Feeds

Card-cloning crooks use 3D printers to make ever-better skimmers

Aussie ATMs vulnerable to precisely tailored devices, warn cops Down Under

The essential guide to IT transformation

Vid Cybercrooks in Australia are using 3D printers and computer-aided design software to manufacture ATM skimming devices.

New South Wales Police recently arrested and charged a Romanian national with fraud involving the use of an ATM skimmer made on a 3D printer to fleece Sydney residents, Australia-based iTnews reports.

Police in Sydney set up a dedicated taskforce in June after recording an increase in cash machine theft offences.

The taskforce identified one gang that targeted 15 ATMs across metropolitan Sydney, affecting tens of thousands of people and stealing around AU$100,000 (US$92,000).

Commander of the NSW Fraud and Cybercrime Squad, Detective Superintendent Col Dyson, told iTnews the gang was using 3D printers and CAD technology. Two unnamed banks are being targeted.

"These devices are actually manufactured for specific models of ATMs so they fit better and can’t be detected as easily," Det Supt Dyson explained.

"Parts of the devices are internally fitted, either by the offenders moving part of the slot and replacing it with their own, and pushing circuitry into the machines. [Another model] is so small it’s entirely self-contained and entirely pushed in, with some force, into the card slot."

Skimmers are designed to fit around the card slot of cash machines in order to read and extract data from the mag stripe of cards as they are pushed into a compromised machine. The devices are often used in conjunction with a hidden miniature pin-hole video camera, or an unobtrusive keypad overlay, to record PIN data.

The collated information, sent to fraudsters using mobile phone technology or stored for later retrieval, provides enough data to clone a magnetic-stripe-only credit card. Fake cards are then used in combination with stolen PIN information to make fraudulent withdrawals. Pictures of hardware-based ATM skimming devices, fake cash machine fascias and more can be found in a blog post by cybersecurity blogger Brian Krebs here.

Skimmers have been used by fraudsters for years but introducing 3D manufacturing into the process has obvious advantages to cybercriminals, according to veteran IT security expert Paul Ducklin.

"Crooks can quickly try a new design (or tweak an old one) in order to make their devices as surreptitious as possible," Ducklin explains in a post on Sophos's Naked Security blog. "The better a skimmer fits, the more smoothly it blends with the ATM's shape, and the closer the colour, the more likely it is go unnoticed."

"Also, 3D printouts can be made on demand, so that the crooks can quickly replace skimmers that have been detected, removed and destroyed," he adds.

Previous controversial uses for 3D printers have famously included blueprints for "printing" parts for firearms at home. Home-made plastic gun parts routinely snap under the stresses of firing, if they work at all, but that hasn't stopped the issue of the “Liberator” 3D-printed pistol and derivatives from creating a media fire fight storm.

In response, Danish 3D printer maker Create It Real has decided to ensure [PDF] its products can't print a gun. Manufacturers might conceivably decide to do something similar to prevent 3D printers from being used to manufacture ATM skimmer parts.

One blacklisting snag might be that while blueprints for the Liberator gun are out there in public, any CAD design for an ATM skimmer would be a closely guarded secret.

If preventing the abuse of 3D printers isn't an option, we can at least attempt to bolster consumer awareness about the threat posed by ATM skimmers.

A video from the Queensland Police Service stars Fiscal the Fraud-Fighting Ferret, who tells consumers how to spot ATM skimmers and guard against the possibility of fraud when using cash machines.

The use of ATM skimmers is a problem worldwide. Extensive background information on the problem in Europe can be found on the European ATM Security Team's website here. ®

Next gen security for virtualised datacentres

More from The Register

next story
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Germany 'accidentally' snooped on John Kerry and Hillary Clinton
Dragnet surveillance picks up EVERYTHING, USA, m'kay?
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
Think crypto hides you from spooks on Facebook? THINK AGAIN
Traffic fingerprints reveal all, say boffins
Rupert Murdoch says Google is worse than the NSA
Mr Burns vs. The Chocolate Factory, round three!
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.