Cyber criminals and their techniques evolve at nearly the same pace as the available technology. As 3D printing technology advances, scammers no longer need to find creative ways to manufacture their tools – now they can print them in the comfort of their own homes.
Credit card skimmers are not new to the cyber criminal world (a few great examples can be seen in Krebs on Security. These are devices that cyber criminals attach over the original card readers on ATMs to collect financial information for fraudulent use. As a card passes through it, the skimmer reads the card’s magnetic strip, collecting information. While most often skimmers consist of only the card reader itself, they can be also used in tandem with a small camera or a keypad overlay to catch the customer’s PIN code. Thus, fraudsters can obtain data from hundreds or even thousands of credit cards per day.
While skimmers have been around for a while, having cheap, easy access to a commercial grade 3D printer can allow any hacker or cyber criminal mass production of high quality credit card skimmers, making this a more prominent threat to banks and individuals than ever before.
Since both the skimmers and the resulting credit card data are usually sold on the Darknet (the TOR network), we have used our Darknet monitoring technology – the RaDark – to follow this market over the past few months. We have identified several listings of such files for 3D printers, some of them posted as recently as mid-August 2017, as well as huge numbers of credit card magnetic strip dumps.
Post entry from August 13, 2017
3D files for ATM skimmer offered for sale on the Darknet, June 2017
Selling the finished goods – credit card dumps in the Darknet
After a fraudster has printed the skimmer and placed it atop an ATM, customers swipe their cards through what they believe is a standard, innocuous card reader. The skimmer then scans and stores all the information on the magnetic strip and transfers it back to the fraudster, who will then go on to sell the information online.
Listing posted August 4th, 2017 selling skimmed credit card data.
Illicit markets in the Darknet (such as Dream Market) display an abundance of stolen credit card data listings . Using RaDark, Kela’s intelligence analysts assessed that with an addition of approximately a thousand new listings a day, most cards are sold within 30 days and cost between 10$-50$.
Even though some skimmers look exactly like the original ATM parts, staying alert and following these instructions can keep most individuals safe:
- Skimmers are usually attached to the ATM with glue or tape, meaning the skimmer may feel poorly affixed to the machine. If a gentle shove could move or detach the area where the card enters the ATM, it may be a skimmer.
- Fraudsters may place a small hidden camera in pin-sized holes to capture victims’ PIN code. Make sure you always cover the PIN pad.
- Keypad overlays could be used instead of cameras to capture victims’ PINs. These devices would also be poorly attached or appear to mismatch the ATM machine.
- ATM’s in crowded places, such as touristic areas, gas stations, etc., are more prone to be targeted by fraudsters. It is safer to use machines installed within banks.
About Kela and the RaDark
KELA Targeted Cyber Intelligence is a leading provider of targeted cyber intelligence, based in Tel Aviv, Israel. We specialize in providing our clients with intelligence about cyber threats that are specifically targeting them (exposed IT systems, breached employee credentials, product vulnerabilities etc.). We do this using the RaDark technology that we’ve developed – an automated cloud based technology, which uses custom-built web crawlers for continuously monitoring Darknet sources. In addition, our defense-force trained intelligence analysts provide tailored reporting and incident response services, acting as a real time extension of the clients’ team. Our intelligence is used by some of the world’s largest banks, telecoms, auto manufacturers and more.