If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Krebs On Security)   Old and busted: ATM skimmers. New hotness: Fake ATMs   (krebsonsecurity.com) divider line 32
    More: Scary  
•       •       •

6458 clicks; posted to Main » on 21 Dec 2013 at 6:00 PM (43 weeks ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



32 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest
 
2013-12-21 04:10:46 PM  
FTFC: All Skimmers should have a masters degree in design and fine arts, Skimmers for a long time have been borderline-artistic with these attacks. Next phase -> a full blown fake bank branch

If that hasn't been a movie, it should be.
 
2013-12-21 06:04:19 PM  
I once saw fake ATM.  It was just pudding.
 
2013-12-21 06:07:06 PM  
You can tell it's fake because they put in a camera cut.
 
2013-12-21 06:07:10 PM  

shanrick: FTFC: All Skimmers should have a masters degree in design and fine arts, Skimmers for a long time have been borderline-artistic with these attacks. Next phase -> a full blown fake bank branch

If that hasn't been a movie, it should be.


Wouldn't it be easier to just form a bank? Then, you could legitimately steal people's money.
 
2013-12-21 06:08:34 PM  
Totally fooled me.

ecx.images-amazon.com
 
2013-12-21 06:09:38 PM  
Fark used to let you manually resize image links by meddling with the height and width fields in HTML source ... now it seems to ignore those settings when posting, even though they work in preview.
 
2013-12-21 06:10:09 PM  

Ambitwistor: Totally fooled me.


Oh ha ha; you borrow $400 from Elmo. You pay 20% , or Burt will break your legs, ha ha!
 
2013-12-21 06:10:59 PM  

shanrick: FTFC: All Skimmers should have a masters degree in design and fine arts, Skimmers for a long time have been borderline-artistic with these attacks. Next phase -> a full blown fake bank branch

If that hasn't been a movie, it should be.


Sounds like an episode of Leverage.
 
2013-12-21 06:13:44 PM  
Fake ATM scam has been around since the 80's, there even World News with Peter Jennings did a piece on that. Its a very old scam, not a "New Hotness". Subby doesn't know what "new" means, just a rehash of a very old one
 
2013-12-21 06:19:48 PM  
I set up a fake ATM but people kept withdrawing all the money I put in it and eventually I just didn't see the point....
 
2013-12-21 06:24:50 PM  
Whoever knocked over Target made this scam obsolete
 
2013-12-21 06:29:12 PM  

BigLuca: I once saw fake ATM.  It was just pudding.


Kinda like that "one cup"?
 
2013-12-21 06:33:15 PM  

jedihirsch: Fake ATM scam has been around since the 80's, there even World News with Peter Jennings did a piece on that. Its a very old scam, not a "New Hotness". Subby doesn't know what "new" means, just a rehash of a very old one


Pretty much all new scams are rehashed old scams.

Like the Nigerian prince thing used to be a Spaniard in the 15th century.
 
2013-12-21 06:33:48 PM  
Well, that's clearly a skimmer and not a fake ATM. A fake ATM would be one that is placed where there was no machine at all.
 
2013-12-21 06:34:37 PM  

zerkalo: Whoever knocked over Target made this scam obsolete


Ideally they'd make 40 million $3 charges.

I can actually envision how to build the fake ATM. Arts and crafts, put in a reader/camera (get all the details from both sides), a little display and keypad. Please enter pin- transactions - "unable to connect with network" screen.
 
2013-12-21 06:44:28 PM  

Your Hind Brain: BigLuca: I once saw fake ATM.  It was just pudding.

Kinda like that "one cup"?


That brings back a geyser of memories and a muddy volcano of images.
 
2013-12-21 06:44:35 PM  

shanrick: FTFC: All Skimmers should have a masters degree in design and fine arts, Skimmers for a long time have been borderline-artistic with these attacks. Next phase -> a full blown fake bank branch

If that hasn't been a movie, it should be.


I could provide the scene. My credit union has a location that was just drive thru service that they closed. Gain access, hack into the Brinks computer, order cash to the location. Might help to know how bankers behave when the cash is delivered, fake up a sack of checks to exchange etc.

Hmm, it could be pretty cheap to film. The script writes itself, we just need a romantic comedy plot. And we use the actual location I have in mind.

Google Maps
 
2013-12-21 06:48:58 PM  
Next stop is a completely duplicated banking system, one that is not at all what it appears to be, but rather a means to launder illegal money, scalp customers with phony fees, gamble recklessly with customers' money...

Oh.  Right.
 
2013-12-21 06:58:54 PM  

Kibbler: Next stop is a completely duplicated banking system, one that is not at all what it appears to be, but rather a means to launder illegal money, scalp customers with phony fees, gamble recklessly with customers' money...

Oh.  Right.


Bitcoin?
 
2013-12-21 07:03:31 PM  

BigLuca: Your Hind Brain: BigLuca: I once saw fake ATM.  It was just pudding.

Kinda like that "one cup"?

That brings back a geyser of memories and a muddy volcano of images.


Yes. Yes it does, you revoltingly magnificent bastard.
 
2013-12-21 07:34:28 PM  
Sources say they were initially suspicious when their ATM coughed, but wrote it off as mechanical hiccups..
 
2013-12-21 07:49:14 PM  

shanrick: FTFC: All Skimmers should have a masters degree in design and fine arts, Skimmers for a long time have been borderline-artistic with these attacks. Next phase -> a full blown fake bank branch

If that hasn't been a movie, it should be.


I've been saying this for years. Seems like every month there's some new bank on the street that you've never farking heard of: North Fork Bank, Eastern Savings Bank, and the new one that seems to be going up all over Boston with the flying turd logo--Santander. Fake banks all.

It would be the easiest thing to just make up a bank, wait for the suckers to make deposits and fill your safe deposit boxes and then, poof, clean the whole place out and don't bother locking the door behind you.
 
2013-12-21 07:53:01 PM  
Supposedly when they were filming Catch Me If You Can, they were working on the "fake night deposit guard" scene.  They had to drop it because people kept coming up to deposit money with Leonardo DiCaprio.
 
2013-12-21 08:19:43 PM  
Sorry, subby- it's not a 'fake ATM', it's just a skimmer that covers the whole front of the ATM. And, as other shave pointed out, it's not exactly new.
 
2013-12-21 08:40:06 PM  

Ambitwistor: Fark used to let you manually resize image links by meddling with the height and width fields in HTML source ... now it seems to ignore those settings when posting, even though they work in preview.


I've found that I have to put in old fashioned width="100" height="100" and that the style tags don't work for size. Been that way for a while now. The fancy editor only adds the embedded css tags and not the html tags.
 
2013-12-21 08:53:12 PM  
Here are a few patentable ideas for increasing ATM security:

1.  Make it mandatory that every ATM show detailed video of what the actual card reader looks like on THAT machine.  No generic footage.  It has to be images taken of the very same system the customer is using.  The customer has to press a "yes, the card reader on this machine looks exactly like the one in the picture," which gives the bank a valid reason to not reimburse the customer if money is stolen from their accounts.

2. A scanner (like the kinect) that continuously takes a 3D image of the front of the ATM accurate to a 1mm depth and compares it to a stored 3D model.  If the two do not match, it's assumed to be the result of a skimmer being attached, and police and/or technicians are dispatched to investigate.

3. Similar idea: Attach one or more small pieces of glass to the card reader.  The glass pieces are etched with a pattern that produces a holographic image when illuminated with a laser.  The image is captured by a camera and compared to a proper image.  If the two do not match ...  Lasers and Holograms: the magic ingredient of inventors.

4. Put a black cloth sleeve/bag over the keypad.  One open end of the sleeve covers the keypad. The customer puts his hand into the other open end and uses the keyboard normally (a button layout is available for those idiots unable to memorize the numbers 1-9 in a 3x3 grid with 0 underneath the 8).  Skimmers can skim cards all day but without the PIN the card info is useless.

5. Measure the capacitance of the mag strip as it is read.  It will be different if there are multiple devices (i.e. the fake one and the real one) reading the card.  Or if capacitance doesn't work that way, find some other property of the card that is affected by it being read simultaneously by two devices vs one device.

6. Camera aimed at the reader.  Algorithms that are designed to detect tampering in progress.  Normal interaction with the reader is insert/retrieve, and takes under three seconds.  The hand motions should be nearly identical for every customer using the reader.  Tampering is basically "anything else."  To eliminate false positives, video of potential tampering events is sent in real time to a monitoring center where a human being can evaluate it.  Computer algorithms for tampering detection are continually updated based on pass/fail results of the human evaluations, leading to increased accuracy and fewer false positives.

7.  A 6"x6"x6" perspex box affixed to the ATM.  Box has a slot on the top.  Customer drops card into box, and a robotic arm with vacuum tip comes out, grasps the card, manipulates it so that it can be inserted into a reader INSIDE the box (and therefore impossible to tamper with).  When transaction is over, the robotic arm then pops card up and out of the box.  Miniature robotic arms are cool, so people will want to use ATMs that have them, so the owners of those ATMs get more revenue from fees.

Yeah, so a few of those ideas are impractical or could be relatively easily defeated.  But the point is: if I can come up with seven moderately cracked ideas in ten minutes, why can't the ATM industry come up with one really good idea in all the years that skimmers have been raiding their products?
 
2013-12-21 09:33:45 PM  
ATM skimmers which 'skin over' the keypad have been found in the wild, these don't need a camera to log your PIN.   They've also found skimmers which transmit over cellular, so no need for the crooks to come by and download their data, which is the most common way they get caught.

tillerman35: Make it mandatory that every ATM show detailed video of what the actual card reader looks like on THAT machine. No generic footage. It has to be images taken of the very same system the customer is using. The customer has to press a "yes, the card reader on this machine looks exactly like the one in the picture," which gives the bank a valid reason to not reimburse the customer if money is stolen from their accounts.


ATM I used in the Netherlands showed a photograph of the card reader on the screen, but that's as far as it went.  Seems simple enough to implement.

Some of the newer models mechanically pull in the card with an inconstant motion, making it more difficult for a skimmer read-head on the card slot to pick up the stripe details.
 
2013-12-21 11:35:43 PM  

tillerman35: Here are a few patentable ideas for increasing ATM security:

1.  Make it mandatory that every ATM show detailed video of what the actual card reader looks like on THAT machine.  No generic footage.  It has to be images taken of the very same system the customer is using.  The customer has to press a "yes, the card reader on this machine looks exactly like the one in the picture," which gives the bank a valid reason to not reimburse the customer if money is stolen from their accounts.

2. A scanner (like the kinect) that continuously takes a 3D image of the front of the ATM accurate to a 1mm depth and compares it to a stored 3D model.  If the two do not match, it's assumed to be the result of a skimmer being attached, and police and/or technicians are dispatched to investigate.

3. Similar idea: Attach one or more small pieces of glass to the card reader.  The glass pieces are etched with a pattern that produces a holographic image when illuminated with a laser.  The image is captured by a camera and compared to a proper image.  If the two do not match ...  Lasers and Holograms: the magic ingredient of inventors.

4. Put a black cloth sleeve/bag over the keypad.  One open end of the sleeve covers the keypad. The customer puts his hand into the other open end and uses the keyboard normally (a button layout is available for those idiots unable to memorize the numbers 1-9 in a 3x3 grid with 0 underneath the 8).  Skimmers can skim cards all day but without the PIN the card info is useless.

5. Measure the capacitance of the mag strip as it is read.  It will be different if there are multiple devices (i.e. the fake one and the real one) reading the card.  Or if capacitance doesn't work that way, find some other property of the card that is affected by it being read simultaneously by two devices vs one device.

6. Camera aimed at the reader.  Algorithms that are designed to detect tampering in progress.  Normal interaction with the reader is insert/retrieve, and takes und ...


My bank's ATMs now have a semi-curcular like plastic thing in front of the reader.  Makes it virtually impossible to put a skimmer in front.

Fake debit/credit terminals are common here.  Chips don't stop those.  They're identical to the real ones.

Not only are you guys behind in the security, you're behind in the fraud methods.
 
2013-12-22 12:02:25 AM  

SpdrJay: I set up a fake ATM but people kept withdrawing all the money I put in it and eventually I just didn't see the point....


ROFL!!!

I tried to kill myself with a bungee cord once. I kept ALMOST dying.....
 
2013-12-22 01:55:53 AM  
I'm reading all this in Uncle Si's voice, from Duck Dynasty. You guys are all HILARIOUS.
 
2013-12-22 02:15:04 AM  
Using your ATM card outside the USA is asking for trouble.
 
2013-12-22 08:37:40 AM  

Fear the Clam: I've been saying this for years. Seems like every month there's some new bank on the street that you've never farking heard of: North Fork Bank, Eastern Savings Bank, and the new one that seems to be going up all over Boston with the flying turd logo--Santander. Fake banks all.


... seriously?

Santander is one of the world's largest banks.

According to Forbes, it's the 43rd biggest company in the world.

/Or was that the joke?
 
Displayed 32 of 32 comments

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »






Report