Posts Tagged: ATM Skimmers


29
Jul 13

Don’t Get Sucker Pumped

Gas pump skimmers are getting craftier. A new scam out of Oklahoma that netted thieves $400,000 before they were caught is a reminder of why it’s usually best to pay with credit versus debit cards when filling up the tank.

The U.S. Attorney’s office in Muskogee, Okla. says two men indicted this month for skimming would rent a vehicle, check into a local hotel and place skimming devices on gas pumps at Murphy’s filling stations located in the parking lots of Wal-Mart retail stores. The fraud devices included a card skimmer and a fake PIN pad overlay designed to capture PINs from customers who paid at the pump with a debit card.

A PIN pad overlay device for gas pumps. Photo; NewsOn6.com

A PIN pad overlay device for gas pumps. Photo; NewsOn6.com

According to their indictment (PDF), defedants Kevin Konstantinov and Elvin Alisuretove would leave the skimming devices in place for between one and two months. Then they’d collect the skimmers and use the stolen data to create counterfeit cards, visiting multiple ATMs throughout the region and withdrawing large amounts of cash. Investigators say some of the card data stolen in the scheme showed up in fraudulent transactions in Eastern Europe and Russia.

As the Oklahoma case shows, gas pump skimmers have moved from analog, clunky things to the level of workmanship and attention to detail that is normally only seen in ATM skimmers. Investigators in Oklahoma told a local news station that the skimmer technology used in this case was way more sophisticated than anything they’ve seen previously.

Continue reading →


4
Dec 12

ATM Thieves Swap Security Camera for Keyboard

This blog has featured stories about a vast array of impressive, high-tech devices used to steal money from automated teller machines (ATMs). But every so often thieves think up an innovation that makes all of the current ATM skimmers look like child’s play. Case in point: Authorities in Brazil have arrested a man who allegedly stole more than USD $41,000 from an ATM after swapping its security camera with a portable keyboard that let him hack the cash machine.

Photo: TV Bahia

The story comes from O Estado de S. Paulo (“The State of São Paulo“), a daily newspaper in Brazil’s largest city. According to the paper, late last month a crook approached an ATM at the Bank of Brazil and somehow removed the security camera from the machine. Apparently, the camera was a USB-based device, because the thief then was able to insert his own USB stick into the slot previously occupied by the camera. As you can imagine, a scene straight out of Terminator 2 ensued.

The attacker was then able to connect a folding keyboard to the ATM’s computer and restart the machine. The newspaper story isn’t crystal clear on the role of the USB device — whether it served as a replacement operating system or merely served to connect the keyboard to the machine (it’s not hard to imagine why this would be so easy, since most ATMs run on some version of Microsoft Windows, which automatically installs drivers for most USB-based input devices).

At any rate, after the thief rebooted the ATM’s computer, he was reportedly able to type the value of the currency notes that he intended to withdraw. According to the story, the thief started by removing all of the R $100 bills, and then moved on to the R $50 notes, and so on.

A crude skimming device removed from an Inova Hospital in Fairfax, Va. last month.

A crude skimming device removed from an Inova Hospital in Fairfax, Va. last month.

As clever as this hack was, the crook didn’t get away: The police were alerted by the central bank’s security team, and caught the thief in the process of withdrawing the funds. Brazilian authorities said they believe the man was being coached via phone, but that the guy they apprehended refused to give up the identity of his accomplice. My guess is the one coaching the thief had inside knowledge about how these machines operated, and perhaps even worked at a financial institution at one point.

These kinds of attacks make traditional ATM skimmer scams look positively prehistoric by comparison. But the sad part is that even really crude skimming devices can be very lucrative and go undetected for months. I was reminded of this last week, when, for the third time in as many months, authorities discovered ATM skimmers at hospitals within a few miles of here. Local police believe the same thieves are responsible for planting all of the fraud devices, which are relatively unsophisticated but nonetheless enabled the theft of thousands of dollars over a period of several weeks.

Continue reading →


20
Sep 11

Gang Used 3D Printers for ATM Skimmers

An ATM skimmer gang stole more than $400,000 using skimming devices built with the help of high-tech 3D printers, federal prosecutors say.

Before I get to the gang, let me explain briefly how ATM skimmers work, and why 3D printing is a noteworthy development in this type of fraud. Many of the ATM skimmers profiled in my skimmer series are carefully hand-made and crafted to blend in with the targeted cash machine in both form and paint color. Some skimmer makers even ask customers for a photo of the targeted cash machine before beginning their work.

The skimmer components typically include a card skimmer that fits over the card acceptance slot and steals the data stored on the card’s magnetic stripe, and a pinhole camera built into a false panel that thieves can fit above or beside the PIN pad. If these components don’t match just-so, they’re more likely to be discovered and removed by customers or bank personnel, leaving the thieves without their stolen card data.

Enter the 3D printer. This fascinating technology, explained succinctly in the video below from 3D printing company i.materialise, takes two dimensional computer images and builds them into three dimensional models by laying down successive layers of powder that are heated, shaped and hardened.

3D printing in action from i.materialise on Vimeo.

Apparently, word is spreading in the cybercrime underworld that 3D printers produce flawless skimmer devices with exacting precision. Last year, i-materialise blogged about receiving a client’s order for building a card skimmer. The company said it denied the request when it became clear the ordered product was a fraud device.

3D printer firm i.materialise received and promptly declined orders for this skimmer device - a card acceptance slot overlay

In June, a federal court indicted four men from South Texas (PDF) whom authorities say had reinvested the profits from skimming scams to purchase a 3D printer. According to statements by the U.S. Secret Service, the gang’s leader, Jason Lall of Houston, was sent to prison for ATM fraud in 2009. Lall was instrumental in obtaining skimming devices, and the gang soon found themselves needing to procure their own skimmers. The trouble is, skimmer kits aren’t cheap: They range from $2,000 to more than $10,000 per kit.

Secret Service agents said in court records that on May 4, 2011, their undercover informer engaged in a secretly taped discussion with the ring’s members about a strategy for obtaining new skimmers. John Paz of Houston, one of the defendants, was allegedly the techie who built the skimming devices using a 3-D printer that the suspects purchased together. The Secret Service allege they have Paz on tape explaining the purchase of the expensive printer.

“When [Lall was] put in jail, we asked, ‘What are we going to do?’ and we had to figure it out and that’s when we came up with this unit,” Paz allegedly told the undercover officer.

Continue reading →