny)
Someone send a briefing paper to Diebold immediately!
I heard they have some refurbished hardware [slashdot.org] going spare.