Comments on: ATM Skimmers, Part II http://krebsonsecurity.com/2010/02/atm-skimmers-part-ii/ In-depth security news and investigation Fri, 30 Jul 2010 04:29:12 +0000 hourly 1 http://wordpress.org/?v=3.0 By: L.T.http://krebsonsecurity.com/2010/02/atm-skimmers-part-ii/#comment-6312 L.T. Tue, 01 Jun 2010 15:27:48 +0000 http://www.krebsonsecurity.com/?p=859#comment-6312 When I was looking to buy a downtown coffee shop location (and thereby graduate from IT) I had located some refurbished IBM POS machines and a Linux-based OS/POS system. Multi-tasked, handled the printer, the screen (keyboard entry), could remap keyboard fairly easily. It made the older machines work quick like a bunny, which was the important during the morning go-to-work coffee rush.

When I was looking to buy a downtown coffee shop location (and thereby graduate from IT) I had located some refurbished IBM POS machines and a Linux-based OS/POS system. Multi-tasked, handled the printer, the screen (keyboard entry), could remap keyboard fairly easily. It made the older machines work quick like a bunny, which was the important during the morning go-to-work coffee rush.

Well-loved. Like or Dislike: Thumb up 5 Thumb down 0

]]> By: AlphaCentaurihttp://krebsonsecurity.com/2010/02/atm-skimmers-part-ii/#comment-6213 AlphaCentauri Fri, 28 May 2010 07:01:12 +0000 http://www.krebsonsecurity.com/?p=859#comment-6213 http://news.softpedia.com/news/Romanian-Authorities-Shut-Down-ATM-Skimmer-Manufacturing-Operation-143204.shtmlRomanian authorities conducted raids May 27 and rounded up a number of the people manufacturing skimmers. http://news.softpedia.com/news/Romanian-Authorities-Shut-Down-ATM-Skimmer-Manufacturing-Operation-143204.shtml

Romanian authorities conducted raids May 27 and rounded up a number of the people manufacturing skimmers.

Like or Dislike: Thumb up 0 Thumb down 0

]]> By: Rodhttp://krebsonsecurity.com/2010/02/atm-skimmers-part-ii/#comment-5670 Rod Sat, 08 May 2010 23:08:25 +0000 http://www.krebsonsecurity.com/?p=859#comment-5670 This post makes me recall back in 2005 when a friend of mine in Aguascalientes, Mexico had to go at night to the ATM to get some cash, he went and after returning he was admired of a 'new' ATM (1 of 3) available at that specific bank, he mentioned things like having just used a new ATM system with a color display and touchscreen capabilities... he was completely unsuspected at the time. To make the story it short, of course he got no money at the time and days later he found 2 grand to be missing from his account. Weeks later a band of Venezuelans was arrested in the area.Greetz to Germy Muñoz. This post makes me recall back in 2005 when a friend of mine in Aguascalientes, Mexico had to go at night to the ATM to get some cash, he went and after returning he was admired of a ‘new’ ATM (1 of 3) available at that specific bank, he mentioned things like having just used a new ATM system with a color display and touchscreen capabilities… he was completely unsuspected at the time. To make the story it short, of course he got no money at the time and days later he found 2 grand to be missing from his account. Weeks later a band of Venezuelans was arrested in the area.

Greetz to Germy Muñoz.

Like or Dislike: Thumb up 0 Thumb down 0

]]> By: dothttp://krebsonsecurity.com/2010/02/atm-skimmers-part-ii/#comment-5606 dot Thu, 06 May 2010 06:51:55 +0000 http://www.krebsonsecurity.com/?p=859#comment-5606 SHUT UP! SHUT UP!

Like or Dislike: Thumb up 0 Thumb down 4

]]> By: Jackhttp://krebsonsecurity.com/2010/02/atm-skimmers-part-ii/#comment-5189 Jack Wed, 21 Apr 2010 14:40:26 +0000 http://www.krebsonsecurity.com/?p=859#comment-5189 This was a very informative article. I saved it with the pics so I can show it to my family.Another thing the banks need to do is to have telephone numbers posted on or somewhere near the ATM machine so that people can call from their cell phones right away if they see anything suspicious.I drove up to the ATM on the side of my bank bldg one day and noticed that it looked irregular. The card slot was crooked and not properly affixed so I didn't use it. I looked for a phone number to call. I also looked around to see if there was anyone loitering in the area. I found a piece of paper in my car, wrote a note warning people not to use it (or go to the walk up ATM instead) and stuck this in the opening until the bank or police had a chance to look into this. I went home and called my bank but wasn't able to leave a message so I called the police dept after that and reported it to them. This was a very informative article. I saved it with the pics so I can show it to my family.

Another thing the banks need to do is to have telephone numbers posted on or somewhere near the ATM machine so that people can call from their cell phones right away if they see anything suspicious.

I drove up to the ATM on the side of my bank bldg one day and noticed that it looked irregular. The card slot was crooked and not properly affixed so I didn’t use it. I looked for a phone number to call. I also looked around to see if there was anyone loitering in the area. I found a piece of paper in my car, wrote a note warning people not to use it (or go to the walk up ATM instead) and stuck this in the opening until the bank or police had a chance to look into this. I went home and called my bank but wasn’t able to leave a message so I called the police dept after that and reported it to them.

Like or Dislike: Thumb up 2 Thumb down 0

]]> By: SR6http://krebsonsecurity.com/2010/02/atm-skimmers-part-ii/#comment-4877 SR6 Thu, 08 Apr 2010 18:17:49 +0000 http://www.krebsonsecurity.com/?p=859#comment-4877 What's really scaring is many ATMS, checkout machines, etc are still using NT. What’s really scaring is many ATMS, checkout machines, etc are still using NT.

Like or Dislike: Thumb up 3 Thumb down 1

]]> By: DarwinSurvivorhttp://krebsonsecurity.com/2010/02/atm-skimmers-part-ii/#comment-4042 DarwinSurvivor Wed, 17 Mar 2010 03:23:58 +0000 http://www.krebsonsecurity.com/?p=859#comment-4042 Do you have any links to verify this claim? Since the screen (which is handled by the OS) displays feedback when keys are hit, i'd be interested to know exactly what the keypad DOES tell the OS. The same keypad is also used for numbers (pin) and selections (enter, cancel, etc) so unless the keypad (which appears to be one piece) is physically split inside, I would instinctively think the OS is doing the encryption.

Do you have any links to verify this claim? Since the screen (which is handled by the OS) displays feedback when keys are hit, i’d be interested to know exactly what the keypad DOES tell the OS. The same keypad is also used for numbers (pin) and selections (enter, cancel, etc) so unless the keypad (which appears to be one piece) is physically split inside, I would instinctively think the OS is doing the encryption.

Well-loved. Like or Dislike: Thumb up 5 Thumb down 1

]]> By: Anonhttp://krebsonsecurity.com/2010/02/atm-skimmers-part-ii/#comment-4034 Anon Wed, 17 Mar 2010 02:41:40 +0000 http://www.krebsonsecurity.com/?p=859#comment-4034 Malware only attack would not work as the OS at no point sees the users PIN. The PIN is encrypted upon entry in the PIN entry device, which is a tamper resistant security module, and is not decrypted until it reaches the issuing bank. You would need some sort of hardware modification (keypad overlay, camera) to record the PIN. Malware only attack would not work as the OS at no point sees the users PIN. The PIN is encrypted upon entry in the PIN entry device, which is a tamper resistant security module, and is not decrypted until it reaches the issuing bank. You would need some sort of hardware modification (keypad overlay, camera) to record the PIN.

Like or Dislike: Thumb up 1 Thumb down 0

]]> By: Marcushttp://krebsonsecurity.com/2010/02/atm-skimmers-part-ii/#comment-3688 Marcus Fri, 12 Mar 2010 00:51:48 +0000 http://www.krebsonsecurity.com/?p=859#comment-3688 I have to be honest, if I found one of these I would probably pull it off and take it home to reverse engineer it. The whole faceplate model changed my perception of what to look for I have to be honest, if I found one of these I would probably pull it off and take it home to reverse engineer it. The whole faceplate model changed my perception of what to look for

Like or Dislike: Thumb up 0 Thumb down 0

]]> By: geo merhttp://krebsonsecurity.com/2010/02/atm-skimmers-part-ii/#comment-3356 geo mer Sat, 06 Mar 2010 18:49:40 +0000 http://www.krebsonsecurity.com/?p=859#comment-3356 Recent WI pin read fraud involving 2 stores (currently known of within Hancock Fabric chain). So, having made a recent fabrics purchase at a competitor's chain, called "that" chain and spoke with a mgr. who has "head in sand" and feels as "her" staff is "bonded" that nothing like this could "ever" happen "there!" (I didn't take the time to explain there is always a % of "honest" persons who are "not"; the mgr. will have to find that out the "hard way.") Found your site, checking out pin reader fraud (also the sig.oth. does "not" understand how this could "ever" happen!). Looks as tho there needs to be "business mgmt." and "educ. to the public, to protect us (from mgrs. having "head in sand."). g. Recent WI pin read fraud involving 2 stores (currently known of within Hancock Fabric chain). So, having made a recent fabrics purchase at a competitor’s chain, called “that” chain and spoke with a mgr. who has “head in sand” and feels as “her” staff is “bonded” that nothing like this could “ever” happen “there!” (I didn’t take the time to explain there is always a % of “honest” persons who are “not”; the mgr. will have to find that out the “hard way.”) Found your site, checking out pin reader fraud (also the sig.oth. does “not” understand how this could “ever” happen!). Looks as tho there needs to be “business mgmt.” and “educ. to the public, to protect us (from mgrs. having “head in sand.”). g.

Like or Dislike: Thumb up 0 Thumb down 0

]]>