Slashdot Mirror
Gang Used 3D Printers To Make ATM Skimmers
An anonymous reader sends this excerpt from a post by security researcher Brian Krebs:
"An ATM skimmer gang stole more than $400,000 using skimming devices built with the help of high-tech 3D printers, federal prosecutors say. ... Apparently, word is spreading in the cybercrime underworld that 3D printers produce flawless skimmer devices with exacting precision. Last year, i-materialize blogged about receiving a client's order for building a card skimmer. In June, a federal court indicted four men from South Texas whom authorities say had reinvested the profits from skimming scams to purchase a 3D printer."
...to just print money? Flawless logic.
When a 3d printer can make a decent skimming device (or disguise one) you can't help but think the system is truly broken. Computer security has progressed in leaps and bounds - it isn't perfect and it certainly isn't idiot proof. But banks are still using hand written signatures and easily faked devices while all but ignoring the risk. Heck they're introducing pinless low value transactions at shopping centers in Australia. I'm ANNOYED that my card can be used without either a signature or a pin number verification being used. It means there's significant risk that me or my wife lose a credit card and don't immediately discover it, we'll be up for a very large sum of money. And even if we're not, we won't have access to the money while the issue is resolved.
It's not sustainable. The banks need to be held more accountable.
These posts express my own personal views, not those of my employer
A gang using 3D printers. Hardcore. Must have been a gang from Utah. Only white people live here.
90's was the internet. 1890's was electricity. Impeach president for slowing next age of innovation ruining economy.
... that CAMERAS can actually be used to take pictures of naked people?!
It's foolish to blame the tool for the crime. That takes people.
I've always wondered what the economics of the world of cheap, prolific, effective 3D printers is like. If anyone can create basically any material good, what's the economics of that place like?
Star Trek had replicators, which could basically make anything, even food or water (except for a few things which were a de-facto currency). They were basically communists, which doesn't work with people being people but might work if anyone could create whatever they wanted.
But what about things that can't be replicated/printed? Like electricity, or land for housing, or water/food? Trek says that water and food are replicable, but with our current 3D printers obviously we can't make that just yet unless you can eat plastic.
What's the economy of the western world going to look like if the only thing we need is material for 3D printers, power, land, food and water? Will provision of the un-replicable become the job of the state?
Check out my sci-fi book "Lacuna" at http://goo.gl/MVxX8
Criminals use tools to commit crimes. Tools sought for questioning by police. Criminals plea bargain for lesser sentence in exchange for testifying against tools.
I find it funny these people manage to easily install these systems. Since the majority of these atms are just outside of banks. A simple solution would be to put cages around the atm like they do with soda machine. There is also the camera already built-in to these atms but they are obviously never checked. Another more expensive solution would be to rebuild these atms to be a more solid piece where parts can't be easily separated from each other.
These solutions won't stop card scanners where you purchase things but you have the option for cash in those cases.
I was having a discussion with my daughter (an artist) the other day about protecting her work, and much of what we discussed applies to this technology--when you get right down to it, the moment you convert any product into a digital format, and expose it to the internet in any way, you lose a great deal of control of that creation, if not all.
This technology is about to do that to physical objects, by proxy--the dimensions are what are actually being digitized. The end result will be the same though--freely available physical products. The only catch is that the user must provide the physical medium...kind of like someone providing a blank CD in order to utilize an MP3 file. I predict that, one day, the king of "most downloaded" torrents will be a 3D printer file for a bong.
This is the same genie that the recording/electronics industries let out of its bottle about 28 years ago. He appears to be having much adventure and does not wish to return to his bottle. Ever.
I work for a large european payment service provider and I know the solution to this problem.
Start using chip cards. Magstripe-only cards are insecure and susceptible to skimming.
In my company we don't allow fallback to magstripe in ATMs and I also think this is the official policy of Visa and MasterCard.
...download a car. And print it!
return $sig;
How dare they constrain these hard-working job creators with their stifling government regulations!
Used for illegal purposes? BAN 3D PRINTERS. And cassette tapes. And knives!
Z
Pay in Bitcoins!
* Carthago Delenda Est *
I don't get to retire from work after doing a few things particularly well. If I did, well I'd probably be retired. There's been a few projects that I've done a really great job getting done despite various things standing in the way and so on. However they don't go and shower millions of dollars on me and say "Go retire at 30!" No, I get paid to show up to work each day and I have to keep showing up, keep doing my job, if I want to keep getting paid.
Same deal with people who produce physical goods to sell. If you build a house and sell it, you get whatever price you sold it for and that's it. You don't get further income from that house. When the owner resells it, you don't get a cut, if the value increases, they don't owe you further money. If you want to make more money, you have to continue to make more houses and sell them.
So it makes sense to, as the constitution says " (secure) for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries." You can't expect them to work for free, they need to be able to make money on their efforts. The "Information should be completely free," crowd is living in a fantasy world. However they shouldn't be allowed to just ride on one thing forever. Like anyone else, they should have to keep working if they want to keep making money.
Remember that our society relies on people continuing to work. If everyone worked only a little and then retired, well we'd be real fucked. We need things to keep getting done. That's why you need to work for a long time before you retire. There is no reason that creative types should be the one exception to the rule.
Minimal technical detail is necessary to develop a working 3D CAD model; if all you have is a drawing on a napkin, we have worked with less! We can reverse engineer your part or prototype and develop an exact CAD model for production. (Including 2D to 3D from existing plans/drawings) [url=http://www.vulcanmold.com] injection molding [/url] Our CAD designers work with you throughout the design process to develop exactly the product you want. Current technology allows us to e-mail a viewable 3D model to you at various points in the design process so you know exactly the status and direction of your project. (Example) With lead times around 1-2 weeks for CAD work, we can get your project jump-started quickly and provide a quick turnaround. Being wholly based in the USA, Epsilon reduces the communication difficulties and time lags that often plague companies operating overseas.
The "templates" you download will be parameterisable. Think sandals that actually fit, dolls with the child's family's faces, racquet handles designed for *your* hand. Bring it on!
I don't consider employing a 3d printer and a team of people to replicate the face of an ATM to be easy. These guys are putting considerable effort into stealing money. It really comes down to the consumer, do not use ATM's you don't normally use and if you do your best to obscure your entry of your PIN number. The thieves are getting both pieces which effectively circumvents about all the bank can do.
Now there are things that could be done to make the consumer more informed, like having a service to send text messages to their phone or e-mail for each change in their account. Locking out ATM/CC usage outside of a specific zip code range without rearrangement. Certain screen technologies could be used on the ATM to restrict the viewing angle to head on and then implement a touch screen numeric keypad whose position on the screen is not constant from one use to the next.
* Winners compare their achievements to their goals, losers compare theirs to that of others.
American banks haven't had any real competition, or had any necessity to improve their consumer-side businesses in over 10 years. In Japan, in every major city I have ever been in, ATM's are all touch-screens. I haven't yet seen any skimmers that are effective on touch screens, not that it would be impossible, just very difficult. At the three largest banks, customers who pay extra monthly fees get a thumb-print identification features that requires a thumb print in addition to a PIN code.
That old stereotype about Japan doing everything America does but better seems to be true in this case.
a man built a functional rifle using a CNC milling station. Please stop giving echo to these news, they are only harmful for the freedom and help none.
IN YOUR FACE, 3D printer haters! How you like this "trinket," bitches?
"When information is power, privacy is freedom" - Jah-Wren Ryel
I can clone a magstripe card with very cheap off the shelf hardware, and use that card whereever. Cloning a modern (using the updated security software) chip card though, especially one that has the original timing attacks fixed requires serious hardware. That was what chip cards were created to fix, the chip and PIN bit was more of a side-benefit.
The original chip cards were vulnerable to cloning using offline terminals however, most of those particular attacks have been fixed through the shift from Static Data Authentication (SDA) to Dynamic (DDA). The attacks themselves are quite interesting and easy to understand. SDA cards (which are cheaper to manufacture) produced a crypto packet which could not be interpreted by the terminal. This caused a problem with offline terminals which were only periodically connected to the bank and were thus vulnerable to replay attacks. Fortunately though, DDA was made mandatory for all cards issued after 2011 so it shouldn't be a problem in future. (there's also a protocol called CDA which adds still further security)
The other problem was that the part of the packet which distinguished chip and sig transactions from chip and pin ones was in a proprietary card issuer dependant format. This meant a chip and pin card could be fooled into falling back to signing a chip and signature request, by a device in the middle which was passed to the terminal as if it were a chip and pin request. The terminal unable to tell the difference, thought the correct pin was entered. It's unclear whether this is fixed yet as it would require a terminal software upgrade to read the IAD and use CDA to protect the IAD, alternatively it would require the issuer to detect a signature verified transaction at their end and decline if it were unexpected.
Chip and signature mode can't be removed either. It is still necessary, as not everyone can use a pin, nor is it feasible to get pins under certain circumstances. Anyway you can find a summary of all these at cambridge's site.
Why ATM still relies on magnetic strip card...that the data (key) could be easily replicated?
We have smart card for years, NFC card for years...Couldn't the bank phase out all those magnetic card with NFC one?
I presume sniffing the NFC air traffic does not compromise the system, of course.
Damn lazy nerds, what is wrong with you?!!!
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
The only thing novel in this article is (blah, blah, blah) with 3-d printers!
yeah, by your logic, white people who steal .
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
... that CAMERAS can actually be used to take pictures of naked people?[1]
Could you provide evidence of this wild claim?
[1] the Internet
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
The obvious next move to pre-empt the inevitable stupidity that's going to arise, is for someone to print up a batch of politicians, and pass a constitutional amendment making it illegal for the government to ban 3d printers.
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
Is to rob a bank with a (partly) plastic AR-15:
http://www.thingiverse.com/thing:11669
The case of the pronoun in the subclause is determined by the role the noun plays in the subclause. It would be fine if four men, whom the federal court indicted, had reinvested their profits. However, the federal court indicted four men who reinvested their profits.
(This would not ordinarily be a noteworthy mistake, but anyone using "whom" in the first place is likely interested in using correct grammar.)
Could I print a couple surface to air missiles? These low flying planes are getting quite annoying. Maybe a small nuke to take care of my neighbors dog that barks at all hours of the night.
Also how long until I can print a clone of myself? Once I figure out how to print the above items I want a body double.
I had a client who, before she got busted, had a good color copier that I couldn't have afforded and assume she stole. She wold print up duplicates of stolen checks and had a group of people fan out and pass them. I had another famous con man client earlier one of whose scams was selling memberships in the Mafia; nobody ever complained and I always wondered what happened the first time one of those marks tried to use that in Chicago. What I don't understand is how you can print a scanner as distinguished from running in ours ahead of the real one. How does this work? Don't they have to be connected to something? I guess all the real experts on SD know but I don't. None of my computer geek buddies will even teach me to hack into the local university and change grades or issue degrees, or into the big banks, the IRS, or the White House. Where on SD or some other site can I get the instructions for this so I can make a little tax-free cash on the side?
Why is it still possible to skim cards? Don't they have chips now? How can they skim that?