More on Wiretapping ATM Skimmers

Last month, this blog featured a story about an innovation in ATM skimming known as wiretapping, which I said involves a “tiny” hole cut in the ATM’s front through which thieves insert devices capable of eavesdropping on and recording the ATM user’s card data. Turns out, the holes the crooks make to insert their gear tend to be anything but tiny.

Not long after that post went live, I heard from the folks at NCR, one of the world’s largest cash machine manufacturers. NCR had put out a bulletin on the emergence of this very threat in Sept. 2014, saying the activity had first been spotted in the United Kingdom against NCR 5877 and 5887 models.

As I noted in my original story, the attackers use a plastic decal to cover up the hole, but NCR’s photos of one ATM compromised by this method offer a better look at what’s going on here. Take a look at the size of that hole:

A hole left by crooks who added "wiretapping" or "eavesdropping" theft devices to a compromised ATM.

A hole left by crooks who added “wiretapping” or “eavesdropping” theft devices to a compromised ATM. Image: NCR.

“In this attack, the ATM fascia is penetrated close to the card reader to create a hole large enough for the attacker to reach inside the ATM and place a tap directly onto the card reader in order to skim card data as it is read by the ATM,” NCR said in an advisory it produced on the increasingly common attacks.

According to NCR, the emergence of this type of skimming attack is a response to the widespread availability of third party anti-skimming technology which is successful at preventing the operation of a traditional skimmer, placed on the outside of the ATM.

“Card reader eavesdropping skimmers are placed in a location that third party anti-skimming technology necessarily cannot protect, since the ATM must be capable of reading the card,” the advisory notes. “This [technique] has previously been seen in Ireland and the Netherlands, and can be expected to grow as traditional skimming is prevented.”

NCR observed that crooks employing this attack are using a variety of methods to create the hole in the front of the ATM. Modern ATMs often now include sensors that can detect vibrations consistent with drilling or cutting tools, so some thieves have taken to melting the ATM fascia in some cases.

“Melting techniques have been observed which can circumvent seismic anti-drilling sensors,” NCR said.

If the idea of ATM bandits taking a blowtorch to the cash machine sounds extreme, at least they’re not trying to blow the ATM to smithereens. According to quarterly reports from the European ATM Security Team (EAST), ATM attacks in which the fraudsters attempt to blast open the machine with explosive gas are on the rise.

A gas cylinder and pipe found fitted at a compromised ATM before it could be detonated. Source: EAST.

A gas cylinder and pipe fitted at a compromised ATM. Source: EAST.

EAST reports that explosive gas attacks were reported by eight countries in Europe this year. Why would thieves risk their lives and that of innocent passers-by on such a brute-force attack? EAST says the attacks are generally successful at busting open the ATM about 40 percent of the time.

“Two of the countries also reported attacks using solid explosives,” EAST warned. “Collateral damage for solid explosive attacks is a major concern. In one country, the average overall frequency of ATM related physical attacks is five incidents per week. Three countries reported significant collateral damage from physical attacks, in addition to cash losses suffered.”

Fortunately, many countries in Europe are fighting back against these incredibly dangerous skimming attacks, both with improved ATM technology and stiffer sentences for crooks caught in the act.

“In one country no such attack s have been reported since the introduction of ink staining technology,” EAST noted. “In another, significant sentences have been given to criminals convicted of such attacks (the longest was 18 years in prison and the shortest 14 years!). This is an important step for Europe as, overall, sentences for such attacks are deemed by the industry to be too lenient.”

Оставьте комментарий