[ad]
It seems like ATM hacking is still the way to go for those into a bit of hardware hacking. One of the most notorious and well known ATM hackers was recently arrest in Turkey and a list of his tips discovered online where he also sold the ATM skimming equipment.
Well his tips can’t be THAT good if he got caught can they?
A bank-machine hacker who reportedly was arrested earlier this month in Turkey gave would-be fraudsters tips on how to install rogue card-reading devices, including advising them to target drive-through ATMs (automated teller machines) and avoid towns with fewer than 15,000 residents.
The hacker, who went by the handle “Chao,” reportedly was arrested earlier this month in Turkey. He was one of the most well-known ATM hackers in the world, according to Uri Rivner, head of new technologies for RSA Consumer Solutions.
Chao sold fake faceplates that fraudsters could attach to the card slots in ATMs. These “skimmer” devices can read the magnetic stripe of every customer’s ATM or credit card, and are often used in conjunction with a hidden camera that watches people enter their PINs (personal identification numbers), Rivner said. Alternatively, criminals can attach an extra keypad on top of the one in the machine and capture the PIN that way, he added.
It seems like the old methods are still prevailing but the kit used is probably lot smaller, neater and unobtrusive. They skim your card, record your pin on the number pad with a micro dot camera and usually beam it all to a wifi PC nearby which will pipe it back to the owner over the net with a 3G phone or similar.
Just be careful where you use the ATM machine and cover the numberpad with your other hand when you are typing to the PIN to be extra vigilant.
- don’t install a skimmer in the morning, because people are more vigilant then;
- determine where a person would have to stand to keep an eye on everything happening on that block;
- avoid blocks where more than 250 people per day walk through, because of the danger of detection;
- don’t install skimmers in towns with fewer than 15,000 people, because people in those towns know what their ATMs look like;
- avoid areas with small shops open 24 hours a day, because there may be surveillance cameras and vigilant shopkeepers;
- don’t set up in areas where a lot of illegal immigrants live;
- places with a lot of tourist traffic are good;
- look for affluent neighborhoods and drive-through ATMs;
- ATMs near cash-only bars are a good bet for lots of customer activity.
The tips are really nothing ground-breaking, but interesting to read nevertheless. Most of them could be considered common sense, but some like not targeting really small towns are quite interesting.
I would have thought busy times would have been the best time to go in as long as there is no-one else queuing at the ATM machine.
Source: NetworkWorld
Navin says
doesn’t this all come under tht little thing we all ignore called “common sense”??
I mean, its more of observations than tips …what say??
Yami King says
@ Navin
I totally agree.
Except for the one (point 3) that says
Avoid blocks where more than 250 people per day walk through, because of the danger of detection.Why? Because this just really depends on the time of the day you are at the ATM; when there is no one around and you followed the basic guidelines stated above, there’s basicly nothing to worry about.
And it’s kind of in contradiction with point 7:
Places with a lot of tourist traffic are good. Since these so-called places all contain blocks that are usually visited over 250 times a day (point 3) depending on the popularity of the region.SpikyHead says
This had to happen (that he got caught), ATM hacking is something which is comparatively easy to figure out especially when more than one customer complains about fraudulent activity in their bank accounts and then finding the fraudsters is even easier unless he has stopped these activities.
now couple more ‘Blackhat’ tips to add (for humour purposes only):
-Do not attempt this more than 5 times in one city
-Change the city every day. This may make it harder for police ;)
Yami, you seem to be analyzing his tips very carefully.. what ar eyour plans budd?
goblert says
Interesting read.
This was happening in my
country for a while, there was a big thing on the news about it.
Pantagruel says
Nice read, but nothing ground bracking
terrery says
”He was one of the most well-known ATM hackers in the world, according to Uri Rivner, head of new technologies for RSA Consumer Solutions”
maybe a hint for him, after you skim the card you are about to withdraw cash from it.
it will have a maximum amount of withdrawel, how can we get max profit of this scam? well search for a ATM that has standard passwords provided by the manufacturer, (you can find manuals from that specific ATM manufacture on the internet) use them, hack in the ATM and let the ATM think that a bill of 50 is 5.
”a max withdraw of 500”, 500:5= 100 times 50= ”5000”
5 times in each city = 25000 lets say you can accomplish this is some days.
well keep this on for a few weeks and fly to the bahama’s or something :)
Goodpeople says
Am I glad that I live in a small town.. :-)
navin says
@ terrery
Can wht U’re saying be done for a single transaction?? i mean u ever heard of something like this done?? Even as a PoC?? links please…anyone
Joe says
Avoid ATM’s with video cameras… Although maybe sunglasses and a hood at night time would foil them. Banks and the Secret Service use all that info when they look for their guy.
Some guys with very complicated heist manuvers have been caught even still.