Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Security Crime The Almighty Buck

Tracking a Bluetooth ATM Skimming Gang In Mexico 44

Posted by Soulskill from the automatic-theft-machine dept.
tsu doh nimh writes: Brian Krebs has an interesting and entertaining three-part series this week on how he spent his summer vacation: driving around the Cancun area looking for ATMs beaconing out Bluetooth signals indicating the machines are compromised by crooks. Turns out, he didn't have to look for: His own hotel had a hacked machine. Krebs said he first learned about the scheme when an ATM industry insider reached out to say that some Eastern European guys had approached all of his ATM technicians offering bribes if the technicians allowed physical access to the machines. Once inside, the crooks installed two tiny Bluetooth radios — one for the card reader and one for the PIN pad. Krebs's series concludes with a closer look at Intacash, a new ATM company whose machines now blanket Cancun and other tourist areas but which is suspected of being connected to the skimming activity.
This discussion has been archived. No new comments can be posted.

Tracking a Bluetooth ATM Skimming Gang In Mexico More

Tracking a Bluetooth ATM Skimming Gang In Mexico

Comments Filter:

  • Once again the weak link is people (Score:5, Insightful)

    by Anonymous Coward on Friday September 18, 2015 @12:25PM (#50550189)

    Screw penetrating layers of complex, trusted security systems. Meager bribe to one underpaid and overworked average joe and you get the keys to the kingdom.

    If I were doing a serious pen test know where I'd look first? HR. Turnover and employee dissatisfaction will highlight where the biggest security holes are.

    • Re: (Score:2)

      by Nidi62 ( 1525137 )
      Clearly the most logical way to secure your systems are to actually terminate employees who have been let go. On the plus side this lets you avoid having to pay out those pesky severance packages.

    • Re: (Score:2)

      by swb ( 14022 )

      I knew that shitcanning anyone who didn't drink the kool-aid was the right thing to do. No fucking malcontents on my watch.

    • Re: (Score:2)

      by maeka ( 518272 )

      Once again the weak link is people

      If you had read the article and not just the summary you would have learned that the first problem of bribed field technicians has a technological solution (dual key/user required for hardware or software modifications) which most likely wasn't being used.

      And that the second problem, the company in question most likely is a criminal shell corporation, no need to bribe its employees, fraud is their business.

  • Brian Krebs rocks (Score:3)

    by Kludge ( 13653 ) on Friday September 18, 2015 @12:31PM (#50550227)

    Brian Krebs is awesome.

    • He got lucky, that these criminals aren't a bit smarter and invested a bit more effort into their hack. I.E.Adding a BT stealth mode.

      Where the hacked modules shut down BT transmission, until they received certain mac id's. Which would make them completely undetectable except by close visual inspection. :-(

      A somewhat reliable counter measure would be to,
      1st, Separate the money loading into a different compartment that doesn't give access to the electronics.
      2nd, Restrict down (people wise) and log

  • Nothing good happens in Mexico (Score:2, Funny)

    by Anonymous Coward

    You're asking for trouble if you visit that shithole.

    Trump 2016!!!

  • "Turns out, he didn't have to look for" (Score:5, Informative)

    by Camel Pilot ( 78781 ) on Friday September 18, 2015 @01:17PM (#50550579) Homepage Journal

    Should that be "far"? Editors to the main deck pelase.

    • Re: (Score:1)

      by Anonymous Coward

      Slashdot has editors?

  • This was one of the first times I took the time to RTFA - not just one, but all 3 installments. It was a really interesting read.

    I like using a low credit limit card for most transactions just for the very reason that I lack trust in the system.

  • Hmmmm (Score:1)

    by koan ( 80826 )

    While I applaud his research, making cartels mad is an unhealthy idea.

  • Call me a pussy... (Score:1)

    by Anonymous Coward

    ... but personally I prefer less risky vacations, such as trying to find the gas leak under my house with a candle, or going on a safari, unarmed, while wearing a shirt made of bacon.

    • Call me a pussy[...]while wearing a shirt made of bacon.

      IANAD, but I think bacon smell down there is a sign of gonorrhea. Unless you meant shirt of salmon?

  • Bluetooth? Or "Bluetooth Smart" / "BLE" ("Bluetooth Low Energy")?

    This sounds like a converted commodity iBeacon, which would be BLE, the new Internet of Things protocol.

    Though promulgated by the Bluetooth SIG and using some of the upper layer organization, at the lower layers BLE is a very different radio system and protocol.

    It's also very convenient for building stuff: The chips have powerful computers (which sleep most of the time so the batteries last), reasonable amounts of RAM and FLASH, built-in rad

    • Though promulgated by the Bluetooth SIG and using some of the upper layer organization, at the lower layers BLE is a very different radio system and protocol.

      Its definition is promulgated by being added to the Bluetooth standard, with the first version added at 4.0.

      If these devices ARE BLE-based, and If your laptop or smartphone Bluetooth peripheral is 4.0 or higher (4.2 just came out), you'll be able to run stock apps (such as bluez's hcitool with the lescan option on Linux, or lightblue on an iDevice) to

  • More interesting / scary stuff out there. Esp. about Intacash:

    http://www.getoto.net/noise/ta... [getoto.net]

    And how to do the checking yourself:

    http://networktoolbox.de/check... [networktoolbox.de]

Slashdot Top Deals

Keep up the good work! But please don't ask me to help.

Close