Slashdot Mirror
Visual Autopsy Of An ATM Card Skimmer
Bert64 writes "A chap at work was recently the victim of an ATM card skimmer which took his card details, cloned them and allowed the fraudster to take 550 pounds out of his account.
Having tried to explain how the fraudsters can hide a camera and card reader around the ATM, he decided it would be easier to show one of them after a few drinks down the pub.
He was a little surprised to find that the machine he chose had a card reader and camera in place. These were removed and analysed, we believe we have reclaimed about 800 pounds worth of kit. Result:
Pictures."
Holy cow! That's a lotta dollars! Hope he hurt his back carting it all away. ;)
I've stopped using some of the sketchier ATMs because of this.
MIRROR HERE IN CASE OF A
This is a growing trend. Along with other questionably legal items, you can find a card reader from Ebay for a fraction of what you can scam.
What ever happened to "Stick 'em up??"
...don't question it!!!
Just how many ATMs have this equipment in place?
Bit of a worry really..
And just what recourse do victims have? Is there any way to get your money back, or is it gone forever?
ain't you supposed to tell the pigs if you find shit like that? not that they'll do anything about it, but still...
nice job indeed...
This is the sort of thing that makes one wary about the convenience ATMs available in many cities; you'll save more than a surcharge by sticking to your own banking company's systems.
On a side note, this is probably the most clever fraud I've seen in a long while. Great that these folks ripped out the innards of the scam device.
"A group of words expressing something other than their literal intention. Now that... is... irony!" - Bender
How hard would it be for someone to design an ATM machine that would make it more dificulty to conceal a card reader... or better yet one that made it impossible to insert your card if anything is attached... it would seem that with some common sense a designer good create some pretty good safe guards... or am I just missing something?
Was this the pass through kind? how was the camera attached? If I used one hand to cover the other hand while keying the PIN would that "thwart" it? Great pix but I could also use a little more commentary on what to watch out for.
In the future, I would want to not be isolated from my friends in the Space Station.
recover 800 pounds worth of equipment and incurr 2000 pounds of bandwidth costs bragging about it. The guy who lost the 550 pounds is going think that was nice compared to what just got done to him by slashdot.
Papa Legba come and open the gate
just now, so the above A.S.S post is/was incorrect.
The setup looks possible, but the un-factory looking cutout at the top sorta gives it away.
Don't blame me, I voted for Kodos
Making money by having an expensive digital camera to disguise it as ATM chrome, grabbing PIN numbers and making yes-cards out of the process is dumb. The guy would probably have made more money setting his hacked camera in some lady's shower and selling the videos on the net. Or gee, even selling the hacked camera itself to would-be private-eyes, as most of these folks are willing to spend a lot of money on any spy-ish electronic device, and it would be legal too.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
in case you're wondering:
To accomplish this task, the thief places an electronic "skimmer" -- a card swipe device that reads the information on the card's magnetic strip -- on the ATM machine. Attached to the device, or placed discreetly elsewhere, is a small camera that captures the customer's PIN number when they enter it. The information is either collected by the device, or transmitted to a remote receiver. The thief then takes the codes and creates a counterfeit ATM card in order to empty the victim's bank account. Some skimmers can even capture the information and send it to the ATM at the same time. Since the machine works normally, the victim is unaware that they have just given a thief the key to their account. copied from here.
Why'd they use a Cybershot? I personally have a DSC-P71, but you could get a much cheaper camera and do the same thing.
/.) about buying an ATM and hacking the software to record the information for him. It's supposed to be much harder to find than this kind of "noticeable" trick.
Anyway, I remember reading an article (might-a been on
You can always play it safe and wait in long lines at the Teller instead of using ATMs.
Though nowadays they got insane fees for using Tellers anyways.
Basically all banks want easy input and difficult output.
Saw this recently on memepool.com:
http://www.utexas.edu/admin/utpd/atm.html
Squid is a Good Thing. Use it.
That's a clever bit of kit. Friend of mine works at a bank and told me that these exist, but I have never seen one. My question is, do they take a video of you typing in your pin number after you put your card in? Must require some control electronics as well. Pretty sophisticated....
I'm glad that the people getting ripped off also get drunk and go around showing others how to do exactly what happened to them. Way to keep the art alive.
"Cowardice in a race, as in an individual, is the unpardonable sin." --Teddy Roosevelt
There are plenty of legitimate uses for magnetic stripe readers. Why, here at the University of South Carolina we just installed 3 $1,200 newspaper machines to limit the free newspaper program to students and faculty. I suppose you also think taxing blank CD-R and giving the proceeds to record companies is a good idea, because nobody would ever want to, say, back up data with them.
maybe it's time to introduce cover over the keypad, so that you need to slide your hand inside the 'cover' and touch-type your PIN.
but very soon, the fraudster's camera might have penetrating sensor to see through the cover. then not long after that, the cover has a protective shield, then.... cat and mouse.
If I hadn't just finished my Red Stripe, thus rendering myself incapable of doing any work for the night, I would create a .torrent myself for the site. Maybe some other noble soul will, before the mirrors are all smoked also?
--
Long-term effects of Bush deficits
Have all Slashdotters run around ATMs and check for card skimmers. If found, remove card skimmer, take home, disassemble, build into $anything, add keypad and have your own PIN access system to $anything! All the while doing the rest of the world a favour by taking away card skimmers! Woot!
Hate me!
Two things that I always ask my friends to do too.
1. If you can, go to a supermarket or any store nearby that gives you cashback on your debit card. I can buy a pack of gum instead of paying stupid ATM fee AND get cashback with NO risk.
2. Use your credit card to withdraw cash (but make sure that you pay it in the next billing cycle as cash withdrawls have very high APR) as the liability on credit cards is very low.
Free XBox, PS2
My bank uses ATM machines that suck the card completely into the slot, with only a little bit of a metal guide plate exposed below the slot. (Typically, they have a label with arrows printed on it that's affixed just beneath the slot, as well.) If you tried to add some sort of reader device to the front of the ATM, covering the original slot and plate, it would be fairly obvious it didn't belong there. I'm sure it might fool *some* clueless people - but it would surely be ripped from the machine pretty quickly, as someone a little more clueful realized what was going on. (After all, it would obscure part of the label, making it obvious it wasn't part of the original ATM machine.)
I have a feeling these card skimmers only work on specific models of ATMs (most likely, the little privately owned units you see in restaurants and gas stations, as opposed to actual bank-owned ATMs).
Could this be the death of the PIN? What's next - biometrics? Will this last only as long as it also cannot be spoofed?
ATM bug-detection should be a profitable area of research for the next few years.
calculator say: 550 GBP = 1027 USD = 817 EUR
There are a myrid of legal uses for stripe readers, including computer and home security, and making really cool copies of your bank cards*
I have a friend who has a reader who does this.. he takes a plastic generic card with a cool photo on it, with a blank stripe, and copies your ATM stripe onto it. Fully functional, totally customized ATM card.
You should see the looks he gets using his "superman" debit card.
Pretty good idea. I know that I will be very vigilant from now on when using an ATM.
Keep Smiling!
Erick
http://www.busyweather.com/
It just got Slashfucked too.
If my job would be to maintain ATMs I would check if someone has tempered with them...
...where this electronics type chick uses some signal capturing stuff and an occiloscope to record data from a nearby van as people used the ATM? She then made some cards, and she and a cohrt then went extracting money. Anyone remember the title of this movie?
Is how did they get the camera to catpure the pin numbers.. was it sound activated ??
http://www.contrib.andrew.cmu.edu/~mstevens/atm_ev 6/atm_ev6.htm
Hate to be a party pooper but didn't you consider leaving it there and calling the cops ?
If you had they might have been able to bust the individuals concerned and saved some innocents down the track a lot of grief.
This way you got 800 quid's worth of stolen electronics, the thief wrote off some capital investment and a couple of thousand /.'ers got some pre-pubescent excitement. Wahooo.
Don't look back the lemmings are gaining on you
we believe we have reclaimed about 800 pounds worth of kit.
Ok! Time to check all the ATM nearby, bbl!
..tell you about my story. This and that happened and.. oh.. I made pictures as wel$%"& *SLASHDOTTED*
When will people learn..
A couple of months ago my Hotmail account was besieged with spams offering to show me how to make my first million by installing and servicing their ATM machines. I kept wondering if they wanted to make me a shill for some skulduggery like that described in the article. The interesting part was that the ATM's so advertised would be located "in my area," which they had pinpointed at Washington, DC (not far from here).
Like others here, I've become very leery of using ATM's located anywhere but at banks. I've been driving on long trips a great deal recently, and I've also learned to be a bit discerning about card-swipers in gas stations and even grocery stores I'm not familiar with. It seems a safer bet to hit a bank occasionally to withdraw my allotment of yuppie food coupons ($20 bills) and spend those instead.
Anne
DUCT TAPE: The Election Supervisors' Secret Weapon
Planing is a virtue, and costs less.
This issue is a bit more complicated than you think.
Most of the scams I have seen like this rely on recording your PIN based on what you type.
The earliest versions simply had someone peering over your shoulder, or using a camera/telescope mounted up and behind and stealing the original.
Get in the habit of 'embedding' your PIN within a larger number. Type this longer number too lightly to casue the pressure sensor to register and varying your pressure only on the 'key' digits. It won't fool decent resolution or close observation, but given the angles/lighting conditions and cheaper digitial cameas that are starting to show up, I am guessing that they are going to have trouble working out which hits are the real McCoy.
Sure it relies on making your case more difficult than your neighbours, but to an extent that is all most locks and security devices do. Sure it's paranoid, and it does take some effort to set up, but muscle memory handles most of the work after a while and these days I only get a few false hits. YMMV
Still, very interesting to see. I'm quite suprised at the digital camera half of it. Of course something like using fingerprints or some other kind of biometric would make things much harder for the thief.
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
Link
well, how about posting a mirror?
but wouldn't it also make it incapable of being read by the real one?
Shouldn't this have been taken to the Police, rather than home with some drunk guys?
Comment removed based on user account deletion
mirror here: http://www.flooda.us/slashdotted
Dude is trying to get cheap karma, he has nothing.
the story of the ATM machine left infront of a convenience store. People whould come up to it insert their card, type the pin and be presented with an error saying there is no more money left in the machine. A week later the machine disappeared. All the people who had used the ATM had given the data form their ATM cards and pin numbers to a fake machine that was logging the info!
The war with islam is a war on the beast
The war on terror is a war for peace
Who would spend good money on a device that could only nickel-and-dime some oblivious chumps? I propose that these devices are designed to spy on those with an acute enough awareness to have spotted and removed them. Only once these spybots are taken home do they activate, login to your wireless router and upload your quicken files and porno while computing your squalor index for Major League Baseball.
Too bad they didn't take pictures of the dissected device with the included cybershot.
They should start requiring thumbprints at the ATMs. I'm typically a privacy freak, but I woldn't be averse to something like thumbprint readers installed on my bank's ATMs.
Drunk guy: Here, I took this from an ATM machine *hicup*
Police guy 1: Destroing private propriet while drunk uh?! You are under arrest!
Police guy 2: These gang ppl are getting even dumber!
PIN numbers and the way they are entered have terrible security implications.
Why can't you, say, have a 5 digit number and the ATM machine would ask you something like "What is your first, third and last number?" or "What is your first number plus your fifth number?"?
Or how about you have to look through a keyhole to see the ATM monitor so nobody else can see it. Then, before it asks you to enter your details, it shows you the mapping of the keys on the keypad. So, if you have a 9 digit keypad, it would shuffle the numbers around you look into the keyhole and see:
167
482
539
Then you'd press the button that is in the right position for each number.
Please re-read the post.
Nineteen Eighties. Not nineties.
And it's a chick running the operation, not a 60 year old dude. And they were doing ATM scamming, not going after some exotic piece of equipment. And it was a cable movie, not a theatre release.
God damn your reading comprehension skills aren't worth a fuck.
At
the Buckland Hills Mall, in Manchester CT, in 1993, some scam artists
installed a fake ATM machine. They had negotiated with the Mall officers,
pretending to be Bank officials, and had gotten permission. Apparently, they
even got the phone company to come in and lay down some lines. Then, they
installed an ATM machine they had stolen.
It was programmed to read off the account numbers, remember the PIN as it was
typed, then claim some kind of error and refuse to give out money. They left
the machine in the mall for a WEEK, collecting PINs, then they came back, took
it machine back to "repair", and have since printed up new cards, and have been using the PINs to siphon off money.....
I think they got about $250,000 before the FBI got them
I'll keep my eye out for those other fine products. "Red Stripe for men" sounds very macho. Is the Red Stripe I'm drinking now somehow not a man's lager?
--
Long-term effects of Bush deficits
Oddly enough, the ATM part was the only part that I remembered... and I thought of it as soon as I saw this article.
Don't remember enough about it to even try to look it up on IMDB.
Rule #1: Always remember which machines you've bugged so you don't accidentally expose your work during "investigations."
Rule #2: If you fail to follow Rule #1, act surprised and shocked at your "fortunate discovery."
Rule #3: If your work is exposed, especially in a Rule #2 setting, be sure to dismantle it so the destination can't be traced.
-- @rjamestaylor on Ello
You idiot! You just stole your bank's security camera
-- If you try to fail and succeed, which have you done? - Uli's moose
Does anyone read these posts before putting them up on the web site? The sentences that were used to construct this story don't have any business being put next to each other. The pronouns are all mixed up.
Rediculous.
Don't be too surprised that people would fall for an out-of-place external reader -- the "Box on a Chair" to receive deposits at an ATM with a paper sign reading "Sorry - ATM Out Of Order. Please place deposits in the box provided below. Be sure to fill out your account number with PIN on your deposit slip for proper deposit credit" works EVERYTIME.
-- @rjamestaylor on Ello
"ATM machine"!? "PIN number"!?!? Really, I would've expected the slashdot crowd to be the last ones to perpetrate these redundancies. Among my geek friends, we always rag on one another when one of us says something like that...
Better to light a candle than to curse the darkness.
Wouldn't have been better to leave the devices in place and stake out the fraudters. They either must be hanging around at times to receive the data remotely or else occasionally pop by to collect the memory stick? Or am I missing something?
Check out this advisory put out by the Univ of Texas, Austin.
I thought ATM's already had a mechinism in place to help fight this... Called a Video Camera?
All of these scams that I've seen use a camera to get the PIN, but why not modify the machine to electronically record the PIN as entered by the customer? It must be used electronically in the machine to verify that the correct PIN was entered, so why can't this data be snatched somewhere during the process? The camera seems like a silly and unnecessary hack.
Comment removed based on user account deletion
Mirror at http://people.msoe.edu/~lowerrm/atm.ev6.net/
Recently I noticed that on Commonwealth Bank ATMs in Australia, that there had been LEDs affixed to the side panels about 3/4 the way up
I hadn't thought to much about them until now, but maybe they are the latest (and cheapest?) defense against these card capture systems (seeing that the IR would ruin the photos)
ANZ Bank
it also uses the Microchip as part of the auth for web banking. So what if they get your pin, how the hell are they going to duplicate the smartcard.
lounge around on the blue couch
I understand that this has been done with non-bank machines. An ATM can be bought for less than CAD5,000, it could be modified in the comfort of your evil lair and then located in any willing location such as a convenience store (a service you'd offer for free of course) - with good potential for ROI, any good crime boss ought to "lend" you the start-up money. Afterall, budding entrepreneurs need that scale of motivation to really be successful... :-)
Actually, I wonder how much you could make by running one of these scam machines in it's usual legal configuration! (They are a big scam to begin with - $1.50 per withdrawal is disgusting!)
Here's some great tips on how not to get scammed at the ATM. It's also got some images of a modified ATM...
These skimming devices were commonly detected in Canada (Ontario) during the last year or so.
...etc)
They are becoming more and more sophisticated, and the police busted several people for it, and issued precautions for the public:
- Try to use machines in the bank branch you deal with
- Try to avoid machines in public places (malls, convenience stores,
- Report anything that looks suspicious on a machine
2bits.com, Inc: Drupal, WordPress, and LAMP performance tuning.
This makes Canada an ideal vacation place. I might spend Spring Break robbing Canadian banks. See ya soon.
your living in a fools paradise. 1: lift prints from an ATM? are you nuts? do you realise how many people coudl have touched it? it'd be worthless. 2: reporting things like this tend to be a case of the messenger getting shot. they would be NUTS to do anything other then what they did
If you mod me down, I will become more powerful than you can imagine....
This just proves that you should smack every machine a few times before and after you use it. If you smack it hard enough you get a few spare parts and protoect your credit. I have taken to kicking, shacking, and hitting every vending maching I use in the name of safty. BTW the same thing applies to people, but with them I have found poking with stick to be the best method.
but who touched the camera internals if no one knew it was there? who tocuh the back end of the skimmer that is not exposed to the public?
...Create a website that displays and exposes the source of the injustices commited against you, thereby cloaking yourself in percieved innocence?
You need a FREE iPod Nano
#1. Nice scam to be on the lookout for. #2. These people have some nice bandwidth!
I wonder how long it will be before such a mechnism is built for card-pump gas stations and other outdoor card swipe machines?
Prints would be useless, but at least you could get someone to watch for who comes back to pick this thing up, arrest them, and still have the equipment photos for educating the public
But, here's the problem: not only do they offer banking and postal services at the same wickets, they also don't seem to have discovered the marvelous North American method of having one line up for multiple tellers. You don't really appreciate having the first available clerk can always help whoever has been in line longest, until you live out the alternative.
So, you go to the post office with your single envelope, correctly addressed, just needs to be weighed and have postage slapped on it... You have to carefully scan the lines, and suss out the people waiting. That fellow with the big fat envelope - is he mailing something in bubble wrap, or is it full of unsorted petty cash and small cheques that need to be deposited into three different accounts? That lady with the shopping bag - is she checking her PO box, or remortgaging her house?
What is the robbing of a bank, compared to the founding of a bank? -- Bertolt Brecht
We want firmware! What's wrong with you!
Dave
I write a blog now, you should be afraid.
"A team of organized criminals is installing equipment...The team sits nearby in a car..."
That means our British friends were probably followed home by some Organized Crime Thugs, and they will probably end up washing up on the shore of the Thames somewhere down-river.
Yikes. Slashdotting is the least of their worries..
- Murphy's Corollary: - It is impossible to make things foolproof because fools are so ingenious.
Is out of the question now. It is against the law to destroy a crime scene, or tamper with evidence. Regardless of police involvement, the person taking this device knew what it was, he therefore committed the crime of destroying evidence. The person who stole the card info just got away, but how about the people who just destroyed this evidence?
Get a free ipod.
Dude! Give me back my card reader!
How hard is it to just check if theres an attachment on the ATM card-reader?
If anything around the card slot looks suspect - just get hold of it and pull!
If it comes away in your hand, act like nothing happened (your criminals may not be far away). Pocket the thing and then run like the clappers.
Turn the gear into the authorities at your leisure.....
Ripping an new rectum in the fabric of spacetime.
... and then hit them on the head? Bawl them out for being Bad People? End up dead because you messed with the Mob?
Nah, call the police, maybe.
But probably the fraudsters were across the street watching. Then they followed our British friends home, and they'll probably "disappear"...
- Murphy's Corollary: - It is impossible to make things foolproof because fools are so ingenious.
At the very least the cops, err... bobbies, might have been able to get a finger print or two, trace the purchase of the camera or the serial number on the SD card. Even if it doesn't lead to a direct capture, this sort of thing stays on record and can be used later when these scammers inevitably get nabbed for something else down the road.
Besides, what about the other victims? Now there's no evidence that they were scammed too. They might have to eat the loss themselves without some corroboration that they were scammed.
Also, the equipment may have cost the scammers more than this particular victim lost, but is this junk really worth much at all to the victim other than bragging rights?
Finally, aren't a lot of British cities brimming with cameras these days? If this stuff had been left in place it might have been possible to track the scammers when they picked the equipment up.
Signatures are a waste of bandwi (buffering...)
How do they know, tinfoil-hat man? Data mining! They know when and where you'll be taking that cash out, oh yes they do.
sulli
RTFJ.
They tell us how they put the devices in place? 1) They put them in place, and hope the surveillance tape is overwritten before anyone knows to look. 2) They obscure or cover the camera long enough to put the devices in place. The second seems more likely, but I also assume maybe all those atm's don't have camera's. Seems like when the reports started coming in of this, you could go back and see when the new "parts" got added? Naive? Missing something? probably, but I want to hear YOU say it.
This could explain why the people in front of me in ATM queues always take so long.
I'd always assumed they were incompetant morons. Perhaps they are just security concious and are waiting 15 seconds before typing their pin in case a camera is recording.
Boffoonery - downloadable Comedy Benefit for Bletchley Park
IIRC Debit fees are generally cheaper than the credit fee for the same transaction - it's cheaper for them to let you do debit, and you can shop around for a bank that allows unlimited monthly debit purchases.
and
IIRC MC/V generally do not allow for minimum purchases for transactions - yes, the convenience store just lost 80 cents to make 20 on your pack of gum, but they just sold a case of beer or the 20 gallon truck fillup on 80 cents a minute ago. It more than evens out for most
and
If they are hand entering or mechanically imprinting your card, something's not normal, as they're the most expensive rates (as opposed to just swiping your card). Makes you go hmmmm...
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
HEY! THATS MINE! GIVE IT BACK! ;)
you knew someone was gonna post that
Matt
You have 1 Moderator Point! Use it or lose it! Is that a threat? -vapid
The U.T. Police Department Web site has an interesting article about skimmers in use in the Austin area. Check out where they put the camera!
Actually, there is one rather good argument for using "English" measurement, at least when one is evaluating length.
It is far, far easier to split measurements in the English scale into fourths and thirds. The math is much simpler to do in your head. Halves work just as well as in Metric (Decimal). Fifths work better under Metric, but English can do sixths.
This is a simple consequence of their prime factors: 2*5=10 as opposed to 2*2*3=4*3=2*6=12.
Feet to yards brings us to 2*2*3*3=36, which is strange but functional, and then we come to miles which is where it all falls apart. But we can't afford to replace all the signs with kilometers per hour. I'm not sure I'd trust American drivers to make the transition safely, either.
Metric is a perfectly valid scheme to nearly all your measuring in. It is superior in several ways to English measurements, but there are valid reasons for not switching to it.
I believe that most people don't want to swap our convoluted babylonian time system for decimal time, and I consider this an example differing in degree but not type from the English/Metric debate.
Much Love,
ArekRashan
Real smart, lets take evidence from a federal crime scene and post pictures of it on our web site. Now we just wait for the FBI co come calling. YOU ARE GOING TO JAIL, NO DOUBT. Sounds like these guys are from Great Britton but same result, jail.
These skimmers are fairly sophisticated ... there are a lot of ways to measure the motion of the card.
... if they start installing new hardware over here (in the Netherlands) I hope they are smart enough not to adopt something like this because it seems cheap. Most all our local cards are smart cards, add an interface for that in the machines ... and let the foreigners with the old system worry about getting skimmed.
I hope banks dont spend a lot of money on these stop gap measures
If you're going to complain about 'grammer' [sic], then, at least try to spell ridiculous correctly.
Signatures are a waste of bandwi (buffering...)
Crime Information : Skimming Device Installed in ATM (TW RN04000499)
Location : Two ATMs outside Hang Seng Bank, Tai Ho Road.
Facts: On 2004.01.05, ATM maintenance worker of Hang Seng Bank conducted a routine check and confirmed that 2 metal covers (of same design) were being 'fitted' onto the top ledges of two of the ATM machines.
The Skimming Device:-
At least in America, we have this neat thing called the Fair Credit Billing Act. It protects us from unauthorized charges. It doesn't work very well with ATM and Debit cards unfortunately, so the smart consumer does NOT use ATM or Debit cards (or does so very sparingly). Banks are heavily pushing ATM and Debit cards when they are unquestionably in the consumers' worst interests. When you are a victim of a fraudulent charge with an ATM or debit card, the burden is on you to seek justice in order to collect your lost money. With traditional credit cards (at least in the U.S.) the burden is on the merchant - if they can't prove it's a legit transaction, you don't have to pay - BIG DIFFERENCE. Most consumers don't know that the "fraud protection" most credit card companies promote is actually mandated by Federal Law.
The moral of this story: Don't use ATM and Debit cards. Use a traditional credit/charge card and you are much better protected in cases of fraud.
This kind of crime is not like hacking a computer, ripping music, or even defacing property. This hasn't happened to me yet but just hearing about it makes me want to beat the crap out of people who would do this. It's like stealing your work, taking what you sit in a cubicle for. Granted the bank will usually give you your money back if you complain early enough. I TRUTHFULY think people that attempt this should have their balls cut off, this is cowardly, and only takes a modicum of intelligence....instead go produce something instead of stealing what other's produce ((i understand the same could be said for any petty crime))
The title is misleading. It is merely an autopsy of the electronics the skimmer installed, and not of the skimmer himself.
I had a person look over my shoulder and later steal my debit card. The thief took me for a little over $400. It was over a week before I discovered the theft. Luckily for me, 99% of my charges were in maybe 10 stores in one town, and the thief decided to take the card to Weed, California. Weed is a bit under 100 miles away.
The sudden disturbance in the pattern was pretty easy for the investigator to see. I have no idea what would have happened if the person had stayed in town. There would have been no way to prove the charges weren't made by me. Clerks just don't check the cards these days. Or ever.
I got all but $50 of my cash back and living in Weed is punishment enough, but I'd still like to kick the cretin's kneecaps off.
Why do I have this? I don't smoke.
I don't know how many times I have told people that we need to stop that damned John Connors kid...
These guys did the fraudsters a favor by removing their kit without notifying the police.
It practically makes them an accessory to the crime.
Take a look at that site, there is tons of stuff related to magnetic cards, holograms, barcodes, etc.
http://www.mag-card.com
Thank you, witness relocation program!
This issue is a bit more complicated than you think.
I believe that most people don't want to swap our convoluted babylonian time system for decimal time, and I consider this an example differing in degree but not type from the English/Metric
Well, in an attempt to tie together your well-thought-out response to my frivilous post, I will say that the time system doesn't even differ in degree (pun not intended). IIRC, the french did try to institute a 'metric time' system, but it did not long survive the revolution.
In my field, an inch can be divided into 72 points. That seems like an odd (as in strange) number, but you can halve it, halve the result, and halve that result before you approach granularity.
Of course, even better would be a system based on, say, 128 units. But I don't know of any that existed (outside of journals) before computation became a field unto itelself.
One man's -1 Flamebait is another man's +5 Funny.
Tm
Support TBI Research: http://www.raisinhope.org
It would raise the bar, but I don't believe it would prevent the attachment of card readers. They may however need a number of samples, so it could restrict it to regular users of the installation.
Q.
Insert Signature Here
Q.
Insert Signature Here
On a typical bank owned ATM (Diebold for example), you have a motorizied mechanism, or a recessed "dip slot".
Affixing a portable reader device to these machines is extremely difficult to conceal, and would interfere with operation of the card reading process.
More commonly, it's the "Minibank" style machines that are compromised, as the reader is mounted externally on the front of the ATM.
Your best bet is to stick with your bank's ATM machine, these are least likely to be targeted. They also contain security cameras in multiple locations.
Also, don't use bank issued cards that don't bear the Visa/Mastercard logo, as they bank can deny refuding your stolen cash. It's now up to you to prove you didn't make the transaction(s).
As a VAR/Distributor in the magnetic card industry, I'll tell you this much: fraud problems are *SEVERELY* under-stated, this stuff goes on much more than the banks/media would like you to know.
Same goes for checks, *very* easy to duplicate.
Maybe we should all go back to cash? I don't trust the "system", at least for now. But remember, thieves are always at least two steps ahead of the "security gurus" out there.
Take a look at http://www.MAG-CARD.com for more information.
I was at citibank just last week and deposited money. I'd forgotten to swipe my card. The teller informed me, after i'd deposited my checks, that if I wanted to see my balance I'd have to swipe my card. You can deposit all you want to anyone without a card i suppose.
Photos.
Why, exactly is this offtopic? The server with the pics was offline some 2 mins. after the article was posted.
Be honest now. Was it really that comment, or the fact that you don't like Ralph, hmmmm?
yeah, it is the case in canada. But it's still retarded.
With a headline of "Visual Autopsy Of An ATM Card Skimmer", I was expecting more. Don't get me wrong - the electronics are neat - but a dead body would have been cooler. I'd be curious if they could locate the thief's spine.
HIV Crosses Species Barrier... into Muppets
They wouldn't have been able to do this if the ATM was running Linux.
check out this story and pictures of a skimmer at work in brazil.
But the case will be built on the testimony of those involved - witnesses. If nobody wants to cooperate, what's Inspector Gadget to do? You gotta know when to hold them, when to fold them.
Happy Trails!
Erick
http://www.busyweather.com/
Better start your own ATM repair contracting operation! Get hired by your local bank, and you're in business.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Launching a light, malleable metallic projectile at high velocity to impart localized impulse and heat at distant targets.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
The worst I've seen is one at a 24-hour restaurant I used to work at. The POS machines were linked to an NT server in the back office, and queried it for data about the tickets so we could scan a bar code on the ticket to have the POS machine automatically register the payment due and such as well as to verify that the bill was paid.
Too bad the NT server had to be rebooted and its software restarted once a day. The whole process took about 10 minutes, and the cash drawers wouldn't open so we could ring anyone up manually and scan the tickets later during that time. Customers had to stand at the counter and wait if they decided to leave at the wrong time.
Granted, I imagine part of the time delay is bad system set-up (Why can't the server software start up automagically when the computer boots, eh?), but still, you can't open the cash drawers if the server is down!?!?
The fact that to interact with a smart chip, it has to stay still and have an electrical connection. The reason a false front can work on mag stripe is because the stripe is read by passing it over the reader (eg swiping your card). You just place another reader in front of the real one and as the card passes through it gets read.
A smart card is quite different. You insert it into a recepticle which has contacts for the card. That then powers it and sends it data. The transaction doesn't start until the card is locked in and it is immobile during it.
This is rather more difficult to spoof. You'd need to hold the card in your reader, and then communicate the results to the ATM. Problem is that the ATM easily could (and probably would) be rigged to eat any card left in it for any length of time, and to not start a new transaction until it underwent a release, insert cycle. So now you need to make your front take the real card, insert it's fake card, and process the intermediary transaction.
All this has to be overcome before you even get to try and deal with all the cryptographic stuff, which is the real hard part.
Some people just suck with numbers. My mom is one of them. She's not stupid, she has her masters and in her fields is quite smart. However numbers are something she's bad with. She'd bad at math and bad at remembering numbers. I've had the same phone number for six years, it's easy, and she still can't remember it.
The real solution is two fold:
1) Better cards. This is the easiest and cheapest. Smart cards are almost impossible to fake since they can work on public key cryptography. Moving over to these would make it such that stealing their number wouldn't really be possible, at least not with a simple man-on-the-middle reader. This is something I think is likely to happen.
2) Biometrics. Add that to a card and a keycode, you've made it pretty hard. Now someone not only has to get your code, replicate your card, but also get and then fake your biometrics. Any one of these alone isn't particularly challenging, but all together would be a real pain.
Combine simple biometrics with smart cards and I think you'd find that high-tech ATM theft would dissappear. While the biometrics may never happen, the smart cards might. They are getting more and more popular.
a card reader and a webcam cost less then 50$
face it, your a loser and this is probably just equipment from the office your showing in the pics.
$5 / month hosted VPS on linux = awesome!
How long do you think it will be before the guy gets sued by whoever constructed said card skimmer for absconding with his equipment?
Happiness is relative, Based upon the way we live.
Banks are heavily pushing ATM and Debit cards when they are unquestionably in the consumers' worst interests.
Not really. As long as the customer uses credit (which I was advised to do upon opening accounts with two large banks), there isn't much to worry about. Consumers get debit card functionality with credit card protection, while the banks probably get a big kickback from the credit card companies for increasing traffic (i have family in the banking industry, believe me, they don't do anything sensible unless they make money from it). In fact, it's sort of silly to use debit because you get charged for it - using the credit network is free (to the consumer at least). I only use debit if I'm somewhere that doesn't accept credit, like Costco.
The real solution is to use English units, grow an extra finger on each hand, and use base 12.
Oh yeah. The point is, the way you fix it is to ask, "Has anyone ever thought about authentication problems and eliminating eavesdroppers?" Then suddenly it hits you: yes, it has been done.
Now I know that there is a arbritary number of Centigrade degrees between water freezing and boiling (100 there are, physics majors may disagree).
But there are not enough degrees in the human comfort range,and this is where Centigrade is not as good as Fahrenheit temperature scale.
I suspect, but I'm not sure, that the range 0 to 100 degrees in Fahrenheit is the absolute maximum range that a man can do a full day's work outside. Below 0 deg F, it's too cold regardless of the amount of clothing. Above 100 degrees, it's too hot.
Centigrade is a pain because there are not enough degrees in the range that the most important; the human comfort zone. Weather temperature is never expressed in tenths of degrees Centigrade.
I've never understood why some people claim that the Centigrade scale is 'better, more advanced' than the Fahrenheit scale.
Everybody in the world should just switch back to Fahrenheit.
For example I act everytime as someone wants to steal/read my card/property. I look at ATM carefully before putting any card in, I always put my wallet in inner pockets, because im aware of pick-pocketers. And gues what? No problems with stolen/copied card. Just watch after yourself, thats all.
Why didn't they just take him out in the back behind the dumpster and kill him?
It seems reasonable to me to do this to some piece-of-shit who steals $64000 from people's bank accounts.
We don't need people like this around. There's too many people in the world already. And we don't really need to spend $20,000 a year to warehouse these assholes in prisons. We just don't need these people. Fuck 'em: just kill 'em. Don't even give it a second thought. Kill his kids too, they're probally just assholes as well.
The easiest method is to simply keep separate accounts!
Keep a thousand or less in your ATM account, whether it is a checking account or savings account regardless... keep it specifically for that purpose.
Use your online access to transfer funds from your secure non-card or pin number account to the card account as necessary. Find a bank that offers free transfers between your accounts. I believe that most of them do and only charge a fee for inter-bank transfers.
Don't forget to change your online account passwords at least once every other month, rotate them if you have to... unique would be better.
If your account is compromised you've lost very little and can easily open a new account or re-secure the original with new pin and card.
It's not all that inconvenient once you set it up and get into the routine of it....
A fool throws a stone into a well and a thousand sages can not remove it.
Actualy the Human hand is base 11 because you have 10 fingers and zero is represented with no fingers being up. If you were to grow two more fingers you would have a base 13 pair of hands and that would be way out.
</nitpick>
IIRC If we were going for optimism we would have e/2 fingers on each hand however IANAMP (I am not a maths prof.)
Mirror here
Too big to fail? Does that make me to small to succeed?
It may sound like a troll, but why is the US so conservative in regard to their money: card with only a magnetic stripe that you can copy with a 80$ reader, money in 2 colors on plain paper that you can xerox (almost) easily...
Non-Linux Penguins ?
Once we get past zero, which is special anyway, aren't we using base ten? Otherwise ten would be all fingers, eleven would be no fingers, and twelve would be the one finger again, which isn't the case for me at least....
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Similar to the system we had when I worked at Kinko's, though it was based on an OS/2 server.
It was the graveyard shift's job to wait until around 3 a.m., when there were no customers in the store, to do the daily backup. It took about 15 minutes, and the entire POS system had to be shut down. (I was working graveyard in a giant location with a second floor, so there were 9 machines we had to go around and log out.) The drawers did not open while the system was shut down (there was no way to open them, as you had to log in to use the interface) but sometimes we would leave a cash drawer open in case someone came in just desperate to make their copies quick and pay cash and leave.
One time, we started the backup right after a couple left the store at about 3:30 a.m. They returned about five minutes later, and wanted to do something else. We apologized for the situation, but explained that we would be unable to accomodate them for a couple of minutes. The guy actually threatened to beat up my co-worker for telling him this. (Meanwhile, his girlfriend was mortified by his machismo.)
My co-worker, thinking on his feet, told him he couldn't "take it outside" with him because he was on duty. When asked what time he got off work, he promptly answered 9:00 a.m., and the guy promised to return. I managed to keep a straight face through this exchange, even though I knew for a fact that Bruce clocked out promptly at 7:00 each morning.
Don't you wish your girlfriend was a geek like me?
... they have some old ATM where the numbers are arranged in one loong row of large buttons ... completely impossible to hide what you're typing.
But then, their new generation of ATM's have a touch-screen LCD to display the number pad -- and the digits are randomly rearranged between uses. Now that's secure (but not so ergonomic).
"Good news, everyone!"
Ross Anderson, in "Security Engineering" (great book) reports a better scam where the ATM was full of money and paid out whatever you asked it. You weren't likely to complain-- but more to the point, those guys had style!
The camera used is a still camera and the movie mode only takes 15 second MPEGs. I'm wondering how they can reliably grab a four digit PIN with this?
Sparks:Gadget:Beer Maker
If Imperial units are so easy to use, could you please tell me how many fluid ounces you get to a cubic inch? Answer here: http://www.google.com/search?q=1+cubic+inch+in+oun ces&ie=UTF-8&oe=UTF-8&hl=en&btnG=Google+Search&met a=
In the UK merchants offer this for free. That's because handling cash and transporting it to banks is an inconvenience and a cost. If they can swap electronic money for physical money, it lowers their banking costs.
just a small question about how the camera is working:
when is it triggered ?
does it take photos or 15sec movie ?
how it work ?
is there a wire/wireless link between the card reader and the camera ?
I have heard about wireless transmission between the thieves and the camera, and the thieves just record all typed pin. but this one seems more complicated
mentioned a few posts ago? Hand out a selfmade duplicate to a friend; get out of town; your friend uses the ATM; claim being scammed; get your money back from the bank
The politicians will obviously do the only sane thing to control this menace: ban digital cameras.
SIG: TAKE OFF EVERY 'CAPTAIN'!!
Why yes. Which is why the UK is in the process of rolling out Chip and PIN (the trial was last summer). Over the next 18 months, every credit card - and probably most debit cards - in the UK will be replaced, along with upgrades to near enough every ATM and PoS device.
The major enforcement of this is the shifting of liability from the card schemes (MC, VISA and AMEX mostly) to anyone that doesn't comply. By 2006, finding anyone relying on magstripe will be less easy than currently finding someone relying on paper carbons.
IIRC, the verification takes place on the card. The ATM passes the PIN entered to the card, which simply responds pass|fail. No keys pass between reader and card, and the real PIN is held on-card with a sensible level of encryption.
It's a far cry from the Fresno Drop of 1958.
OT: Given that:
I'm fairly gobsmacked that we're re-inventing the wheel here.
The only thing you can accurately describe as "Scotch" is a sticky tape made by 3M. And it's
It is far, far easier to split measurements in the English scale into fourths and thirds. The math is much simpler to do in your head. Halves work just as well as in Metric (Decimal). Fifths work better under Metric, but English can do sixths.
Very true. Being able to divide by 5 in exchange for 3, 4 and 6 is a a rotten deal just in number options, and usually the only reason you need 5 is because of base-10 numbers or units, not the other way around.
But: that by no means justifies all the inconsistent crap you get with imperial for other reasons. 12 is not used consistently in imperial, so you get all sorts of weird conversion factors, and you still use a base-10 for the math, so it all ends up a mess for all but the most trivial calculations.
Ia perfect world, we would have a system much like SI, but it and the standard number system would be base-12, right from when you learnt your 10(12)-sums and multiplication tables. Now that would be a joy to work with.
sudo ergo sum
Ok you've heard the dollar is weak at the moment, but it's not 1=$1 its 1=$1.87. jeez what did think it was before?
actual amount nicked = $1029
for quick reference generally it hovers around 1 = $1.5
This is the UK we're talking about - if the villians were speeding when going around placing/collecting this equipment you might get some interest!
Given the fact they took the gear home and took pictures of it, I'm guessing the police aren't involved, so the crooks are still out their claiming more victims like himself.
Love many, trust a few, do harm to none.
(If your point was that in the US the price of the goods includes a surchange for debit card fees, and there's an additional charge for cashback, then I apologise).
Even worse a number of pubs I have seen latley actually have ATM's next to the bar, danger - danger.
> Of course, even better would be a system based on, say, 128 units
Only if you only ever want to divide by powers of 2. The 60 minutes in an hour divides by 2, 3, 4, 5, and 6 (and 10, 12, 15, and 20). 120 would be better than 128.
But since we use a decimal system for numbers generally, using it for most measurements too makes a lot of sense (time is a special case because we want to keep days, and some reasonable subdivision of them, and seconds). Changing _everything_ to use base-12 would be too much, even if we do have dozens and gross in relatively common use.
(UK currency used to have 12 pennies in a shilling, 12 shillings in a pound, but we've been decimal for years.)
rant
Raised finger is 1, lowered finger is 0. And ten bits^Wfingers will take you all the way from 0 to 1023.
Only problem is that some numbers are harder to display than others. For example 00100 is trivial, but 01001 (or 10010, depends on endianess) can cause severe pain well past a Trekki greeting.Post tenebras lux. Post fenestras tux.
Bzzzt. 20 shillings to the pound. 1 shilling (or 1 bob) is 5 new pence.
I was in the station last week waiting for the ATM behind some guy who was spending ages just whacking the buttons and putting his card in and out of the slot. After 5 mins of this he asked me how the machine worked because he couldn't get any money out of it just his balance because he had chosen the wrong option at the start and didn't know there were other menu options he could have chosen or how to go backwards.
This is Britain we're talking about: unless the crooks are breaking the speed limit driving to and from the ATM, the cops won't be interested. Speeding == $$$$, catching ATM crooks == hassle and paperwork.
Anything else I have to think about, but that doesn't matter as I rarely need to convert them. This is no harder than having to remember what order to sort the SI prefices pico, nano, micro, milli, kilo, mega etc.
For day-to-day use, I find that the imperial system is superior as I get to use smaller numbers for day-to-day things like my height (6'3" vs 190cm) and weight (21st vs 133kg) for no significant loss of precision. For scientific or engineering use, or for measurements of the very big or very small - basically for measuring stuff that falls outside the caveman scale (mm, or the distance to geo-synchronous orbit, for instance) or needs better than caveman accuracy (if it matters that it's exactly 1905mm rather than 6'3" plus or minus a little bit) - the SI system wins.
Thats why the UK is switching to Chip and PIN.
You put your own card in the chip reader, and you have to enter a PIN to authorise it instead of signing. Other countries like Holland have required a PIN to authorise cards for years.
A latent existence
The question I have is: Now that this guy's got a memory stick full of people's atm card numbers and pins, did he resist the temptation of going into business for himself? :)
---- It puts the lotion on its skin or else it gets the hose again. It does this whenever it's told.
I think the submitter of this story had a few drinks down at the pub. Who was he trying to show? He was taking one of the fraudsters to the pub for a drink? This was a different ATM?
...almost.
Went to take some money out late one night. There were about three (eastern european) guys huddled around the machine fiddling. Went to get money out, and the machine held out to my card - you could see the card in the slot, but couldn't get it out. Guys reappear and tell me something like "Oh. I've seen this before. Press blah, blah, blah and enter your PIN" while standing over me. Hmm, I don't think so...
So, I step back call my bank, wait on hold for an age, and as soon as they hear me confirm to the bank I want to cancel my card, I get my card thrown back at me by said guys, and they scarper into a car that has subsequently double parked.
I reported it to the local police station, and they said it happens all the time, but it wasn't actually a crime until they withdrew money (!!!).
It's called a "Lebanese Loop". More info here:
http://hoaxinfo.com/atmscam.htm
I see plenty of machines in London with glue residue around the card slot. This must happen all the time...
Guess it's a problem all over the world now... here in Belgium our card contains an encrypted chip with proton-function that works with the C-ZAM/SMASH system from banksys http://www.banksys.com/en/index_flash.htm We still have the good old magnetic strip, the old magnetic readers are replaced with the ones using the chip...
1. Take an example picture of of the slot is supposed to look without any skimming devices.
2. Place said photo above the card entry slot, with text saying: If the hole where you put your card look ANYTHING unlike this, don't use the ATM ans call the bank.
3. Prof^H^H^H^HSave bucks otherwise paid out to defrauded customers.
Sorry for the OT reply to my own message, but the link I posted to the image of the skimmer is now broken. Anyone know any good places to post pictures which can then be linked to? I googled for a free photo site, uploaded the picture and hoped it'd work for long enough, guess not.
:)
So does anyone know a good place to post pictures? (I don't want to use my systems
What's next?
Well - It's taken almost a decade and it's being rolled out this year in the UK. It's called http://www.chipandpin.co.uk - it includes a microproc. in the card.
All UK credit card transactions will go through the new system by the end of this year - any that don't will not be covered under the Clearing Banks' insurance system - i.e. the vendor that uses an old card reader will be liable for any fraudulent transactions caused by old magnetic stripe cards in their readers.
People are talking about challenge-responsebased smart cards. Good idea -- I think some of the current "smart" cards are just using a chip to store and play back the card number. What might also be good is a way for your card (which you presumably trust) to challenge the ATM to prove that it is really a bank ATM and not someone just trying to grab your number.
JET Program: see Japan, meet intere
Was read as And just what do recursive victims have? And I immediately thought, "Nightmares, probably."
You are more likely to convert fluid volume to weight. And 1 ounce water = 1/16 of a pound.
(For you cooks, 1 ounce = 1 Tablespoon, btw)
...the poster is British - "800 pounds of kit" brought up images of an ancient Burroughs computer with lots of flashing lights sitting next to the ATM...
Tiller's Rule: Never use a word in written form that you've only heard and never read. You will end up looking foolish.
1 Gallon = 128 fluid ounces.
Learnt that a long time ago... when doing calculus in n-base (first time I had a use for the converting options of the calculator 8) the teacher told us of the different systems and there advantages/disavantages.
He told us the Inca had a base 20 calculus system, for they were using both fingers ans toes to count.
Also, the Psychlos (Ron Hubbard's Sci-Fi "litterature") had a nice base 11 system that was fun to read about, for the calculus was a mix of both Maths and tradition (just like the Kabale had, meaning that each number is also a word or letter and changes the value of the equation as you read it...Cryptography before our time 8)
That's all folks, just a few remaining synaptic connections dying in their last burst. So long 8)
It takes 40+ muscles to frown, but only four to extend your arm and bitchslap the motherfucker
1. Get 550 GBP stolen from you.
2. Find the ATM that stole it from you.
3. ???
4. Profit!!!
Step 3: Steal the scammer's equipment worth 800 GBP.
I've read stories about variants that include their own screen. They collect the card, PIN, then display an error message. When you remove the need for the underlying ATM to appear to work, you can get away with a lot more -- although presumably the period where the device went unnoticed would be shorter.
Living in Canada, and being a scientist, I encounter both systems equally on a regular basis. But the only reason that we commonly use imperial units of weight measurement is because our neighbour to the south refuses to go metric. It is much much easier to measure in SI units because conversion is not necessary when working within SI. For volumes, it's likewise easier to use metric and the weight to volume conversion is simple (1 litre of water weighs 1 kilogram). Just the concept of base-10 counting is simplicity in itself.
The US is one of the last bastions of imperial measurement in the world (and UK measure in stones of all things!), while the rest have converted to metric and SI providing consistency from country to country. Because of the persistence of the US using imperial, we must constantly convert when making business transactions and engineering new products. This is a major bottleneck in my view. Not to mention millions of dollars were lost when metric-imperial conversion error was made for a Mars probe.
PS: I thought the SNL skit with Dan Aykroyd describing the Decabet (metric alphabet) was hilarious!
Yes, I recall the case. They had video cameras in the ceiling. Some shady organization of a far eastern persuasion, so I'm sure the unfortunate clerks of the same ethnic background wer "persuaded" to cooperate. There was also a case at a big NYC store (NYC? Macy's?) where the girl tried to rip off a German tourist with a double swipe (credit card no.?) using a card reader attached to a Newton(?). The German guy happened to be a computer tech and raised bloody hell until store security took the equipment.
Yeahy, nice conversion scheme, using a non-standard reference...
Or do you mean that everyone has to get a "coffee spoon" (or is it a "Soup Spoon", the large ones) and that cultural revolution is to come to the Chineses, that uses those strange, bowl-like spoons (for Soup, btw)(see what I mean ?)...
Maybe that's why we never saw an 'American Restaurant' (or, lol, an English Restaurant 8)
only fast foods and steak house...
It takes 40+ muscles to frown, but only four to extend your arm and bitchslap the motherfucker
Also, you have to remember that for Roman, the foot (or feet, or goddam it 8) is of the size of Hero Hercules' foot.
The lengh of a stadium (625 feet) makes me tell that Heracles was wearing a nice size 47 (Eu), or size 12 for you americans 8)
Ah, how I love useless knowledge 8p
It takes 40+ muscles to frown, but only four to extend your arm and bitchslap the motherfucker
"And anyway, pounds is the NAME of the UK currency, it's not the weight of it"
Damn, and I was taught that the value of One Pound() was originaly determined as the countervalue of ONE POUND OF STERLING SILVER, and then evolved in time as the metal lost it's position as universal monetary reference for Gold...
Gosh, the disappointment 8)
It takes 40+ muscles to frown, but only four to extend your arm and bitchslap the motherfucker
1. Telephoto lenses and ad-on cameras? Stupid, stupid, stupid. Instead what you do is. .
Hm. Actually, seeing as the idea hasn't been done and as it's frighteningly simple. . , I'm suddenly unwilling to post it on the web.
2. After coming up with a workable plan, we realized, "You know, this is a pretty terrible thing to do to people."
--If you look at all the little receipts which litter the immediate area around a machine, you quickly learn from the balances shown that the large majority of people only have between $50 and $300 in their accounts.
In a world where so many people are living hand to mouth, stealing from them is about the shittiest thing you can do. Criminals who do this are of a very, very low order, and I really do wish them all the worst. If I ever come upon one of these hacks, I'll be bloody sure to make somebody's life a living hell.
Spend the time. Call the cops.
-FL
the small chip was actually invented by a french (the same that created BeOS) and has been in use in france for a long long time.
The reason why it didn't catch up in America is taht they didn't likje to have to pay copyrights to a "Foreign Country" and waited up until the fraud cost became greater than the copyright fee.
Just you check for yourself, I won't give you a link...just check on Gassot, BeOS inventor.
It takes 40+ muscles to frown, but only four to extend your arm and bitchslap the motherfucker
It is now official - Netcraft has confirmed: *PINs are dying.
Yet another crippling bombshell hit the beleaguered *PIN community when recently IDC confirmed that *PIN accounts for less than a fraction of 1 percent of all ATM transactions. Coming on the heels of the latest Netcraft survey which plainly states that PINS have lost more market share, this news serves to reinforce what we've known all along. *PINs are collapsing in complete disarray, as fittingly exemplified by falling dead last Numerical Banking poll.
You don't need to be a Kreskin to predict *PIN's future. The hand writing is on the wall: *PINs face a bleak future. In fact there won't be any future at all for *PINs because *PINs are dying. Things are looking very bad for *PINs. As many of us are already aware, *PINs continue to lose market share. Red ink flows like a river of blood. ATM PINs are the most endangered of them all, having lost 93% of its core customers. The sudden and unpleasant departures of long time *PIN developers Jordan Hubbard and Mike Smith only serve to underscore the point more clearly. There can no longer be any doubt: *PINs are dying.
Let's keep to the facts and look at the numbers.
Banking leader Theo states that there are 70,000,000 users of Credit Card PINs. How many users of ATM PINS are there? Let's see. The number of Credit Card PINS versus ATM PINs posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 70,000,000/5 = 14,000,000 ATM users. Phone Card PIN posts on Usenet are about half of the volume of ATM PIN posts. Therefore there are about 7,000,000 users of Phone Card PINs. A recent article put Class Registration PINs at about 80 percent of the *PIN market. Therefore there are (70,000,000+14,000,000+7,000,000)*4 = 364,000,000 Class Registration PIN users. This is consistent with the number of Class Registration PIN posts.
Due to the troubles of the savings and loan scandals of the 1980's and post-9/11 America, abysmal sales and so on, PINs-of-America, Inc. went out of business and was taken over by PIN'O'Matic who sell another troubled PIN generator. Now Enron is also dead, its corpse turned over to yet another charnel house.
All major surveys show that *PINs have steadily declined in market share. *PINs are very sick and its long term survival prospects are very dim. If *PINs are to survive at all it will be among magnetic stripe hobbyist dabblers. *PINs continue to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, *PINs are dead.
Fact: PINs are dead.
-- The Genesis project? What's that?
Last weekend, at a local Taco Bell, I saw a strange looking ATM. There were no banking network identifiers on it anywhere, except for the TACO BELL logo, and it claimed it did not dispense cash. Instead, it prints a receipt that you can redeem for cash at the cashier. It seems to me that using it would be the same thing as giving your ATM card number and PIN to Taco Bell. Why would I do that?
Make sure that the cashier keeps your card within your sight at all times. I've heard stories of unscrupulous employees keeping silly putty beneath the counters and taking imprints of cards while their owners look away. It seems to happen at movie theater concession stands more than anywhere else...
Each card has a unique key that is derived from the serial number and a master key. This master key is stored in tamper reactive hardware such as an IBM 4758. When the card is inserted the card reports its serial number, allowing the hardware security module (HSM) to calculate the unique card key. Then the card and the HSM each generate a random number, encrypt it using the card unique key resulting in a cryptogram. Cryptograms are exchanged, decrypted, and the random numbers are used to generate a unique session key that is used for the rest of the communication.
This is a simplification, but it even without PK crypto you can have secure communication between a smart card and a HSM.
Of course someone could spend a lot of money and extract the card unique key from a card, but then they only have the ability to duplicate one card, not make arbitrary cards since they don't know the system master key. The system should be designed such that the cost of extracting a key from a card is greater than the amount of damage that could be caused by such an exposure.
In that case, even if someone can duplicate a card (which they would most likely have to have in their possession) there is little incentive to do so. It is much easier to just use a scheme like the one in this article to go after mag stripe cards. Smart criminals will go after the low hanging fruit.
By the way, the low hanging fruit is quickly becoming the USA as the rest of the world moves to smart cards. Expect fraud rates to continue to rise until we make the change.
Lasers Controlled Games!
I am always learning so much on /. Now I'll also consider it as a personal security site.
I will reluctantly admit to not knowing about this sort of scam, although I am not at all surprised. Working in New York City, I'll bet it's an issue. So now I will change my ATM behavior.
1. Only use ATMs at the larger, reputable institutions. Not that that's a panacea, but at least I'd have a machine to talk to should an issue arise. I'd also like to believe that they are more diligent about ATM security.
2. Don't use the stand-alone ATMs anywhere, regardless of the institution on the placard.
3. Conceal my PIN: use false button presses, slow, staggered timing.
4. Be aware of the environment. Is there anything that might be a skimmer and/or camera?
5. Be even more diligent about recording my ATM transaction.
Since my credit union has only 1 ATM, very far from where I live and work, it would be impossible for me to limit myself to their machines, that I'd do that if I could.
I wish there were a way to promote/encourage a more secure technology. But I'd also like to solve world hunger too.
True friends are hard to come by... I need more money. - Calvin
What would be the implications of having a smartcard with the biometric scanner right in the card.
Put the card in the slot while your thumb and for finger are on the card.
Seems simple enough, maybe the card would not even activate/transmit until the biometric signature passed.
Hmmm
True friends are hard to come by... I need more money. - Calvin
I've never ever had to pay interest on anything I did with these cards including cash withdrawals.
But I *do* pay a fee for every cash withdrawal, sometimes a lump sum, sometimes a percentage.
As far as I know this is generally the way it's done in Europe maybe with the exception of the UK.
But then the UK interest on credit cards is generaly so much higher than in the rest of Europe, in The Netherlands such a level of interest would often be legally classed extortion and be punishable.
"The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
5280 is divisable by 1,2,3,4,5,6,8,10 and 12
No one says you have to have every amount only as a power of ten. That would require excess amounts of change carrying. If you wanted to carry 99 dollars you'd have nine tens and nine ones, instead of four twenties, one ten, one five, and four ones. (Well, technically, you could have two twos instead of four ones, but no one ever has twos. Or one fifty and two twenties instead of four tenties and one ten, but, again, no one ever has fifties, mainly because the ATMs give out twenties.)
Powers of ten only is simpler, yes, but twice as bulky. If you want to go to unlikely bills, it's three times as bulky!
Or are you saying it's not metric because you don't have a ten piece, a dime equivelent?
If corporations are people, aren't stockholders guilty of slavery?
Do you have any photos showing the stuff installed on an ATM machine?
Environmentalism is the new Victorianism. Everyone ties on a green corset and pretends we're virtuous.
Which is actually the only Imperial conversion that makes more sense than the metric one, where one *litre* of water equals one *kilo*gram of weight. What the hell is with the crazyass scale jumping there?
If corporations are people, aren't stockholders guilty of slavery?
Q.
Insert Signature Here
I detailed one movie, and you give something that is nothing like what I detail. It's like me asking about a certain long haul eighteen wheeler make, and you reply "You mean a Chevrolet Corvette?".
Temperatures - there is more fine distinction in Fahrenheit than Celsius; however, the thermometers presumably have the same errors whether graduated in degrees Fahrenheit or Celsius. Division isn't an issue here.
Liquid - 1 pint = 16 oz
1 quart = 32 oz
1 gallon = 8 quarts
1 barrel = ? gallons
(+ tablespoons and teaspoons)
Mass/weight - lots of little measures (grains, etc.)
1 pound = 16 ounces
1 short ton = 2000 lbs
1 long ton = 2200 lbs (I think)
These measures are more easily divided by 2 but are no easier to divide by 3 than metric measures - most measuring cups are marked in 1/3's in addition to 1/2, 1/4, etc.
Length: (lots of binary fractions of inches)
1 foot = 12 inches
3 feet = 1 yard
6 feet = 1 rod
110 rods = 660 ft = 1 furlong
8 furlongs = 5280 ft = 1 mile
Length measures are more easily divided by 2 and 3 than metric, but the facility of division comes at a cost. The bases change between length measurements; there is no constant factor of 12 (or 6) between units, but a widely varying difference. If you have to divide by varying numbers to do unit conversions (and have to remember what base goes with what), this negates much of the availability of factors of 2 and 3.
The divisibility of English units by 2 and 3 rather than 2 and 5 would be more convincing if the English system kept constant ratios between units (or close), but it doesn't. Length goes in units of 12 to 3 to 2 to 110 (to leagues - 20?). An added bonus is the lack of large and small units - weight has some small units but to go large or small in any of the English units requires lots of arithmetical legerdemain, and still gives numbers that are big and unpretty.
English units persist because of stubbornness, and because they have more units in the measures that people are likely to use than metric. Common distances, food weight, and some liquid volumes are more conveniently measured in English units; they could be done in metric, but the extra math isn't worth it to most people.
Time is a different issue altogether - primarily because metric has no good time frame that corresponds to the time most people use (particularly the day). Seconds are used, which is fine for measures and comparisons of small and large numbers, but there aren't good metric equivalents for days and hours. Since the factor of 60 is ingrained in our measure of time, factors of 10 will likely give units that are either too small or too large for common use.
Which is actually the only Imperial conversion that makes more sense than the metric one, where one *litre* of water equals one *kilo*gram of weight. What the hell is with the crazyass scale jumping there?
Because if you really wanted to be pure, your liter would be defined as a cubic meter of water instead of a cubic decimeter, and thus your gram would be even more massive (pun intended), leaving your centigram, decigram, decagram, and hectogram measures in not very useful places in the scale, as well as your centiliter, deciliter, decaliter, and hectoliter.
It's all about calibrating the kilo- to milli- measures, where we have the finer points of measure, to be at useful points in the scale, and to balance the everyday uses of all the prefixes.
(Not only did the computer industry usurp the metric meaning of kilo- for non-metric multipliers, but for measures of memory completely threw out this calibration of scale, and with it all sub-unitary measures.)
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
Here is a technique I was taught to use that obfuscates the entry of 4 digit PINs
j o
Choose a number that contains digits such that you can place your hand on the keypad with one finger on each. Note that this can be a sequence that contains only 3 or even 2 unique digits. Now enter the sequence without moving your fingers any more than the pressure needed to operate the switch.
At first it seems that this _helps_ an observer. In a single glance s/he can tell exactly which digits are in your PIN.
However, with modern keypads that require very little pressure to activate it is extremely hard for even a sharp eyed observer to catch the little twitches of your fingers that reveal the sequence.
In fact a low frame rate camera would entirely miss this operation in many cases.
This is an extension of a technique known variously as motor memory authentication, gesture identification and other terms.
For example:
ygydygdygydygdy
uhuvuhvuhuvuhvu
okojokjokojok
eseaesaeseaesae
I just typed those in under 2 seconds ( I havent checked if they are correct, but I can tell you that once you practice the technique you will get very few errors) they are a single password but mapped to a different set of keys.
The motor sequence is one of hundreds of such I store in my brain without any problem, maybe its easier for me I used to be a drummer and still play the piano.
When you ask the ATM for 100GBP, it counts out 5 x 20GBP notes. If you ignore the notes, eventually they get sucked back into the machine.
:-)
Now on older ATMs, the notes were not counted when the machine sucked them back in. There was just an optical device to watch for when the notes were or weren't taken. So you could remove 4 banknotes, leave 1 note in the ATM, and your account wouldn't be debited any money at all.
That scan no longer works as modern ATMs do now count notes when they're retrieved by the machine. Ah, well
Environmentalism is the new Victorianism. Everyone ties on a green corset and pretends we're virtuous.
Thanks. Just noticed that it linked to an old version of the page; I've updated the link.
I particularly like the comments on the "truth is in the middle" attitude. I've updated my bio with something to that effect.
Xenu loves you!
If I had mod points, "funny" it would be.
I have found that karma seems to win in the end with a lot of those who rise/fall by the whim of the masses. Or as other more succint people have said - the truth will out. It's mostly just annoying that he still won't hand over the domain. It truly shows his heartfelt commitment to the world community...
Q.
Insert Signature Here
I'd be interested to see what these things look like attached directly to an ATM. It just seems that this extra bit of plastic sticking out the front of the ATM would be a bit conspicuous...
Yes Francis, the world has gone crazy.
"The biggest thing seems to have been the size"
I tend to find that as a rule, the biggest thing of most things is its size. If it gets any bigger, its size grows to accomodate it.
Bob.
If this guy didn't have permission to take the reader, he is pretty lucky.
Imagine trying to explain to an undercover stakeout police crew why you were retrieving an illegal device off an ATM. "Just wanted to look inside it, officers... honest!"
and in reality, I would say males are switching between base 10 and base 1, with sex/no-sex as base 1 and "how to get more/better/bigger sex" as first use for base 10...
And that a guy speaking 8)
It takes 40+ muscles to frown, but only four to extend your arm and bitchslap the motherfucker
ATM companies should make it more difficult to add these type of attachments. One way is to insert the card strip first and have the reader move across the strip. If the card is not pulled all the way in, you could just set it in an angled slot for the reader to access the strip. Either having an angled slot or a strip-first insert would make it more difficult to add a 'hidden' attachement in front of the slot.
Besides, I've used my magnetic strip card all over Europe in atm's. So the technology seems pretty popular still outside the US.
A litre is the base unit. A gram is also a base unit. So a mililitre of water is one gram of weight, just as a kilogram is one litre of water
It's not metric because it was twelve pennies to the shilling, and twenty shillings to the pound. The pound stayed the same value, but it was changed to 100 new pence. Hence the conversion rate of 5 new pence to one shilling. (Notice the difference between "pennies" and "new pence".)
I reported it to the local police station, and they said it happens all the time, but it wasn't actually a crime until they withdrew money (!!!).
You know... that just doesn't make sense to me. It seems that we a crime here:
a) Vandalism: In however they screwed up the machine in order to make it get your card stuck
b) Attempted theft: Is there something here to cover this. We have attempted murder, or even conspiracy to commit... wouldn't there be something similar to cover defraudment or theft?
Unless the LCD is made in a way that lets it avoid being captured on camera, how is this any more secure than a pinpad. The camera will be recording the numbers onscreen and what you hit, regardless of where the numbers were positioned.
Oh come on, everyone knows how easy it is to convert teaspoons to gallons and drums....:-/
Besides...it fuels the calculator industry...its amazing the number of
specialized calculators now sold to building contractors...and 12 gauge wire is
how many inches in thickness?....:-/
A similar scam was featured on JWZ's blog the other day. That one used WiFi to get the data out.
Pre cellphones-common-as-dirt, there were people trying to watch the keypads on phones in places like airports - looking for your phone card info. (Dunno if it's still happening...)
One defense was to "mix" a bunch of false key presses (put your finger on the button, don't push down) in with the good ones.
I guess this would also work here...
I don't really understand what you're saying. It's powers of ten, it's 'metric' currency. It doesn't matter that you already had shillings and pounds.
If corporations are people, aren't stockholders guilty of slavery?
The different amounts are completely out of wack. A cubic meter should be a liter should be a gram.
Of course, the real problem there is that a meter is way too big. If a meter was ten centimeters (You know what I mean.), then everything would be nice and usable.
If people really have a problem with that, it's easy enough to teach them more prefixes.
If corporations are people, aren't stockholders guilty of slavery?
Of course, the real problem there is that a meter is way too big. If a meter was ten centimeters (You know what I mean.), then everything would be nice and usable.
That would keep liters where they are, but you'd still have a gram which is too large to be useful for measuring precious metals, and millimeters too small to be generally useful. Centimeters would be what millimeters are now. Road distances might end up more conveniently measured in gigameters in order to hide decimal points from the average person.
The meter is the length it is because it is close to a yard. We want to have the metric measures be close to the imperial measures we are familiar with to ease acceptance of the new units.
The units are not just calibrated to water; they are also calibrated to what is useful for human perception and the practical needs of humans. That it is base 10 is to make it easier for humans; computers would rather deal with powers of 2 instead (and powers of 2 that are themselves powers of 2, i.e. 2^8 rather than 2^10).
Until we evolve ourselves into something with a finer sense of distance and a courser sense of mass, I'd rather have units that are useful than blindly mathematically logical.
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
It used to be 240 pennies = 20 shillings = 1 pound.
It's now 100 new pence = 1 pound.
Hence 1 shilling = 5 new pence, which meant that old 1 and 2 shilling coins were kicking about being used as 5 and 10 pence until they shrunk the coins some time later.
The old system had little to do with powers of ten.
I didn't get rods rights (fathom = 6 ft). On the other hand, did you bother to read the last 1/2 of the message (metric time has problems approximating timescales with direct physical implications such as days)?
Metric is worse at common scales but better for very large or very small things. The lack of factors of 2 and 3 in metric is outweighed (IMO) because in English units you have to remember which factor to use to convert between units (English unit bases are like standards - there are so many to choose from). This destroys most of the advantages of English units - memory not spent dividing 10 by 3 and 6 is spent instead trying to remember how many rods in a mile and trying to figure if the system operates on base 2, 3, or 110.
For everything other than time, metric is probably easier rather than harder computationally. I don't know why we don't use it for anything other than soda.
Ummm... This is so off topic it hurts. How did it get +5?
The Imperial system may use a metric shitload of inconsistent conversion factors, but for the units one uses day-to-day it's not hard to remember.
But if it used the same factor everywhere you wouldn't need to remeber anything, and would get huge gains for any sort of calculation (not, not just for hyper-precise ones or on non-human scales)
I get to use smaller numbers for day-to-day things
Day-to-day things come in many sizes. You just picked ones that happened to fit your assertion.
sudo ergo sum
Was in Golders Green last night and found one of those skimmers attached to the HSBC machine. No camera in sight though.
Yanked the thing off and 3/4 dodgy guys appeared, knocked it out of my hands and went running off!
Skimmer looked identical to the one in this article.
Told the cops, who logged the call and said this sort of thing is quite common. Wish they'd make it more common knowledge then everyone would be looking out for them.
> 20 shillings to the pound.
Damn. So it was. Told you it was years.
> 1 shilling (or 1 bob) is 5 new pence.
Until they shrunk the coins, at least.
rant