A fake ATM machine, set to capture ATM information was found at Defcon 17 in vegas this year. Its design has a tinted plastic window at the top which attendees noticed had a computer in it. It was quickly removed by the police. Is this an amazing coincidence? We doubt it. Someone probably knew exactly who was going to be there and either wanted to scam some hackers or just wanted to have some fun.
When an unsuspecting person walks up to [Rob Ray's] ATM machine, they are greeted with a surprise that doesn’t involve giving them their money. When they insert their card, the video above plays followed by a game where you control a beaver trying to save money during a recession. Surprisingly, people usually found it humorous and didn’t immediately freak out that their card was in a machine that wasn’t their ATM. His site has all kinds of pictures of various users as well as the construction of the project.
You may want to be more careful where you put that ATM card. There are now ATM skimmers with SMS notification. ATM skimmers are placed over real ATM slots and the information off the cards as they’re inserted. The new models will send the skimmed information via SMS notifications to a phone that’s attached to a computer. This solves the problem of scammers needing to retrieve their skimmers without attracting the attention of police. ATM skimmer manufacturers have so far been really successful because of their commitment to security, from the paint they use to cover their skimmers to their exclusive clientele. The manufacturer of this particular model claims that none of their clients who’ve used this new ATM skimmer has been arrested, and they only accept business from “recommended” clients. We think it’s interesting and ironic how these criminals have adapted their security procedures to deal with institutions we wish were more secure.
For the last few months, the FBI have been investigating a breach of Citibank’s ATM transaction processing servers. We’ve seen credit card numbers get stolen before, but these compromised servers were used to collect card numbers and PINs as transactions took place. The group responsible hired people to write new cards and use them to make ATM withdrawals. The card makers would keep a percentage and launder the rest. This is just a very small part of story and the extent of the breach isn’t fully realised yet. Threat Level’s [Kevin Poulson] has the whole story on this disturbing situation.
