Feeds

Card-cloning crooks use 3D printers to make ever-better skimmers

Aussie ATMs vulnerable to precisely tailored devices, warn cops Down Under

The Essential Guide to IT Transformation

Vid Cybercrooks in Australia are using 3D printers and computer-aided design software to manufacture ATM skimming devices.

New South Wales Police recently arrested and charged a Romanian national with fraud involving the use of an ATM skimmer made on a 3D printer to fleece Sydney residents, Australia-based iTnews reports.

Police in Sydney set up a dedicated taskforce in June after recording an increase in cash machine theft offences.

The taskforce identified one gang that targeted 15 ATMs across metropolitan Sydney, affecting tens of thousands of people and stealing around AU$100,000 (US$92,000).

Commander of the NSW Fraud and Cybercrime Squad, Detective Superintendent Col Dyson, told iTnews the gang was using 3D printers and CAD technology. Two unnamed banks are being targeted.

"These devices are actually manufactured for specific models of ATMs so they fit better and can’t be detected as easily," Det Supt Dyson explained.

"Parts of the devices are internally fitted, either by the offenders moving part of the slot and replacing it with their own, and pushing circuitry into the machines. [Another model] is so small it’s entirely self-contained and entirely pushed in, with some force, into the card slot."

Skimmers are designed to fit around the card slot of cash machines in order to read and extract data from the mag stripe of cards as they are pushed into a compromised machine. The devices are often used in conjunction with a hidden miniature pin-hole video camera, or an unobtrusive keypad overlay, to record PIN data.

The collated information, sent to fraudsters using mobile phone technology or stored for later retrieval, provides enough data to clone a magnetic-stripe-only credit card. Fake cards are then used in combination with stolen PIN information to make fraudulent withdrawals. Pictures of hardware-based ATM skimming devices, fake cash machine fascias and more can be found in a blog post by cybersecurity blogger Brian Krebs here.

Skimmers have been used by fraudsters for years but introducing 3D manufacturing into the process has obvious advantages to cybercriminals, according to veteran IT security expert Paul Ducklin.

"Crooks can quickly try a new design (or tweak an old one) in order to make their devices as surreptitious as possible," Ducklin explains in a post on Sophos's Naked Security blog. "The better a skimmer fits, the more smoothly it blends with the ATM's shape, and the closer the colour, the more likely it is go unnoticed."

"Also, 3D printouts can be made on demand, so that the crooks can quickly replace skimmers that have been detected, removed and destroyed," he adds.

Previous controversial uses for 3D printers have famously included blueprints for "printing" parts for firearms at home. Home-made plastic gun parts routinely snap under the stresses of firing, if they work at all, but that hasn't stopped the issue of the “Liberator” 3D-printed pistol and derivatives from creating a media fire fight storm.

In response, Danish 3D printer maker Create It Real has decided to ensure [PDF] its products can't print a gun. Manufacturers might conceivably decide to do something similar to prevent 3D printers from being used to manufacture ATM skimmer parts.

One blacklisting snag might be that while blueprints for the Liberator gun are out there in public, any CAD design for an ATM skimmer would be a closely guarded secret.

If preventing the abuse of 3D printers isn't an option, we can at least attempt to bolster consumer awareness about the threat posed by ATM skimmers.

A video from the Queensland Police Service stars Fiscal the Fraud-Fighting Ferret, who tells consumers how to spot ATM skimmers and guard against the possibility of fraud when using cash machines.

The use of ATM skimmers is a problem worldwide. Extensive background information on the problem in Europe can be found on the European ATM Security Team's website here. ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Tor attack nodes RIPPED MASKS off users for 6 MONTHS
Traffic confirmation attack bared users' privates - but to whom?
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.