Hardware suggestion
- Thread starter Scoomer
- Start date
Teacher
Professional
- Messages
- 2,670
- Reaction score
- 815
- Points
- 113
Evolution of ATM skimmers
We are all accustomed to the phrase "technical progress". Already quite a few years ago, the change of generations of all kinds of devices and gadgets became as common a phenomenon as the change of seasons. And it doesn't surprise anyone, for the most part. We are accustomed to the metamorphosis of mobile phones, home TVs, computer monitors, and now watches and even glasses have tightened. However, there is a certain small class of devices that many have heard of, they are afraid of, but only a few have seen them alive. We are talking about skimmers.
In Russia, ATMs are still not so common, despite 23 years of official capitalism. But even here skimmers have become a kind of urban horror story. And few people think that these devices, using high-tech components, also evolve over time. And therefore of particular interest is the recently published material, which clearly shows the stages of "modernization" of skimmers, up to the latest developments of the criminal craftsmen.
In essence, skimming is a method of stealing some information necessary to carry out a transaction from a bank account in order to steal money. In simple terms, in order to withdraw money from your bank card account through an ATM, fraudsters need to find out your PIN code and read the data from the magnetic stripe. And for this, devices of various designs and principles of operation are used - skimmers.
Skimmers are made to be as inconspicuous as possible for ATM users. Often they mimic some element of the interface or external design. This greatly complicates not only the detection of skimmers, but also the capture of the attackers themselves. And over the past 12 years, skimmers have undergone major metamorphoses. At least, judging by the samples that were discovered during this period.
2002-2007
In December 2002, CBS announced the discovery of a never-before-seen device that could "record names, account numbers and other identification information from magnetic stripes of bank cards, with the possibility of subsequent download to a computer." Personal Computer!
At the time, even legalists believed that skimmers were fantastic. When fraud prosecutor Howard Weiss himself fell victim to skimming, he was shocked that technology had reached this level.
Of course, the complete ignorance of the facts did not last long. In 2003, shoppers using an ATM at a New York grocery store lost about $ 200,000 in total in a day. Subsequently, a warning letter began to circulate on the network:
2008
This year, the Naples police got a call about a failed attempt to place a skimmer:
This rather primitive device consisted of a reader that could be bought completely legally, mounted on top of an ATM card reader. And under a plastic visor above the monitor was a small camera.
2009
The first generations of skimmers were fairly primitive crafts. Below is one of the designs, which includes a battery, a USB flash drive and a miniUSB port.
This skimmer was discovered by one of the readers of the Consumerist website. Vigilant user became suspicious and pulled kartopriomnik into his hands fell out it.
Less than a month later, another skimmer was discovered that prevented the ATM from reading cards correctly and included a fake mirror into which a camera was built.
At that time, for scammers, the key to successful skimming was to find a way to retrieve the stolen information from the skimmer:
Early skimmer models sometimes caused ATMs to malfunction. But soon the attackers learned how to successfully parasitize on them.
2010
For many years, skimmers have used cameras to steal PIN codes. But it was not so easy to place them discreetly on an ATM. The result was overhead keyboards that recorded the sequence of keys pressed:
With the advancement of technology, it became easier for fraudsters to create compact devices. Outsourcing services developed and fell in price. On the Internet, they began to sell whole sets for skimming, which could be painted in the desired colors on request. Prices started at $ 1,500.
But this is just an entry-level kit. Top devices went for $ 7000-8000:
Advanced skimmers like this made skimmer labor less hazardous, reducing the likelihood of being caught red-handed.
2011
Eventually, ATM makers started doing something to counter skimming. Firstly, they began to introduce elements made of transparent plastic, in particular, hemispherical card collectors. But the attackers quickly adapted to this:
As you can see, the set-up can be noticed only by a small, inconspicuous plastic cover. How many of you would pay attention to it? And soon, affordable 3D printing brought the quality of skimmers to a new level:
Home models of 3D printers were still of little use for these purposes, and parts were ordered on the side in specialized companies. The above is one such order that the manufacturer prudently refused to fulfill.
2012
Locating skimmers became more and more difficult. An almost perfect device is shown below . The only drawback is a small hole on the right, through which a small camera shot the PIN-code typed on the keyboard.
Eventually the skimmers became so tiny that you won't see them even if you try very hard. According to the European ATM Security Team, skimmers as thin as a sheet of cardboard were found in July 2012. They were placed inside the card reader, and it is impossible to notice them from the outside.
Now your cards can be scanned not only at ATMs, but also at mobile terminals. The video shows a device that even prints a fake receipt:
Now any employee can connect the device they brought with them, and at the end of the working day take it away, filled with data from a large number of bank cards. The functionality of these terminals even allows you to simulate a connection error when the data is successfully read. They also come with software for decrypting information from cards, and all data can be downloaded via USB.
2013
Last year, a number of skimming incidents were recorded at Murphy's Oklahoma gas station chain , with a total of $ 400,000 stolen. The scammers used the readers in combination with overhead keyboards: The
interesting thing about this story is that the skimmers were equipped with Bluetooth modules and were powered directly from the ATMs themselves. In other words, their service life was practically unlimited, and a direct visit by fraudsters was not required to collect data.
While one "evolutionary branch" of skimmers came to miniaturization, the other followed the path of radical mimicry. The skimmer below is a huge overhead display panel. In the "wild" this sample was found in Brazil:
The device was made from parts of a disassembled laptop.
2014
But this can be attributed more to curiosities, or to the features of the hot Brazilian character. Still, compact skimmers are much more likely to go unnoticed. And just last week, such a skimmer as thick as a credit card was discovered:
The device requires very little time to install and dismantle the ATM:
Fortunately, manufacturers also do not sit idly by, in particular, using the knowledge and experience of caught hackers to fight fraudsters. But they adapt quickly, so this situation is reminiscent of the fight between projectile and armor.
And what should we, ordinary users, do? How to avoid becoming a victim of scammers and save your hard-earned money? Is always. always cover the keypad when entering the PIN: in most cases, scammers use miniature cameras. And if you use a Chip-and-pin card, it is not so easy for attackers to read data from it.
And most importantly, if there is at least something alarming about the appearance of an ATM, it is better to use another. Try to use ATMs only in bank branches, this significantly reduces the risk. Well, try not to keep a lot of money on your "card" account.
We are all accustomed to the phrase "technical progress". Already quite a few years ago, the change of generations of all kinds of devices and gadgets became as common a phenomenon as the change of seasons. And it doesn't surprise anyone, for the most part. We are accustomed to the metamorphosis of mobile phones, home TVs, computer monitors, and now watches and even glasses have tightened. However, there is a certain small class of devices that many have heard of, they are afraid of, but only a few have seen them alive. We are talking about skimmers.
In Russia, ATMs are still not so common, despite 23 years of official capitalism. But even here skimmers have become a kind of urban horror story. And few people think that these devices, using high-tech components, also evolve over time. And therefore of particular interest is the recently published material, which clearly shows the stages of "modernization" of skimmers, up to the latest developments of the criminal craftsmen.
In essence, skimming is a method of stealing some information necessary to carry out a transaction from a bank account in order to steal money. In simple terms, in order to withdraw money from your bank card account through an ATM, fraudsters need to find out your PIN code and read the data from the magnetic stripe. And for this, devices of various designs and principles of operation are used - skimmers.
Skimmers are made to be as inconspicuous as possible for ATM users. Often they mimic some element of the interface or external design. This greatly complicates not only the detection of skimmers, but also the capture of the attackers themselves. And over the past 12 years, skimmers have undergone major metamorphoses. At least, judging by the samples that were discovered during this period.
2002-2007
In December 2002, CBS announced the discovery of a never-before-seen device that could "record names, account numbers and other identification information from magnetic stripes of bank cards, with the possibility of subsequent download to a computer." Personal Computer!
At the time, even legalists believed that skimmers were fantastic. When fraud prosecutor Howard Weiss himself fell victim to skimming, he was shocked that technology had reached this level.
Of course, the complete ignorance of the facts did not last long. In 2003, shoppers using an ATM at a New York grocery store lost about $ 200,000 in total in a day. Subsequently, a warning letter began to circulate on the network:
2008
This year, the Naples police got a call about a failed attempt to place a skimmer:
This rather primitive device consisted of a reader that could be bought completely legally, mounted on top of an ATM card reader. And under a plastic visor above the monitor was a small camera.
2009
The first generations of skimmers were fairly primitive crafts. Below is one of the designs, which includes a battery, a USB flash drive and a miniUSB port.
This skimmer was discovered by one of the readers of the Consumerist website. Vigilant user became suspicious and pulled kartopriomnik into his hands fell out it.
Less than a month later, another skimmer was discovered that prevented the ATM from reading cards correctly and included a fake mirror into which a camera was built.
At that time, for scammers, the key to successful skimming was to find a way to retrieve the stolen information from the skimmer:
Early skimmer models sometimes caused ATMs to malfunction. But soon the attackers learned how to successfully parasitize on them.
2010
For many years, skimmers have used cameras to steal PIN codes. But it was not so easy to place them discreetly on an ATM. The result was overhead keyboards that recorded the sequence of keys pressed:
With the advancement of technology, it became easier for fraudsters to create compact devices. Outsourcing services developed and fell in price. On the Internet, they began to sell whole sets for skimming, which could be painted in the desired colors on request. Prices started at $ 1,500.
But this is just an entry-level kit. Top devices went for $ 7000-8000:
Advanced skimmers like this made skimmer labor less hazardous, reducing the likelihood of being caught red-handed.
2011
Eventually, ATM makers started doing something to counter skimming. Firstly, they began to introduce elements made of transparent plastic, in particular, hemispherical card collectors. But the attackers quickly adapted to this:
As you can see, the set-up can be noticed only by a small, inconspicuous plastic cover. How many of you would pay attention to it? And soon, affordable 3D printing brought the quality of skimmers to a new level:
Home models of 3D printers were still of little use for these purposes, and parts were ordered on the side in specialized companies. The above is one such order that the manufacturer prudently refused to fulfill.
2012
Locating skimmers became more and more difficult. An almost perfect device is shown below . The only drawback is a small hole on the right, through which a small camera shot the PIN-code typed on the keyboard.
Eventually the skimmers became so tiny that you won't see them even if you try very hard. According to the European ATM Security Team, skimmers as thin as a sheet of cardboard were found in July 2012. They were placed inside the card reader, and it is impossible to notice them from the outside.
Now your cards can be scanned not only at ATMs, but also at mobile terminals. The video shows a device that even prints a fake receipt:
Now any employee can connect the device they brought with them, and at the end of the working day take it away, filled with data from a large number of bank cards. The functionality of these terminals even allows you to simulate a connection error when the data is successfully read. They also come with software for decrypting information from cards, and all data can be downloaded via USB.
2013
Last year, a number of skimming incidents were recorded at Murphy's Oklahoma gas station chain , with a total of $ 400,000 stolen. The scammers used the readers in combination with overhead keyboards: The
interesting thing about this story is that the skimmers were equipped with Bluetooth modules and were powered directly from the ATMs themselves. In other words, their service life was practically unlimited, and a direct visit by fraudsters was not required to collect data.
While one "evolutionary branch" of skimmers came to miniaturization, the other followed the path of radical mimicry. The skimmer below is a huge overhead display panel. In the "wild" this sample was found in Brazil:
The device was made from parts of a disassembled laptop.
2014
But this can be attributed more to curiosities, or to the features of the hot Brazilian character. Still, compact skimmers are much more likely to go unnoticed. And just last week, such a skimmer as thick as a credit card was discovered:
The device requires very little time to install and dismantle the ATM:
Fortunately, manufacturers also do not sit idly by, in particular, using the knowledge and experience of caught hackers to fight fraudsters. But they adapt quickly, so this situation is reminiscent of the fight between projectile and armor.
And what should we, ordinary users, do? How to avoid becoming a victim of scammers and save your hard-earned money? Is always. always cover the keypad when entering the PIN: in most cases, scammers use miniature cameras. And if you use a Chip-and-pin card, it is not so easy for attackers to read data from it.
And most importantly, if there is at least something alarming about the appearance of an ATM, it is better to use another. Try to use ATMs only in bank branches, this significantly reduces the risk. Well, try not to keep a lot of money on your "card" account.
