All-in-One Skimmers

ATM skimmers come in all shapes and sizes, and most include several components — such as a tiny spy cam hidden in a brochure rack, or fraudulent PIN pad overlay.  The problem from the thief’s perspective is that the more components included in the skimmer kit, the greater the chance that he will get busted attaching or removing the devices from ATMs.

Thus, the appeal of the all-in-one ATM skimmer: It stores card data using an integrated magnetic stripe reader, and it has a built-in hidden camera designed to record the PIN sequence after an unsuspecting customer slides his bank card into the compromised machine.

The model displayed here is designed to work on specific Diebold ATMs, and can hold a battery charge for two to four days, depending on ambient temperature and the number of customers who pull money out of the hacked ATM.

Functionally, it is quite similar to the all-in-one model pictured in the very first skimmer post in this ATM skimmer series, although its design indicates it may be identical to the one pictured here, which was found on a Wachovia ATM just a couple of miles from my home earlier this year.

The tiny pinhole camera in the image above is angled so that it points at the PIN pad below and to the left, recording the victim’s 4-digit personal identification number to a flash-based memory card.

The real danger for the thief comes when he has to return to the scene of the crime to retrieve the skimmer, which contains not only the stolen card data that allows him to make counterfeit copies of the swiped cards, but also short, timestamped videos of each victim’s PIN.

Thieves interested in hoovering up the captured data remotely might seek to invest in a skimmer that can transmit the purloined data wirelessly via Bluetooth or SMS/text message, as I wrote about in this post. However, wireless skimmers tend to cost quite a bit more than this model, which I found advertised on an exclusive underground forum: It is hand made to the customer’s specifications, and costs slightly more than $5,000 USD. Ah, but don’t count on paying for this badboy with a credit card: The seller only accepts cash (Western Union/Moneygram) or virtual currencies, such as WebMoney.

[EPSB]

Have you seen:

Crooks Rock Audio-based ATM Skimmers…The European ATM Security Team (EAST) found that 11 of the 16 European nations covered in the report experienced increases in skimming attacks last year. EAST noted that in at least one country, anti-skimming devices have been stolen and converted into skimmers, complete with micro cameras used to steal PINs. EAST said it also discovered that a new type of analogue skimming device — using audio technology — has been reported by five countries, two of them “major ATM deployers” (defined as having more than 40,000 ATMs).

[/EPSB]

Оставьте комментарий