Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Monday, February 22, 2010

Criminals Hide Payment-Card Skimmers Inside Gas Station Pumps

Criminals hid bank card-skimming devices inside gas pumps—in at least one case, even completely replacing the front panel of a pump—in a recent wave of attacks that demonstrate a more sophisticated, insidious method of stealing money from unsuspecting victims filling up their gas tanks.  The scam was first discovered when a California bank’s fraud department discovered that multiple bank card victims reporting problems had all used the same gas pump at a 7-Eleven store in Utah.

The devices typically include a scanner, transmitter, camera, and, most recently, Bluetooth- or wireless-enabled links that shoot the stolen data back to the bad guys.

A similar attack occurred with a rigged ATM machine last year in Las Vegas during the Defcon hacker show: Security researcher Chris Paget lost $200 to an ATM machine in the Rio All-Suite Hotel & Casino that appeared to be operating normally, but failed to spit out cash.

The U.S. Secret Service was investigating the incident, and it was unclear whether the machine was outfitted internally with a skimming device or had been tampered with for someone to grab the cash withdrawals at a later time.

Bruce Schneier, CTO for BT Counterpane and author of the Schneier on Security blog, says attackers in Europe are also moving skimming devices inside gas pumps as a way to avoid detection.

Troy Arnold from the Sandy police department told a local news outlets that the device in the 7-Eleven gas pump was the size of a cellular phone SIM card and was affixed to the card reader inside the pump.

“It’s a small device—Bluetooth, the size of a SIM card—that is attached to the actual credit card reader.

Back in December, a similar spree occurred in the Sacramento, Calif., area, where gas pumps at an AM/PM convenience store were outfitted with card skimmers, transmitters, and small cameras that siphon victims’ debit card data.

http://www.darkreading.com/database_security/security/attacks/showArticle.jhtml?articleID=223100233&cid=RSSfeed

[Link to an article showing a typical ATM skimmer setup: http://www.snopes.com/fraud/atm/atmcamera.asp.  But remember all they really need, is the skimmer to be installed and a good camera!]

Posted on 02/22
Trends • (0) CommentsPermalink