bit-tech.net

Visiting hacker foils fraudlent ATM

Visiting hacker foils fraudlent ATM

The stand-alone ATM, similar to the one pictured, was positioned outside the security office and contained a PC set to skim card details and PINs.

Scammers at the Riviera Hotel Casino clearly failed to check the event calendar when the installed a fake cashpoint - and were duly shut down by eagle-eyed hackers attending the DefCon convention.

As reported over on Wired, the ATM - which was placed in the hotel's conference centre where the DefCon convention was taking place - appeared to be a standard stand-alone unit, sat outside of the range of surveillance cameras. Sadly for anyone that needed a quick buck or two to feed into the slot machines, the device hid a card skimmer - designed to record the account details and PIN of any card inserted.

It isn't known how long the machine was in place, nor who installed it - but it is known that hacker and CEO of Aries Security Brian Markus is responsible for getting it removed. Having spotted that the smoked glass on the front of the unit - which usually hides a small camera positioned to record the face of anyone using the machine for fraud prevention purposes - looked "funny", he shone a torch at the machine to peek behind the panel. Rather than the expected camera, Markus saw a PC connected to the machine's innards - and recording card information.

Although the ATM was carefully positioned to avoid hotel security cameras, whoever put the device in place clearly had a sense of irony as it was placed directly outside the hotel's security office - with none of the security employees any the wiser that something was amiss until Markus pointed out his suspicions.

The ATM has since been removed by hotel security staff, and an investigation is taking place to discover exactly how long the skimmer was in place - and hopefully find those responsible.

Do you think that the crooks behind this scheme had the worst timing - trying to scam a hacker convention - or could it have been placed by one of the conference attendees in order to teach his fellow hackers a lesson in information security? Share your thoughts over in the forums.

15 Comments

Discuss in the forums Reply
liratheal 4th August 2009, 13:40 Quote
Probably a case of shite timing.

Or a case of over confidence so they could brag after the convention that so many so-called "security experts" got hoodwinked into using a tampered with ATM.

I suspect the former, no one would be stupid enough to try the latter unless they were insanely good.
M7ck 4th August 2009, 13:47 Quote
I think it was just bad timing. Rather than remove it they should have just cut power to it and kept an eye on the machine then when the *******s tried to fix it catch them and jail them.
l3v1ck 4th August 2009, 14:41 Quote
It might not have been in view of a camera once installed, but surely at least one camer would have filmed it being brought into the building.
Star*Dagger 4th August 2009, 14:53 Quote
Awesome! Think about the balls needed to bring that thing in, place i it in front of the security office and then wait.

Kudos to whomever did that!

Yours in Romulan Pin Plasma,
Star*Dagger
Veles 4th August 2009, 14:54 Quote
Quote:
Originally Posted by VadimWolf
I think it was just bad timing. Rather than remove it they should have just cut power to it and kept an eye on the machine then when the *******s tried to fix it catch them and jail them.

They probably set it up so they never had to return to it
airchie 4th August 2009, 15:29 Quote
lol, this is an awesome story.
Maybe the guy had it placed there so he could then 'discover' it and get the kudos from all at the convention for being so awesome?

Hope the security staff are embarassed... :D
Turbotab 4th August 2009, 17:11 Quote
With these fake machines, do they actually give out any money? I always make sure that someone has got cash out of an ATM before I use it, along with the usual checks for dodgyness.
skybarge 4th August 2009, 22:59 Quote
haha it was probably a worthless machine too, setup to scan then wirelessly transmit the card info over the net,

smart but i hope they get caught still, i hate credit card scammers
B3CK 5th August 2009, 05:18 Quote
To my knowledge, (never been to defcon), but at defcon, if you leave it exposed, they will expose you. Bank accounts, ANYTHING, exposed, gets plastered to the wall for you to shame over.
I think this is one of the hackers having fun, or trying to prove point of security situational awareness.
eek 5th August 2009, 10:57 Quote
Quote:
Originally Posted by Turbotab
With these fake machines, do they actually give out any money? I always make sure that someone has got cash out of an ATM before I use it, along with the usual checks for dodgyness.
Yip, you get your money, they get all the details needed to clone your card and your pin number! Checks for dodgyness are far more important than knowing someone else has also had their card details nicked!!
Xir 5th August 2009, 12:49 Quote
In Germany it's usually a card skimmer in front of the original slot and a small camera or "double" keyboard for the PIN attached to a normal, well functioning machine.

So seeing someone get cash before you do is no safety.

Haven't heard of complete false machines though...
HourBeforeDawn 5th August 2009, 19:23 Quote
Quote:
Originally Posted by l3v1ck
It might not have been in view of a camera once installed, but surely at least one camer would have filmed it being brought into the building.

oh no doubt, on the casino floor your on camera up to 1200 times, off the casino floor your on camera around 700 times, and walking down the strip your on camera at least 500 times (I use to work in Vegas) so ya they will certainly have something on camera and most casinos have griffin teams in place working with facial recognition software so it shouldnt take to long. Its always amusing to see someone try to rip off a casino, you would have better luck robbing a bank and getting away with it then ripping off a casino in Vegas lol
Ending Credits 6th August 2009, 12:21 Quote
I'm pretty sure they'll have just brought in the hardware they need to hijack the machine and then use some kind of maintenance or repairs excuse to go about modding the already-installed ATM.
LordPyrinc 8th August 2009, 00:46 Quote
This is one of the reasons I do not have an ATM / Debit card. If I need actual cash, I go to the bank once every few months and get out some cash. 99% of the time I used a credit card for all purchases. If there is a transaction that I need to dispute on the credit card, at least the cash did not come straight out of my bank account like it would have with an ATM / Debit card.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums