A new way to steal payment cards data has triggered alerts on banks
Specialists in ethical hacking from the International Institute of Cyber Security report that the US Secret Service is warning financial institutions about a new way to force ATMs that involves cutting several holes in these devices and then use a combination of magnets and medical devices to extract data from customer accounts directly from the card reader inside the cashier.
According to a security alert distributed to banking institutions privately, the Secret Service has received multiple reports on a complex form of skimming in which malicious agents invest several days to perform.
This type of attack, known as “ATM Wiretapping” begins when thieves use a drill to make a relatively large hole in the front of an ATM. Then the hole is hidden with a metal plate. The thieves will then fish the card skimming device through the hole and connect it to the internal card reader using a magnet.
According to ethical hacking experts’ reports, robbers often perform this installation with an endoscope, a thin, flexible instrument used in medicine to give doctors a look within the human body. By connecting a USB endoscope to their smartphone, intruders can look inside the ATM to make sure their skimmer has been connected to the reader correctly.
The Secret Service says that once the skimmer is in place and the hole has been patched, thieves will often wait a day or so to place a camera. “Thieves are believed to take this time to ensure that the drilling vibrations do not trigger an alarm from the non-slip ATM technology”, mentions the security alert. “When thieves are convinced that they have not activated any internal alarms when drilling and searching within the ATM, they return to finish the job by adapting a hidden camera inside the cashier”.
It is difficult to cite all the Secret Service reports without giving the thieves a detailed plan on how to carry out these attacks. However, there is knowledge about several sources that spend a lot of time monitoring cybercrime and ethical hacking forums that have shared several documents with instructions, apparently providing details about how to execute these attacks. This type of knowledge circulates more fluently than ever in the cybercrime community.
Specialists in the topic consider that it is becoming increasingly difficult to detect skimming devices in ATMs, as many are designed to integrate within several components of the device. They also recommend that users focus on protecting their own physical integrity while at the ATM. If you visit an ATM that seems strange, altered or out of place, try to find another machine. Use only ATMs in public and well-lit areas, and avoid those in isolated locations.
The most important thing is to cover the cashier’s keyboard with your hand when you enter your PIN, that way, even if the thieves get access to your card, there is less chance that they can also get your PIN. You would be surprised to find out how many people omit this basic precaution.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.