What would you do if you were on vacation abroad, and you found a skimmer attached to an ATM? Security consultant Matt South discovered a camera attachment on an ATM in Bali, Indonesia, and decided to bring it back to his hotel to take it apart. He found a plastic enclosure that contained a modified motion-activated spy camera, and four holes that turned out to be a USB port.
This system may have intercepted users’ card information through an additional skimmer on the data cable, or it may have captured card data using an almost undetectable deep insert skimmer inside the card slot. To capture users’ PINs, it used a pinhole camera on what appeared to be the hand guard on the ATM.
Have you ever wondered how skimmers with pinhole cameras work? Here’s some actual footage pulled from the camera, where you can see that the beeping sound when someone taps a button is useful toward deciphering the PIN.
North decided not to entangle himself with the local cops, but he did contact the bank that owned the ATM. He never heard anything back, but not long after his visit learned that police in Bali caught a man from Bulgaria and accused him of installing a similar skimmer on a supermarket ATM.
Check out his site if you’re interested in reverse-engineering scam technology: even if you aren’t a big techie, it’s useful to see what ATM parts are being remade into skimmers. Experts say that a useful way to detect exterior skimmers is to jiggle molded parts of the ATM like the card slot or hand guard to see if they come loose: parts that don’t belong may be attached with double-sided tape or even Velcro.
Can’t Hack a Hacker: Reverse Engineering a Discovered ATM Skimmer [Trust Foundry]
Crooks Go Deep With ‘Deep Insert’ Skimmers [Krebs on Security]
by Laura Northrup via Consumerist
No comments:
Post a Comment