Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Crime Security IT Technology

Gang Used 3D Printers To Make ATM Skimmers 212

Posted by Soulskill from the bank-error-in-your-favor dept.
An anonymous reader sends this excerpt from a post by security researcher Brian Krebs: "An ATM skimmer gang stole more than $400,000 using skimming devices built with the help of high-tech 3D printers, federal prosecutors say. ... Apparently, word is spreading in the cybercrime underworld that 3D printers produce flawless skimmer devices with exacting precision. Last year, i-materialize blogged about receiving a client's order for building a card skimmer. In June, a federal court indicted four men from South Texas whom authorities say had reinvested the profits from skimming scams to purchase a 3D printer."
This discussion has been archived. No new comments can be posted.

Gang Used 3D Printers To Make ATM Skimmers More

Gang Used 3D Printers To Make ATM Skimmers

Comments Filter:

  • Re:Very broken system (Score:5, Interesting)

    by neyla ( 2455118 ) on Wednesday September 21, 2011 @03:07AM (#37465058)

    Yeah, and there's absolutely no reason a "card-reader which harvests the data" should be possible to construct - and indeed with a well-engineered chip-card, it isn't.

    A magnetic stripe can obviously be read and duplicated. But a chip-card can use challenge-response. That is, to verify the card the protocol between ATM and card runs something like this:

    ATM: What's your public key ?
    Card: dead0011beef
    ATM: Prove it ?
    Card: Here's Trents signature that attest it.
    ATM: "Please sign 17ae4082b1f"
    Card: return sign(my_private_key 17ae4082b1f)
    ATM: verify(card_public_key, signature received in last step)

    The thing is, there doesn't need to be any easy way of reading out the private key of the card. What's needed is to use one of the many protocols that lets the card prove that it *knows* the private_key, without actually revealing that key.

    And this ain't science fiction - it's the way ATMs and retail-terminals *alreay* operates where I live. (though they're generally still *also* able to read magnetic stripes, for backwards compatibility, but they refuse to do so if your card is a chip-card. (the cards also tends to have chip -and- magnetic - the latter is only for use abroad on terminals unequipped for chips - and yes, that adds to risk!)

  • Ban 3D printers (Score:3, Interesting)

    by zennyboy ( 1002544 ) on Wednesday September 21, 2011 @04:14AM (#37465356)

    Used for illegal purposes? BAN 3D PRINTERS. And cassette tapes. And knives!

    Z

Slashdot Top Deals

The rule on staying alive as a program manager is to give 'em a number or give 'em a date, but never give 'em both at once.

Close