Commercially available ATM skimmers

Brian Krebs continues his excellent series of posts on ATM skimmers, this time with a report on the state of the art in commercially available artisan-crafted skimmers that can be bought through the criminal underground (accept no imitations!):
Generally, these custom-made devices are not cheap, and you won't find images of them plastered all over the Web. Take these pictures, for instance, which were obtained directly from an ATM skimmer maker in Russia. This custom-made skimmer kit is designed to fit on an NCR ATM model 5886, and it is sold on a few criminal forums for about 8,000 Euro -- shipping included. It consists of two main parts: The upper portion is a carefully molded device that fits over the card entry slot and is able to read and record the information stored on the card's magnetic stripe (I apologize for the poor quality of the pictures: According to the Exif data included in these images, they were taken earlier this year with a Nokia 3250 phone).

The second component is a PIN capture device that is essentially a dummy metal plate with a look-alike PIN entry pad designed to rest direct on top of the actual PIN pad, so that any keypresses will be both sent to the real ATM PIN pad and recorded by the fraudulent PIN pad overlay.

ATM Skimmers: Separating Cruft from Craft ATM skimmer -- could you spot it in the wild? Accused ATM-skimmer swallows USB drive in custody, doctors remove ... HOWTO build an RFID skimmer ATM skimmers: man, these things are scary Local man finds card skimmer on ATM Gadgets Read the rest

Phishing as a day-job

A single person in Nigeria is responsible for creating 1,100 phishing sites, as reported by Phishlabs after clever experiment that allowed them to monitor the use of phishing toolkits in the wild. The fraudster set up two to three phishing sites a week.

Meanwhile, the Anti-Phishing working group attributes two thirds of phishing attacks to a gang called "Avalanche."

About a year and a half ago, investigators at Charleston, S.C. based PhishLabs found that one particular backdoor that showed up time and again in phishing attacks referenced an image at a domain name that was about to expire. When that domain finally came up for grabs, PhishLabs registered it, hoping that they could use it to keep tabs on new phishing sites being set up with the same kit...

PhishLabs determined that most of the phishing sites were likely set up by a single person -- a man in Lagos, Nigeria that PhishLabs estimates was responsible for about 1,100 of the phishing sites the company tracked over the 15 month experiment.

"This guy was setting up two to three new phishing sites each day," Phishlabs founder and president John LaCour said. "If you accept conservative estimates, that this guy is stealing about 10 [sets of] banking credentials per phish, and that conservatively each of these stolen credentials causes $500 in losses, we're talking about more than $4 million a year he's probably making."

When PhishLabs plotted the guy's daily online activity, the resulting graph displayed like a bell curve showing the sort of hourly workload you'd typically see in a regular 9-5 job, LaCour said.

Read the rest

Mobile ad

ATM skimmers: man, these things are scary

Brian Krebs continues to scare the pants off of me with his ongoing series on sophisticated ATM skimmers (devices that capture your card number, working with a hidden camera to catch your PIN). His slideshow of next-gen skimmers has me convinced that there's no way I'd notice a skimmer on an ATM that I was using: "According to Doten, the U.S. Secret Service estimates that annual losses from ATM fraud totaled about $1 billion in 2008, or about $350,000 each day. Card skimming, where the fraudster affixes a bogus card reader on top of the real reader, accounts for more than 80 percent of ATM fraud, Doten said."

ATM Skimmers, Part II Previously: ATM card skimmer in real life -- Boing Boing Gadgets ATM skimmer -- could you spot it in the wild? Read the rest

ATM skimmer -- could you spot it in the wild?

Brian Krebs's "Krebs on Security" features an ATM skimmer that is chillingly well-camouflaged. After seeing photos of early, crude skimmers -- devices that capture your card number and work in concert with a hidden camera that records you punching in your PIN -- I assumed that I could rely on my own powers of observation to keep from falling victim to one. Now I don't think I can be so sanguine. Be sure to follow some of the links in the post for some hair-raising examples of the form.
This particular skimmer was found Dec. 6, 2009, attached to the front of a Citibank ATM in Woodland Hills, Calif. Would you have been able to spot this?

This is fairly professional job: Notice how the bulk of the electronics fit into the flap below the card acceptance slot. Also, check out the tiny pinhole camera (pictured below), ostensibly designed to switch on and record the victim's movements as he or she enters their PIN at the ATM.

Would You Have Spotted the Fraud? (via Neatorama) Previously:Mouse nesting in ATM Boing Boing African ATM offers eight languages - Boing Boing Boing Boing: Fake ATM receipts for sale Citibank PIN/ATM fiasco "worst ever," involves more banks - Boing ... UK ATM cards' chips defeated with discount airfares - Boing Boing Ripoff: Visa/Mastercard's "Foreign transaction fee" - Boing Boing Boing Boing: Crook reprograms ATM in PA to think $20s are $1s Read the rest

Money Mules

Kevin Poulsen at Threat Level has a great item up about the growing menace of "money mules." The term refers to bank customers who've been conned into unwittingly laundering cash that hackers have stolen from business bank accounts. The con and the funny phrase have been around for a while, but the US Federal Deposit Insurance Corporation issued a new warning to American financial institutions about the increasing spread on Thursday. Snip:
Using specialized Trojan horse malware, cybercrooks have been intercepting web-banking credentials from the computers of small and midsize businesses, and then initiating wire transfers to mules around the country. The mules are consumers who’ve been lured into fake work-at-home scams, in which their employment involves receiving money transfers and then forwarding the funds to Eastern Europe, either directly or through other mules.

The scheme has exploded in the last year, with the FBI estimating losses at $40 million so far, according to a recent story from reporter Brian Krebs, who’s been closely following the attacks.

FDIC Warns Banks to Watch for 'Money Mules' Duped by Hackers [ Threat Level via @glennf ]

[ Image: Bank Safe Online UK ] Read the rest

Who scrubbed Wikipedia's entry for Sarah Palin just before nom announcement?

Friday's edition of the NPR program All Things Considered included a piece by Yuki Noguchi on some suspicious whitewashing that went down in Sarah Palin's Wikipedia entry just before she was revealed as the GOP's candidate for vice-president. Snip:
Someone – and apparently it was just one person – felt like the existing biography wasn't appropriate for a vice-presidential candidate. On Friday, 15 minutes before the rumor that John McCain had picked Palin as his running mate, a Wikipedia editor discovered 30 mostly favorable changes had been made to the Alaska governor's profile.

She was called "a politician of eye-popping integrity" and sections on her participation in a beauty pageant and her alleged use of influence to get her former brother-in-law fired were diminished.

That user is one "Young Trigg." He or she was thanked and lauded by other Wikipedia editors for thoroughness, before questions of a possible conflict of interest emerged.

Brian Krebs at the Washington Post writes:

Perhaps more tellingly, some of the same users editing her page were almost simultaneously updating McCain's Wiki entry, adding information dealing with accuracy, sources and footnotes to each.
Palin's Wikipedia Entry Gets Overhaul (NPR) Tug of war over Wiki entry on Palin (SJ Merc) Wikipedia Edits Forecast Vice Presidential Picks (Washington Post) Read the rest

Teacher faces jail time over "accidental porn" in classroom

The Connecticut substitute school teacher who exposed 11 and 12-year-old students to porn in the classroom -- unintentionally, she says, because of malware on an infected PC -- may now go to jail. If her claims are true, she'll be the first American ever jailed for having had the misfortune of being forced to use a buggy school computer, with incompetent or nonexistent tech support from that school's administration despite repeated requests for help.

From the New York Times story excerpted below, it sure sounds like the school administrators bungled the hell out of this one, and are now scapegoating Julie Amero instead of fessing up to their own failure to protect children:

Ms. Amero’s husband, Wes Volle, was emphatic in saying she was clueless about computers and was in over her head once the pop-ups began. Mr. Volle, a graphics designer, accused the school system of sacrificing his wife to deflect attention from its own failure to install effective filters on its computers.

“The computer was infected long before Julie walked into that room,” he said. No other staff members in the southeastern Connecticut district have been charged or are expected to be charged.

During the trial, Robert Hartz, the information services manager for Norwich’s schools, said the computer’s filters that would have blocked such ads were not fully operational, since they had lacked the proper updated information for several weeks.

In an interview, Pam Aubin, superintendent of the Norwich schools, said that Mr. Hartz had ordered an upgrade, but that the supplier had sent it to the wrong e-mail address, using “B” for Bob rather than “R” for Robert in Mr.

Read the rest

Mobile ad

Internet Explorer was unsafe for 284 days in 2006

Security blogger Brian Krebs has calculated that Microsoft Internet Explorer 6 was "unsafe" (that is, vulnerable to known security holes, with no available patches) for 284 days in 2006 -- more than 75 percent of the time. By contrast, Firefox experienced a total of nine days' worth of insecurity last year. Link (via /.) Read the rest

Internet crime predictions for 2007

Brian Krebs at the Washington Post rounds up assessments from computer security experts about the year ahead in internet-enabled crime:
Internet users witnessed yet another wave of spam, worms, viruses and other online attacks in 2005, and experts predict the online world will grow even more dangerous this year. Few believe 2007 will be any brighter for consumers, who already are struggling to avoid the clever scams they encounter while banking, shopping or just surfing online. Experts say online criminals are growing smarter about hiding personal data they have stolen on the Internet and are using new methods for attacking computers that are harder to detect.

"Criminals have gone from trying to hit as many machines as possible to focusing on techniques that allow them to remain undetected on infected machines longer," said Vincent Weafer, director of security response at Symantec, an Internet security firm in Cuptertino, Calif.

One of the best measures of the rise in cybercrime is junk e-mail, or spam, because much of it is relayed by computers controlled by Internet criminals, experts said. More than 90 percent of all e-mail sent online in October was unsolicited junk mail, according to Postini, an e-mail security firm in San Carlos, Calif. Spam volumes monitored by Postini rose 73 percent in the past two months as spammers began embedding their messages in images to evade junk e-mail filters that search for particular words and phrases. In November, Postini's spam filters, used by many large companies, blocked 22 billion junk-mail messages, up from about 12 billion in September.

Read the rest

Update on HOPE speaker Rambam arrested by Feds at event

Following up on this earlier BoingBoing post, Brian Krebs at the WaPo's security blog reports that the FBI is charging Rambam (aka Rombom) with witness tampering and obstruction of justice. Snip:
The complaint, available here as a PDF, charges Rombom with obstruction of justice and with witness tampering, alleging that in April 2006 Rombom impersonated a federal investigator at the request of a client who had hired him to locate a government informant who was central to the client's money-laundering indictment in 2003.

Rombom is a licensed private investigator and founder of Pallorium Inc., which bills itself as the largest privately held online private investigation service in the United States. The government charges that Rombom unlawfully interfered with an ongoing case prosecutors filed against Albert Santoro, a former Brooklyn assistant district attorney who was indicted in Jan. 2003 with one count of money-laundering (prosecutors have accused Santoro of agreeing to launder $100,000 in cash for drug dealers and claiming he knew how to stymie money-laundering investigations); The complaint says Santoro hired Rombom to locate one of the government's confidential informants, whom Santoro has publicly accused of entrapment.

(...) Rombom appeared in U.S. District Court for the Southern District of New York yesterday and was released on his own recognizance. He is scheduled to appear again on Aug. 7. The Washington Post print edition today carries a brief story that draws from this update and reporting from the last two blog posts.

Link to full text of post. And BoingBoing reader Jayzel reminds us that Rambam was "previously involved in a lawsuit against a prominent anti-spam blacklist hosting service." Read the rest

At HOPE hacker con, speaker arrested by Feds (UPDATED)

Washington Post "Security Fix" blogger Brian Krebs reports that Steven Rambam, whose company Pallorium Inc. touts itself as the "largest privately held online investigative service" in America, was arrested today by FBI agents just as he was about to lead a panel discussion at HOPE in NYC. Snip:
Rambam's fellow panelists said four men clad in dark blue FBI jackets quietly entered the auditorium, asked Rambam if he had any weapons on him, and then escorted him out the door along with his laptop and other equipment that contained the PowerPoint slides that were to make up the bulk of his scheduled two-hour presentation.

"If you know Steve then you know he's very flamoyant, and at first I thought it was just PR, you know?" said Kelly Riddle, a private investigator from San Antonio who was to speak alongside Rambam. "So, they asked him to step out in the hallway, placed the handcuffs on him and started to lead him off."

Rambam was going to discuss how he dug up -- in just 4.5 hours of searching private and public databases -- more than 500 pages worth of data on HOPE attendee Rick Dakan, who agreed to be the guinea pig for the project.

Link. No one, including HOPE organizers, has published further details on the arrest at this time.

Reader comment: BoingBoing reader ylbissop, emailing us from the conference where Mr. Rambam was arrested, says:

As I sit here waiting for the engineers of the Grafitti panel at HOPE I decided to look around and saw the post about Steven Rambam.
Read the rest

Selfish Gene: commemorating 30 years of landmark genetics book

On, John Brockman writes,
The toughest ticket in London's West End last week wasn't for a new mega-hit musical from Cameron Mackintosh, or a new play by Tom Stoppard. The people who flocked to The Old Theatre were greeted by famed British radio and television presenter Melvyn Bragg ("Start the Week") with the following opening words:

"They are in you and me; they created us, body and mind; and their preservation is the ultimate rationale for our existence. They have come a long way, those replicators. Now they go by the name of genes, and we are their survival machines."

The words are from The Selfish Gene, by evolutionary biologist Richard Dawkins. And the evening was a celebration of the thirty year anniversary of the publication of his classic book. (...) Physicist and computer scientist W. Daniel Hillis has noted:

"Notions like Selfish Genes, memes, and extended phenotypes are powerful and exciting. They make me think differently. Unfortunately, I spend a lot of time arguing against people who have overinterpreted these ideas. They're too easily misunderstood as explaining more than they do. So you see, this Dawkins is a dangerous guy. Like Marx. Or Darwin."
Part of Dawkins' danger is his emphasis on models derived from cybernetics and information theory, and that such models, when applied to our ideas of life, and in particular, human life, strike some otherwise intelligent people numb and dumb with fear and terror. Some have called the cybernetic idea the most important in 2000 years...since the idea of Jesus Christ.

Read the rest

New Swiss money has AIDS virus, foetus and skull decorations

Bruno sez, "The Swiss National Bank is planning to introduce a new series of Swiss Francs bills. They had a design competition. The winning design features a skull, an embryo, and a rendering of the the AIDS virus. True." Link (Thanks, Bruno!)

Update: Martin points out that the decision isn't final yet: "After acknowledging the jury's decision as to the result of the competition, the Governing Board of the National Bank will decide on the next steps." Read the rest

How the NYT sees the net

Choice quote from the WSJ explains what the NYT thinks of the Internet's potential.
The New York Times' Web site will begin displaying half-page magazine-style ads adjacent to its articles, making its online pages appear more similar to their print counterparts.

"It's a nice, big ad unit," said Jason Krebs, vice president of advertising sales for the "We're trying to make the most of what the Internet can offer."

Link Discuss (via JWZ's LiveJournal) Read the rest

Previous Page