July 16, 2013

Cybercrooks can be notoriously cheap, considering how much they typically get for nothing. I’m reminded of this when I occasionally stumble upon underground forum members trying to  sell a used ATM skimmer: Very often, the sales thread devolves into a flame war over whether the fully-assembled ATM skimmer is really worth more than the sum of its parts.

Card skimmer device made for Wincor/Nixdorf ATMs

Card skimmer device made for Wincor/Nixdorf ATMs

Such was the fate of an audio-based ATM skimmer put up for sale recently on a private crime forum. The seller, a Ukrainian, was trying to offload a relatively pro-grade skimmer powered by parts cannibalized from an MP3 player and a small spy camera. The seller set the price at $2,450, but made the mistake of describing the device’s various parts, all of which can be purchased inexpensively from a variety of online retailers.

For example, he told forum members that the main component in the card skimmer as an MSR-605, which is a handheld magnetic stripe reader of the sort that you might find attached to a cash register/point-of-sale machine at a retail clothing store, for example.

This ubiquitous device can be had for approximately $200 at a number of places online, including Newegg.com and Amazon.com. The seller went on to describe the inexpensive flash storage drive that was incorporated in his device, and the modified tiny video camera that was hidden on the underside of a fake fascia designed to be affixed to the top of the ATM and record victims entering their PINs.

This tiny spy camera powers the fake ATM fascia that records victims entering their PINs.

This tiny spy camera powers the fake ATM fascia that records victims entering their PINs.

The image below shows the fake fascia as it appears from the side meant to be pointed toward the PIN pad. IMG_1871

This sales thread goes on for several pages, and the seller — beset on all sides by fraudsters charging that skimmer set is grossly overpriced — begins lowering the price. “Go ahead and use the cheap Chinese skimmers and see how they work!” the seller retorted to hecklers on the forum.

The MSR-605 components combined with a battery and flash drive. The red stuff is 3M double-sided tape.

The MSR-605 components combined with a battery and flash drive. The red stuff is 3M double-sided tape.

It’s unclear from the sales thread whether this skimmer seller ever managed to attract a buyer. However, two young men in Russia were arrested earlier this year for using a skimming set that was remarkably similar to this model.

31 thoughts on “Getting Skimpy With ATM Skimmers

  1. lazy nonsense

    браен где эксклюзив ипать тебя в очко ? скимеры уже давно не актуальная тема .

    Did you lost your MOYO or something !!??

    skimmers has been around since 1995 , . i sell you one cheaper if you want to :))

    just waisted 10 min of my time reading this c**p .

    P.s come on Brian im sure you can do better then this nonsense .

    1. saucymugwump

      At the risk of generalizing, I would classify Brian’s readers into three categories:
      1) Ordinary people who are intelligent enough to realize that the world is full of snake oil salesmen and grifters; these people are trying to keep their lives free of crime as much as possible,
      2) IT professionals whose job requires them to stay current on such things, and
      3) Professional criminals whose only interest here may be to discover just how much of their nefarious activities have been discovered.

      The first two groups are very much interested in articles of this sort, though the second group, sometimes consisting of white hat hackers, may already know much of this. The third group, largely consisting of Russian, but also Chinese, North Korean and other nationalities of criminals, earn their living in this arena and therefore are already quite familiar with the subject.

      We of the first two groups salute the work Brian is doing.

      1. stormy

        Fascinating how you seem to think that because the bulk of the amerisphere press talks only about chinese hackers only non-americans can be cyber criminals ^^

        1. saucymugwump

          From reading this blog, I am of the opinion that there are many American hackers, but they tend to be young clowns like Justin Poland who are too juvenile to read this kind of material (until Brian features them, of course). Of course, there are professional American hackers, e.g. the NSA crowd, but I have to wonder how many of them read Brian’s blog because they are the best of the best and, one would assume, already know much of this. Brian often has Russians commenting here, with the proof being Cyrillic letters.

          Please keep in mind that I was writing about Brian’s readership, not hackers in general; I did write “largely consisting of.” If Brian announces that his readership includes many U.S. Spy vs. Spy types, then I will retract my assertion.

        2. saucymugwump

          Two more things.

          I read more European news than American news.

          I see a large difference between:
          – largely Russians who steal from American companies and individuals for personal gain, and
          – the U.S. government which is trying to prevent Iran from obtaining nuclear weapons and trying to prevent Islamic killers from taking part in jihad on American territory.

          1. stormy

            “Brian often has Russians commenting here, with the proof being Cyrillic letters.”
            — Krebsonsecurity supports UNICODE : I could also insert Cyrillic, Kanji or Farsi-specific chars in my comment and you will never know whether I’m bulgarian, japanese or iranian…

            — As for your next comment :
            To be clear, when I speak of the “amerisphere”, I’m talking about the american republic and client states, which to the best of my knowledge tend to be : the whole European Union, the rest of North America, Central America, some states in South America (I’m referring mostly to Peru), some states in Africa and the Middle-East that are under direct US control, South Korea and Oceania as a whole. I may be missing some, but that’s about it.

            The fact I’m pointing to here is that we’re only aware of the attacks directed against us, not the other way around. Six months ago we would never have guessed that NSA and GCHQ were probing virtually all communications on the tubes. Generalizing that 90% of those hacking for profit are Russians/Chinese/ is the next step. Hey, we would never ever do anything for profit only, right? xD

            1. saucymugwump

              “I could also insert Cyrillic, Kanji or Farsi-specific chars in my comment”

              Except that I studied Russian in school so I would recognize your Cyrillic scrawls, not to mention that Brian and others would comment on your nonsensical sentences. As for Farsi, we know how much you love Iran.

              “I’m talking about the american republic and client states”

              Why stop there? Why not use the expression communists, Marxists, anarchists, and Trotskyites used during the 1960s, i.e. “amerika” substituted for “America” or “the USA.”

              P.S. Why don’t you put your money where your mouth is? Move to Iran, North Korea, Cuba, Belarus, China, or another totalitarian paradise and shoot your mouth off. See how long you remain a free person.

        3. Rick Zeman

          Well Stormy, it seems that the Russians want our money, and the Chinese want everything that makes us money.

          1. saucymugwump

            Stormy sounds like the person formally known as Richard Steven Hack, someone who hates the USA and therefore adjusts his entire outlook accordingly.

            Thanks for mentioning China. I only denigrated Russia, but what you said is true: Russians tend to hack for personal gain and Chinese tend to hack for gain as a country. Der Spiegel often reports on how Chinese hackers and “businessmen” steal German technology, so China does not concentrate solely on the USA.

            1. stormy

              wow, that was emotional. Obviously touched a soft spot here xD. Meh, sad but true, zealots and haters react the same in every country, you are a real-life example of that. Go ahead kid, do believe I hate freedom, french fries and everything that’s good in life, you’ll certainly sleep better xD. In the meantime, I’ll go back to enjoying Brian’s articles, which, unlike you, interest me quite a bit.

              PS: By the way, it’s a funny name you gave me, someone whose name is actually ‘Hack’, sounds almost like a fake … can I formally call you Bob? 🙂

  2. BrianKrebs Post author

    I love that you’ve left your comment in both Russian and English, even if the gist of it isn’t the same in both. I’d be curious to hear from you about ideas you deem worthy of coverage.

    You know how to get in touch with me privately if you’d like to share.

    1. lazy nonsense

      We are very interesting in PRISM program such as the interception of US and European telephone metadatahe and Tempora Internet surveillance programs .Im sure that if you talk to Mr Edward Snowden he can give you some very interesting information /ideas regarding this issue : )) Dig deep .Shake that tree .

      That would be well worth writing an article about . imagine all that traffic you will get to your site . You even may be able to pay off your mortgage earlier : ))

  3. Haggis

    I have seen one of these made out of an old Nokia 3210 Mobile phone lol

  4. John

    Maybe he should spend less time trying to sell his shitty skimmer and more time stripping exif data from his pictures.

    1. Madmonkey

      Nice work man, that’s how people found out the location of John Mcafee when he was on the run.

  5. rb

    I’m reminded of a story I once heard about a retired engineer who was called in to troubleshoot a piece of machinery. He found the problem and indicated its location with an “X” on the piece of equipment, and billed the company $10,000. When asked for a detailed account of the bill, his response was something like, “Piece of chalk: $1. Knowing where to put the X: $9999.” Yes you can buy parts cheaply, but it’s the integration that costs $$$. Not that I am endorsing criminal activity; indeed, these people will pay for their crimes, sooner or later.

  6. IA Eng

    Hummm I wonder if those pics can be sharpened up a little bit and some fingerprints be lifted from those fingers.

    Sometimes – most of the times, money overrules common sense practices like mentioned above – A potential print and info about the pics, I am sure if some one is saavy enough, this person is an easy find.

    Are skimmers on the way out? I think of them as a last resort, no? For those that have used them, I am sure a few have been found. Banks probably have emailed each other and are on the lookout for such things. Unless the crook is willing to travel some distance from their neighborhood, skimming locations may be very limited.

    A few years ago, a crook was looking over an ATM and left. A few hours later him and his buddy threw bricks through the closed store window, tied up the ATM with straps and chain ( I think) and hooked it up to the stolen truck they were driving. The driver hit the gas and yanked the ATM right out of its anchors. Both guys picked up the ATM, threw it in back of truck and drove off.

    Is that a form of Skimming?

    1. billy

      Yeah, most atm’s have gps trackers in them for this very reason…

      1. IA Eng

        It doesn’t matter. By the time the cops show up – if the place is alarmed, or the owner of the shop finds it missing the next day and – If they can find the contact information for the now stolen ATM, its too late.

        At least, the cash is removed from the machine, and if there is any electronics that may hold CC info, they may take that as well. The smart crooks then deep six the unit in water and it more than likely will never be found.

        GPS’s may have their own power source in case one is stolen. I am sure it probably has a battery pack somewhere . Remove that power source from beaconing and the crooks have a little more time to gawk at the ATM. Or they just put it in an all metal building where transmissions ( the radio type – not the car part) might be prohibited in calling home.

        I’ve never had the chance to see the inside of a small ATM, so its a guess that it has some sort of storage capacity be it a small hard drive or other means, like a flash card. Hopefully the data on the device is encrypted – with something other than DES.

        I am sure a crook armed with a crow bar and a sledge (if required) can have the atm box open in minutes. Grab the cash, drive across a bridge with water underneath it and the rest is up for pondering.

        Anyways – I say if your going to go that far some may wish to get richer at a bigger heist. probably has the same penalty in the end….. JAIL !

  7. Nutski

    Thanks for the tip on the Exif! Took the pix in the Ukraine!

    Slov’yans’k, Donetsk Oblast, Ukraine, 84100

  8. The Utah Data Center/N.S.A./ Area 51/Room 641A

    Real neat, photo’s you would think that cyber criminals wouldn’t be so open in showing their wares

    1. IA Eng

      All of this is free advertisement for them. I am sure the crooks want free publicity, much like the celebs in Hollywood do.
      It may be good for their business that other crooks who read this site, can then hook up with more of the same.
      Before we know it, Mr. Krebs may have more readers that are crooks, than honest citizens !

  9. Stratocaster

    As Shakespeare observed over four centuries ago, there is no honor among thieves.
    “A plague upon it when thieves cannot be true one to another!”
    —Sir John Falstaff, Henry VI, Part 1

  10. Rafeale101

    Yes Brian free publicity it’s not the parts it’s how they come together, I’m sure you know ths by now? Yes from the king himself????

Comments are closed.