Slashdot Mirror

← Back to Stories (view on slashdot.org)

Gang Used 3D Printers To Make ATM Skimmers

Posted by Soulskill on from the bank-error-in-your-favor dept.

An anonymous reader sends this excerpt from a post by security researcher Brian Krebs: "An ATM skimmer gang stole more than $400,000 using skimming devices built with the help of high-tech 3D printers, federal prosecutors say. ... Apparently, word is spreading in the cybercrime underworld that 3D printers produce flawless skimmer devices with exacting precision. Last year, i-materialize blogged about receiving a client's order for building a card skimmer. In June, a federal court indicted four men from South Texas whom authorities say had reinvested the profits from skimming scams to purchase a 3D printer."

2 of 212 comments (clear)

  1. Goin' Digital! by Anachragnome · · Score: 4, Insightful

    I was having a discussion with my daughter (an artist) the other day about protecting her work, and much of what we discussed applies to this technology--when you get right down to it, the moment you convert any product into a digital format, and expose it to the internet in any way, you lose a great deal of control of that creation, if not all.

    This technology is about to do that to physical objects, by proxy--the dimensions are what are actually being digitized. The end result will be the same though--freely available physical products. The only catch is that the user must provide the physical medium...kind of like someone providing a blank CD in order to utilize an MP3 file. I predict that, one day, the king of "most downloaded" torrents will be a 3D printer file for a bong.

    This is the same genie that the recording/electronics industries let out of its bottle about 28 years ago. He appears to be having much adventure and does not wish to return to his bottle. Ever.

  2. Re:Very broken system by neyla · · Score: 5, Interesting

    Yeah, and there's absolutely no reason a "card-reader which harvests the data" should be possible to construct - and indeed with a well-engineered chip-card, it isn't.

    A magnetic stripe can obviously be read and duplicated. But a chip-card can use challenge-response. That is, to verify the card the protocol between ATM and card runs something like this:

    ATM: What's your public key ?
    Card: dead0011beef
    ATM: Prove it ?
    Card: Here's Trents signature that attest it.
    ATM: "Please sign 17ae4082b1f"
    Card: return sign(my_private_key 17ae4082b1f)
    ATM: verify(card_public_key, signature received in last step)

    The thing is, there doesn't need to be any easy way of reading out the private key of the card. What's needed is to use one of the many protocols that lets the card prove that it *knows* the private_key, without actually revealing that key.

    And this ain't science fiction - it's the way ATMs and retail-terminals *alreay* operates where I live. (though they're generally still *also* able to read magnetic stripes, for backwards compatibility, but they refuse to do so if your card is a chip-card. (the cards also tends to have chip -and- magnetic - the latter is only for use abroad on terminals unequipped for chips - and yes, that adds to risk!)