3D print-shop receives an order for an ATM skimmer

Discuss

27 Responses to “3D print-shop receives an order for an ATM skimmer”

  1. Squid Tamer says:

    Imagine if they embedded the skimmer inside another model (such as a big elephant figurine), with the skimmer just held in place by some spokes. It’d be much more difficult to detect, and you could just cut away the outside model to get the skimmer out.

  2. Adam H says:

    It seems that an upcoming legitimate concern with these printers might be using them to build untraceable guns.
    Before you get too skeptical, imagine building a revolver or shotgun, not an automatic, out of high-impact resins. Pretty simple. (remember “In the Line of Fire”) You’re almost intending it to be disposable, so there’s no worries about longevity.

    Now, this might be one of those situations where it’s already really easy to get untraceable regular guns, so no one will bother, but I can’t help but imagine a printer in a basement somewhere, churning out gun parts, or even farming the job out to a few different companies, none of whom would recognize the disassembled pieces as noteworthy.

  3. Anonymous says:

    So, will 3d printers and CNC machines now come from the factory equipped with software to prevent the making of skimmers in the way that color printers are equippped to prevent them from being used for counterfeiting?

  4. knoxblox says:

    As evidenced by the stock photo in the original article, I’m glad that despite some criminals’ cleverness, their workmanship skills still suck somewhat. Got enough silicone on there, buddy?

  5. Stooge says:

    I would like to think that my ATM card is immune to this sort of thing because all the banks around here switched to smart cards a couple of years ago.

    How secure your smart card is may depend on where ‘here’ is. In many countries smart cards using SDA (static data authentication) are still being used, rather than the more secure DDA or CDA. SDA has a couple of giant security holes, but from the point of view of a skimmer the one that counts is that the data transferred between terminal and card are unencrypted. As a result, the skimmer only has to acquire the account number being sent by the card to the terminal, and the entered PIN sent by the terminal to the card. Assuming the PIN is valid, that’s all the data that’s required to create a pseudo-clone of the card in magnetic strip form for immediate use in a country that doesn’t yet use Chip & PIN.

  6. Anonymous says:

    I’m studying to be a machinist, and all I have to say is that if someone makes a plastic gun, and then attempts to fire it, their new nickname is likely to be “Lefty.” Or maybe “One-Eye.” The “plastic” guns out there have sizable amounts of metal in them, especially around little things like barrel and breech – you’re looking at 20,000 psi pressures (and more…), and when you consider that the plastic pipe you buy at the hardware store is good for about 200 psi, things start to come into alignment.

  7. tylerkaraszewski says:

    But there are lots of non-infringing uses for that! I only use mine for downloading Linux distributions. It’s totally unfair that they’d try and keep me from having one.

    • Glenn Fleishman says:

      I know tylerk is kidding, but I agree. Why should a 3D printing shop be the arbiter for what’s legal? This seems to be counter-Cory.

  8. Anonymous says:

    It makes me wonder if future 3D printers will have something akin to the tracking dot pattern of laser printers. Like a series of small bubbles in the item that can be revealed by taking a cross section.

    http://w2.eff.org/privacy/printers/docucolor/

  9. dainel says:

    Another option would have been to contact the police, and ask them if they should fulfill the order anyway. They could then track down the person who ordered it and then get the whole gang.

  10. dainel says:

    I would like to think that my ATM card is immune to this sort of thing because all the banks around here switched to smart cards a couple of years ago.

  11. mlp says:

    Holy smokes. Materialise’s offices are in the town I live in, and their lobby has a fantastic gallery of 3D models they’ve printed. They do really good work — if this had gotten through, I’m convinced it would have been undetectable. Good on them for catching it.

  12. joris says:

    @mlp,

    Thank you for your kind words. If you ever want a tour of 3D printing facility in Leuven you can email joris (@) i.materialise.com and I’ll take you round.

    Joris

  13. Marktech says:

    From the OA:

    after communication with the customer, the decision was made to decline the order. We do not support criminal activity and will do everything in our power to prevent possible crimes.

    Nice to know that they turned the work down after talking with the customer. But where’s the bit where they told the police?

  14. joris says:

    @Marktech

    From what I understand, while ATM skimming is illegal it is, depending on your jurisdiction, not illegal to make parts for an ATM skimmer. Once you do use it to scam someone, then fraud kicks in for the act of intending to steal money from someone using subterfuge. Much in the same way as it might be legal for you to own and make a knife but you would get into trouble for taking that knife into a bank and waving it around threateningly at people.

    P.S., I tried to check online to find out more and managed to Google one of the funniest comments ever on a forum. “anyone know of any reputable atm skimmer sellers?” http://www.zoklet.net/bbs/showthread.php?t=112926
    (I’m not entirely sure if this is a safe link to go to)

    • Anonymous says:

      Sure, Making or owning a skimmer may well be legal. But owning or ordering one would, I think constitute probable cause for a search warrant.

    • kmoser says:

      Yeah, the order might have been placed by a bank, or somebody doing legitimate research into ATM skimmers. By failing to produce it for them, they may have inadvertently contributed to weaker security and thus more people being scammed.

      • bcsizemo says:

        Yes, but to play another devils advocate…there would be a paper trail from any large institution like a bank or university.

        ie: things with letter head of the company/university, contracts with other companies, or at least email communications (with potential contact information if required).

        Obviously bad things have to exist so we can learn how to work to make things better (or least stop them), but if you are the sell and get a bad vibe from the buyer I’m all for stepping back and doing business else where.

        Commonsense, sometimes it’s not so common.

  15. ablebody says:

    Give the swipe mechanism a hearty yank each and every time you’re about to use your card. Vigorous exercise, even at a minimum, often foils the lazy thief.

  16. andygates says:

    Clearly this shows a market for uncensored 3D printing services. Cue the Pirate Printer!

    (I can’t tell if I’m joking or not.)

  17. Anonymous says:

    And cue the countdown until the design is resubmitted with appropriate spurs and other decorations to hide its true purpose from the 3d police.

    Wonder if there will be 3d captchas where you have to look at a VRML model and decide if it could be a skimmer or not… :)

    -jeff

  18. jmnugent says:

    Of course, i.materialise has the option to reject any order they don’t feel comfortable with, but to play Devils Advocate, there are legit reasons to have a skimmer faceplate. Could be an anti-fraud researcher, could be a college thesis that requires examples,etc. Like many other things in life, we should be focusing on the use/action and not the object. (IE: I could have a whole warehouse of skimmer faceplates and not be harming anyone. It’s the ACTION of using one to defraud a victim that’s the problem)

Leave a Reply