Easily the most-viewed post at krebsonsecurity.com so far has been the entry on a cleverly disguised ATM skimmer found attached to a Citibank ATM in California in late December. Last week, I had a chance to chat with Rick Doten, chief scientist at Lockheed Martin‘s Center for Cyber Security Innovation. Doten has built an impressive slide deck on ATM fraud attacks, and pictured below are some of the more interesting images he uses in his presentations.
According to Doten, the U.S. Secret Service estimates that annual losses from ATM fraud totaled about $1 billion in 2008, or about $350,000 each day. Card skimming, where the fraudster affixes a bogus card reader on top of the real reader, accounts for more than 80 percent of ATM fraud, Doten said.
Click the individual images below for an enlarged version.
An ATM skimmer that fits over the card insert slot An ATM skimmer panel that fits directly on top of the real ATM Image at left shows a PIN capture device overlay. The image on the right shows the actual card skimmer attached (right edge)
A closeup of the ATM card skimmer removed from the face of the ATM Some ATMs are in building lobbies that require visitors to swipe their ATM card at the door. This device was found attached to the reader at a lobby entry. This ATM door skimmer was originally flush with the device. The skimmer and the real reader have been pulled away from the face to better show the two devices. ATM PIN capture overlay device pulled back to reveal the legitimate PIN entry pad.
A brochure rack was outfitted with a spy camera to record PINs in conjunction wtih a skimmer. By the end of 2004, 70 percent of all new ATMs shipped worldwide were Windows-based, according to Lockheed’s Rick Doten A Diebold spokesperson estimates that 90 percent of Diebold’s global shipments are now Windows-based ATMs — Rick Doten
Have you seen:
Would You Have Spotted This ATM Fraud?…The site also advertises a sort of rent-to-own model for would-be thieves who need seed money to get their ATM-robbing businesses going. “Skim With Our Equipment for 50% of Data Collected,” the site offers. The plan works like this: The noobie ATM thief pays a $1,000 “deposit” and is sent a skimmer and PIN pad overlay, along with a link to some videos that explain how to install, work and remove the skimmer technology.