This article is more than 1 year old
Card-cloning crooks use 3D printers to make ever-better skimmers
Aussie ATMs vulnerable to precisely tailored devices, warn cops Down Under
Vid Cybercrooks in Australia are using 3D printers and computer-aided design software to manufacture ATM skimming devices.
New South Wales Police recently arrested and charged a Romanian national with fraud involving the use of an ATM skimmer made on a 3D printer to fleece Sydney residents, Australia-based iTnews reports.
Police in Sydney set up a dedicated taskforce in June after recording an increase in cash machine theft offences.
The taskforce identified one gang that targeted 15 ATMs across metropolitan Sydney, affecting tens of thousands of people and stealing around AU$100,000 (US$92,000).
Commander of the NSW Fraud and Cybercrime Squad, Detective Superintendent Col Dyson, told iTnews the gang was using 3D printers and CAD technology. Two unnamed banks are being targeted.
"These devices are actually manufactured for specific models of ATMs so they fit better and can’t be detected as easily," Det Supt Dyson explained.
"Parts of the devices are internally fitted, either by the offenders moving part of the slot and replacing it with their own, and pushing circuitry into the machines. [Another model] is so small it’s entirely self-contained and entirely pushed in, with some force, into the card slot."
Skimmers are designed to fit around the card slot of cash machines in order to read and extract data from the mag stripe of cards as they are pushed into a compromised machine. The devices are often used in conjunction with a hidden miniature pin-hole video camera, or an unobtrusive keypad overlay, to record PIN data.
The collated information, sent to fraudsters using mobile phone technology or stored for later retrieval, provides enough data to clone a magnetic-stripe-only credit card. Fake cards are then used in combination with stolen PIN information to make fraudulent withdrawals. Pictures of hardware-based ATM skimming devices, fake cash machine fascias and more can be found in a blog post by cybersecurity blogger Brian Krebs here.
Skimmers have been used by fraudsters for years but introducing 3D manufacturing into the process has obvious advantages to cybercriminals, according to veteran IT security expert Paul Ducklin.
"Crooks can quickly try a new design (or tweak an old one) in order to make their devices as surreptitious as possible," Ducklin explains in a post on Sophos's Naked Security blog. "The better a skimmer fits, the more smoothly it blends with the ATM's shape, and the closer the colour, the more likely it is go unnoticed."
"Also, 3D printouts can be made on demand, so that the crooks can quickly replace skimmers that have been detected, removed and destroyed," he adds.
Previous controversial uses for 3D printers have famously included blueprints for "printing" parts for firearms at home. Home-made plastic gun parts routinely snap under the stresses of firing, if they work at all, but that hasn't stopped the issue of the “Liberator” 3D-printed pistol and derivatives from creating a media fire fight storm.
In response, Danish 3D printer maker Create It Real has decided to ensure [PDF] its products can't print a gun. Manufacturers might conceivably decide to do something similar to prevent 3D printers from being used to manufacture ATM skimmer parts.
One blacklisting snag might be that while blueprints for the Liberator gun are out there in public, any CAD design for an ATM skimmer would be a closely guarded secret.
If preventing the abuse of 3D printers isn't an option, we can at least attempt to bolster consumer awareness about the threat posed by ATM skimmers.
A video from the Queensland Police Service stars Fiscal the Fraud-Fighting Ferret, who tells consumers how to spot ATM skimmers and guard against the possibility of fraud when using cash machines.
The use of ATM skimmers is a problem worldwide. Extensive background information on the problem in Europe can be found on the European ATM Security Team's website here. ®