Category: ATM skimming

May 17 2013

Hacker serving 5-year sentence invents ATM add-on to prevent theft

Prototype of a system for preventing ATM theft.

A criminal serving a five-year sentence "for supplying gadgets to an organized crime gang used to conceal ATM skimmers" has invented a device that prevents ATMs from being susceptible to such thefts, Reuters reported today.

Valentin Boanta, who is six months into his sentence in a Romanian prison, developed what he calls the SRS (Secure Revolving System) which changes the way ATM machines read bank cards to prevent the operation of skimming devices that criminals hide inside ATMs.

Boanta's arrest in 2009 spurred him to develop the anti-theft device to make amends. "When I got caught I became happy. This liberation opened the way to working for the good side," Boanta told Reuters. "Crime was like a drug for me. After I was caught, I was happy I escaped from this adrenaline addiction. So that the other part, in which I started to develop security solutions, started to emerge."

Read 5 remaining paragraphs | Comments

Feb 12 2013

How alleged crooks used ATM skimmers to compromise thousands of accounts

Federal authorities have charged two men suspected of running an international operation that used electronic devices planted at automatic teller machine locations to compromise more than 6,000 bank accounts.

The operation—which targeted Capital One, J. P. Morgan Chase, and other banks—netted, or attempted to net, about $3 million according to an indictment filed in Manhattan federal court. It allegedly worked by obtaining payment card readers from Hungary and other countries and installing them on top of card readers already located on ATMs and doors to ATM vestibules. The fraudulent readers were equipped with hardware that recorded the information encoded onto a card's magnetic stripe each time it was inserted. A hidden pinhole camera with a view of the ATM keypad then captured the corresponding personal identification number.

Antonio Gabor and Simion Tudor Pintillie allegedly led a gang of at least nine other people who regularly planted the skimming devices in the Manhattan, Chicago, and Milwaukee metropolitan areas, prosecutors said. They would later revisit the ATM to retrieve the information stored on the skimming devices and cameras. Gang members would then encode the stolen data onto blank payment cards and use the corresponding PINs to make fraudulent purchases or withdrawals.

Read 3 remaining paragraphs | Comments

Feb 06 2013

Crooks Net Millions in Coordinated ATM Heists

Organized cyber criminals stole almost $11 million in two highly coordinated ATM heists in the final days of 2012, KrebsOnSecurity has learned. The events prompted Visa to warn U.S. payment card issuers to be on high-alert for additional ATM cash-out fraud schemes in the New Year.

atmafterdarkAccording to sources in the financial industry and in law enforcement, the thieves first struck on Christmas Eve 2012. Using a small number of re-loadable prepaid debit cards tied to accounts that they controlled, scammers began pulling cash out of ATMs in at least a dozen countries. Within hours, the perpetrators had stolen approximately $9 million.

Then, just prior to New Year’s Eve, the fraudsters struck again, this time attacking a card network in India and making off with slightly less than $2 million, investigators say.

The accounts that the perpetrators used to withdraw money from ATMs were tied to re-loadable prepaid debit cards, which can be replenished with additional funds once depleted. Prepaid card networks generally enforce low-dollar limits that restrict the amounts customers can withdraw from associated accounts in a 24 hour period. But in both ATM heists, sources said, the crooks were able to increase or eliminate the withdrawal limits for the prepaid accounts they controlled.

Shortly after the second heist, Visa released a private alert to payment card issuers, warning them to be on the lookout for additional ATM mega-heists over the New Years holiday. Sources say Visa’s alert was indeed prompted by the multi-million dollar heists at the end of December.

The Visa alert (PDF), sent to card issuers at the beginning of January 2013, warns:

“Visa has been alerted to new cases where ATM Cash-Out frauds have been attempted and successfully completed by organized criminal groups across the globe. In a recently reported  case, criminals used a small number of cards to conduct 1000’s of ATM withdrawals in multiple  countries around the world in one weekend.”

“These attacks result from hackers gaining access to issuer authorization systems and card parameter information. Once inside, the hackers manipulate daily withdrawal amount limits, card balances and other card parameters to facilitate massive fraud on individual cards. In some instances over $500K USD has been withdrawn on a single card in less than 24 hours.”

It remains unclear who the victim prepaid card issuer is, or which organization(s) may have been hacked to supply the funds added to the counterfeit prepaid cards. But as Visa notes, the fact that the attackers were able to raise or eliminate the daily withdrawal limits on the cards means they had access to the internal systems of a prepaid card network. Such access may have allowed the attackers to in effect print their own money.

This has happened in at least two other high-dollar ATM heists over the past few years. In May 2011, Jacksonville, Fla. Based Fidelity National Information Services (FIS), the nation’s largest processor of prepaid debit card payments, disclosed that it had been the victim of a similar, $13 million coordinated ATM heist scheme earlier in the year. The company indicated in a filing with the Securities and Exchange Commission a few months after the incident that the loss was the result of an intrusion at WildCard Systems Inc., a prepaid provider it had acquired in 2007. In that scheme, the thieves cloned a handful of cards tied to reloadable prepaid cards on WildCard’s network, and were able to reload the cards with funds each time they were depleted by rapid-fire ATM withdrawals.

FIS said through a spokesperson that neither it nor any of its partners had been impacted by a recent security breach.

In December 2008, RBS Worldpay disclosed that hackers had stolen $9 million in a coordinated ATM heist involving 44 counterfeit payroll debit cards that were used to withdraw funds from at least 2,100 ATMs in at least 280 cities worldwide. In that attack, the perpetrators also used re-loadable prepaid cards, and had obtained access to RBS systems that allowed them to increase the daily withdrawal limits and reload the accounts with stolen funds.

Stay tuned for more updates as this story unfolds.

Aug 28 2011

Bomb hoax, busts, skimming, Twitter security, Google fined – 60 Sec Security

Freeze-frame from videoIn this episode:

* Australian bomb hoaxer tracked via information he didn’t intend to share.

* UK bank account holders ripped off via data they did intend to share.

* An educational look at ATM skimming.

* Twitter edges towards HTTPS by default.

* Google agrees to cough up an enormous fine.

(Enjoy this video? Why not check out the SophosLabs YouTube channel?)