23 Dec 2012 etbe   » (Master)

Finding an ATM Skimmer

A member of SAGE-AU [1] found two ATM skimmers [2] and gave me permission to publish his description and analysis of the situation. I’ve lightly edited this from a mailing list post to a blog format with permission from the author. This Courier-Mail article refers to the skimmers in question [3].

People were wondering what gave the skimmers away so here goes, NB this is only about the 2 I discovered.

  1. The actual atms in question were the free standing type (but even this doesn’t matter in the scheme of things because they can be on those in a bank of the things).
  2. I’d actually conducted transaction and was waiting for my card to come out of the machine – these things looked that good. The colours matched – especially in the 3/4 or less light that you typically have on the fascia’s of such machine. The backing plate grey matched atm fascia as did the green “bubble” where the card goes.
  3. WHAT REALLY CAUSED SUSPICION – my card was having difficulty coming out of the atm at end of transaction i.e. card coming out extra slow – then only the end couple of mm, I had to physically grab my card with fingertips to get it out and there was barely perceptible movement of skimmer due to my fingers using the green “bubble” as purchase point, THAT was what made me suspect. I then really had close look and found that I could move the “bubble” with its backing plate – I pulled it off the machine and then looked at the atm next to it and found it to look exactly the same. These things are held on by double sided tape.
  4. Grabbed the cleaning lady wandering past showed her the device and asked her to get security. Security and centre operations manager subsequently showed up, while waiting for them I had to stop people from using either machine (everyone amazed at how good these things looked). Centre ops guy went and checked other machines in the centre, I left my details and they called the cops… I went straight to my credit union and reported what had happened and they cancelled my card are rdered a new one on the spot for me.
  5. Coincidently (or not) the centre ops and security lady told me that the machines had been serviced (refilled) not too much earlier that day – i.e. I wondered if the bad guys did the “service” or were tracking armaguard servicing types.

Quick side notes:

  1. 3 more skimmers have been found since then.
  2. Subsequently, I found out these were the type that needed to be picked up for the bad guys to retrieve the data i.e. these weren’t the type that transmitted to some-one sitting near by via Bluetooth/wireless i.e. in this instance I need not have cancelled my card and gotten a new one from my credit union.
    HOWEVER, it is best practice if you discover one and you’ve used that machine to immediately have your financial institution cancel your card and issue you a new one – though getting the new one can take up to a week.
  3. As I understand it, These 2 devices (i.e. others could be different) have 2 usb ports one for the reader and the other to a pinhole camera (commercially available type removed from it’s original housing). The magnetic stripe data is held on the audio track associated with the video and there was an 8GB storage card to hold it all i.e. it makes things easier for the bad guys to match PINs to card details.
  4. If you do find a skimmer DO NOT touch the insides (non public facing parts) of it – this is where the cops can really try lift dna and prints from; gathering prints from externally is far more fraught as everyone and their dog has probably touched the exterior of the skimmer.
  5. In the lead up to Xmas these things or similar are highly likely to become more prevalent as we all go about parting with dosh while gift shopping – SO BE AWARE AND CAREFUL.

Related posts:

  1. Finding Thread-unsafe Code One problem that I have had on a number of...

Syndicated 2012-12-23 01:08:49 from etbe - Russell Coker

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!