Tomcat
Professional
- Messages
- 2,689
- Reaction score
- 929
- Points
- 113
This is what an anti-skimmer developed by representatives of the University of Florida looks like.
A researcher from the University of Floridapresented the results of his large-scale project to develop skimmer detection systems at the USENIX Security Symposium. We are talking about spy readers for credit cards, which bank customers use to withdraw funds from ATMs and make payments in stores.
There are a large number of types of skimmers, many of them are almost impossible to detect even for a specialist in such devices. They are simply masterfully camouflaged by their creators; in addition, skimmers are DIY devices; naturally, they do not have a single standard, which makes them even more difficult to find. So, the expert in question developed a device called SkimReaper, which allows you to detect installed skimmers.
The developers of the device gained access to police databases, which contained information about the types of skimmers used by cybercriminals. In addition, researchers studied skimmers live, which made it possible to obtain a huge amount of information about the principles of their operation and how spy devices interact with ATMs and bank customer cards.
In principle, there were no surprises - data about skimmers is not something secret, descriptions, photographs and descriptions of the principle of their operation can be found without problems on the Internet. In total, devices of this type are divided into four categories.
Invoices are those that are placed on top of ATM card input slots or in other places on top of the ATM body. In some cases, overhead keyboards are used. There is also a rarer type of credit card scanners - those that are located at sales terminals in stores. But this is the exception rather than the rule - the risks for attackers are great, and the chance of being caught is high.
Internal - those that are located in the card reader slots themselves or are somehow located even deeper in the electronic device. In some cases, attackers drill holes in the desired location, placing a skimmer in the housing and connecting it to the infrastructure of the overall system. There are also a variety of devices that read the characteristics of transactions - craftsmen connect them to the electronic filling of the ATM.
Network skimmers - they are located in the network equipment to which the ATM is connected. If the employees of the bank or other organization where the ATM is located are careless enough, this is not so difficult to do.
Other varieties - among them there are both exotic ones, which are located, for example, in the doors of banks, and quite ordinary ones, which simply look and act differently from other systems of this kind.
Most often, criminals use overhead and internal types of skimmers - the fact is that they are difficult to detect. By the way, a skimmer is not everything; attackers often also need PIN codes of bank clients. Criminals obtain them using miniature video cameras that are placed somewhere near the ATM or on it, in an inconspicuous place. It is clear that the cameras are also camouflaged so that they cannot be noticed.
So, SkimReaper, a device for combating skimmers, is designed to work with overhead and internal systems. The device circuit contains a sensor that can detect changes in the magnetic field that occur during card reading. Typically, the ATM reads the card once. If SkimReaper detects two or more unexpected changes in the magnetic field configuration, the device signals that a skimmer has been detected.
All this is not theory, but practice; the gadget was tested while checking a number of ATMs. The raids were carried out with NYPD officers, who helped record violations and quickly eliminate skimmers. As it turned out, SkimReaper efficiency is about 100%. Now police are beginning to actively use devices provided by researchers to detect skimmers. The developers of anti-skimmers say that the demand from the police is so great that they simply do not have time to produce them.
But be that as it may, there are a huge number of advantages from using such a system. The fact is that if skimmers are detected online, almost immediately after installation, then criminals may not have enough time or resources to create new devices. These are high-tech devices that operate using complex algorithms and have a rather unusual design. It is not always possible to recreate a seized device online, so hackers are left with no luck.
One would think that with the increasing popularity of skimmers, criminals will significantly reduce their activity. On the other hand, a new type of device could be created that would learn to deceive SkimReaper.
