Features Podcasts Family Video Comics Music Tech Science Books Film & TV Games ✚

Jill

Commercially available ATM skimmers

Cory Doctorow at 11:47 am Thu, Jun 3, 2010

— FEATURED —

Book Review

Black Code: how spies, cops and crims are making cyberspace unfit for human habitation

Book Review

We Can Fix it! - a graphic novel time travel memoir

Science

The technology that links taxonomy and Star Trek

— FOLLOW US —

Boing Boing is on Twitter and Facebook. Subscribe to our RSS feed or daily email.

 

— POLICIES —

Except where indicated, Boing Boing is licensed under a Creative Commons License permitting non-commercial sharing with attribution

 

— FONTS —

Tweet
Kindle
Brian Krebs continues his excellent series of posts on ATM skimmers, this time with a report on the state of the art in commercially available artisan-crafted skimmers that can be bought through the criminal underground (accept no imitations!):
Generally, these custom-made devices are not cheap, and you won't find images of them plastered all over the Web. Take these pictures, for instance, which were obtained directly from an ATM skimmer maker in Russia. This custom-made skimmer kit is designed to fit on an NCR ATM model 5886, and it is sold on a few criminal forums for about 8,000 Euro -- shipping included. It consists of two main parts: The upper portion is a carefully molded device that fits over the card entry slot and is able to read and record the information stored on the card's magnetic stripe (I apologize for the poor quality of the pictures: According to the Exif data included in these images, they were taken earlier this year with a Nokia 3250 phone).

The second component is a PIN capture device that is essentially a dummy metal plate with a look-alike PIN entry pad designed to rest direct on top of the actual PIN pad, so that any keypresses will be both sent to the real ATM PIN pad and recorded by the fraudulent PIN pad overlay.

ATM Skimmers: Separating Cruft from Craft
  • ATM skimmer -- could you spot it in the wild?
  • Accused ATM-skimmer swallows USB drive in custody, doctors remove ...
  • HOWTO build an RFID skimmer
  • ATM skimmers: man, these things are scary
  • Local man finds card skimmer on ATM Gadgets

I write books. My latest is a YA science fiction novel called Homeland (it's the sequel to Little Brother). More books: Rapture of the Nerds (a novel, with Charlie Stross); With a Little Help (short stories); and The Great Big Beautiful Tomorrow (novella and nonfic). I speak all over the place and I tweet and tumble, too.

MORE:  Business • Gadgets

More at Boing Boing

The technology that links taxonomy and Star Trek

Hackers prepare for first "national holiday" in their honor

  • Anonymous

    There is a technology that surpasses the common mag stripe, Citicorp used it extensively during the 1980′s; it’s the “Magic Middle” which uses a series of metal bits laminated between the CC or Debit card layers. The pattern is unique to the master account to which the card is linked, the number sequence the pattern represents is huge, on the order of 4k bytes, and is encrypted prior to transmission upline for verification and authentication of the card and the linked access code or PIN. (aka “cracking Magic Middle”)

    The card reader is essentially a sequence magnetometer which evaluates both the bit position and relative field strength reading of each bit. This could be improved with the addition of a unique holographic image, and/or making the bit pattern an array, rather than a simple sequence. (Patent Pending!)

    This technology is vastly more secure than mag stripe and prevents the skimmers from doing anything like what we’ve been seeing.

    I expect this could replace the mag stripe in a very few years..providing of course there is some substantial fiscal reward for the patent holders to do so!

    • Anonymous

      methinks this is called the weigand principle :)

  • Phlip

    How do you attach the skimmer without the security camera seeing you?

    (I know I know – trade secret!

    (In other news, an Australian initiative, IIRC, to reduce LEGAL skimming from POS transactions, on cards, was quietly absorbed by retailers, who did not lower their prices for consumers..;)

    • Daemon

      Camera doesn’t help – they can just install them in the middle of the night while wearing a mask. Nobody looks at security tapes until after they’ve realized something is wrong.

      Problem is, the bloody things look real enough that they can stay installed for some time without anyone noticing.

  • MollyMaguire

    and you can pay for it just by swiping your card.

  • phead

    I always inspect the machine, but I was looking for a camera, I had never heard of pad overlays.

    Chip and pin may help, but here in the UK that has been cracked more than once. A line of garages was targeted and “engineers” replaced many of their c&p readers with dodgy versions, the whole chain had to switch back to signatures for several months.

  • JoshP

    Time for a tech update? RFID on cc? Is the magnetic stripe on the way out? Hrmm.
    I know.. We can make them blu-ray compatible.

  • Prolagus

    Would you trust buying a $8,000 item on a criminal forum?

    • hassenpfeffer

      Sure. Honor among thieves.