ATMs can steal your $$

Writing for Computerworld under the headline “Security analyst: Las Vegas ATMs may have malware: The U.S. Secret Service is looking into the situation,” Jeremy Kirk reports a story that I bet will become more and more common in the near future. Cash-dispensing banking machines can be equipped so that they divert money from one’s account in multiple ways.

The good news in this situation was that the person who used a malfunctioning automatic teller was someone who’s savvy about computer. Chris Paget, a principal in H4RDW4RE (a computer security firm), was attending a conference for people who study hacking, cracking, malware, and such. Mr. Paget recognized the problem—he didn’t get his $$!—and did something about it.

The U.S. Secret Service said on Monday it is investigating a group of ATM machines in Las Vegas that are debiting people’s accounts but not dispensing cash.

The case came to light after Defcon hacker conference presenter Chris Paget tried to withdraw $200 on Sunday from his account at the Rio All-Suite Hotel and Casino. He wanted buy a metallic copy of the Bill of Rights, a joke gift designed to set off airport metal detectors from the magicians Penn and Teller.
The ATM “whirred and chugged,” Paget said, “but no money came out.” His account, however, was debited.

As Mr. Kirk related, there was another incident earlier at DEFCON, but these are not the first. Indeed, the history of scams goes back at least to 2004. These scams use (a) devices that fit over the card reader in an ATM, permitting crooks to skim the data from the magnetic stripe when one inserts her card in a legitimate machine, and (b) hidden cameras that permit the crooks to record the presses on the keypad, thus snagging one’s PIN.

Security analyst: Las Vegas ATMs may have malware” from Computerworld. Link to H4RDW4RE.com. Keep up with what’s happenning at DEFCON. Read the Snopes entry about ATM skimming and cameras.

Update 4 Aug 2007: I see Hack a Day has an image of the fake ATM found earlier this week at DEFCON.

Advertisements

Leave a comment

Filed under News, Notes and comments, Technology, Thanks for reading

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s