Bank Card Cloning in our small little village.

[kolbep]

Our small little village of Margate, South Africa has, in the past week or so, been hit by what looks like Card cloning frenzy.
There have been at least 40 reported cases (reported on a local facebook group), of people using the ATM's or Point of Sale at some shops, and then hours later, they have had ZAR3500 up to ZAR9000 taken out of their accounts.

A local banking group 'Capitec', due to the panic, has had lots of their customers drawing out all their money, to prevent it from being stolen. Which has resulted in the ATM's being out of money since early in the morning.

When somebody went into the Capitec branch, and enquired about the cloning, the 1st line consultant said that Capitec cards have not been affected by this cloning. And then when speaking to somebody higher up in the chain, they were told that it has also affected them, and that they have instructed their agents to deny that their cards are affected, to try and avoid a panic.

On my trips around today, I looked at as many ATM's that I could see, and did not see any signs of cloners (pinhole cameras facing the keyboard, magstripe readers installed over slots,etc). I must have looked like a nutter, grabbing the card slot things, and pulling them to see if they are part of the machine, or if they come off (That would have been interesting)....

At least there is very little money in my account most of the time, so If they do clone my card, they will just be wasting their time.

Oh, and there was also the Virus the other day, that only affected POS systems (and the ones that had Card Machines hooked up to them), that allowed them to intercept the card transaction, and steal the details...

Anyway, that is the news from my little Dorpie in Suid Afrika....
P

[baljemmett]

On my trips around today, I looked at as many ATM's that I could see, and did not see any signs of cloners (pinhole cameras facing the keyboard, magstripe readers installed over slots,etc). I must have looked like a nutter, grabbing the card slot things, and pulling them to see if they are part of the machine, or if they come off (That would have been interesting)....

Careful with that - last time I saw a detailed investigation into such things, it included anecdotal evidence from some poor sod who discovered the hard way that the fine upstanding gentlemen who installed the skimmer were lurking fairly close by, keeping an eye on their investment…

[Kjelt]

If the ATMs have cameras like in our country it should be pretty obvious what happened.
Anyway good luck in jullie kleine dorpje 

[fluxcapacitor]

The crooks are getting more sophisticated .

http://krebsonsecurity.com/category/all-about-skimmers/

[aroby]

The crooks are getting more sophisticated .

http://krebsonsecurity.com/category/all-about-skimmers/

You can't fault their ingenuity.

[SeanB]

Ohh, Crapitec. Nuff said. Maks a good reason to have your card enabled for notification, though if they are withdrawing locally then they are only using readers and paying shop clerks to swipe cards and then cloning and using where they know floor limits and hitting standalone card machine shops to get stuff. Many shops have cameras above tills, and these can be used to see the PIN entry.

Good reason to cover the pin pad when entering with the other hand at all times.

[HackedFridgeMagnet]

Stop the skimmers ruining Margate's reputation!

BTW.
I live in the 'real' Margate. Yes Margate Tasmania.
I am not sure if we qualify as a little 'Dorpie'.

[Alexei.Polkhanov]

Hahahaha, they were able to inject mallware into ATM through hacked SIM card! 

There has to be some kind Dumb Ass Award for embedded system designers who designed that ATM  if stolen money alone are not embarrassing enough. Lets call it Cutting Edge Engineering Darwin award.

[SeanB]

Stop the skimmers ruining Margate's reputation!

BTW.
I live in the 'real' Margate. Yes Margate Tasmania.
I am not sure if we qualify as a little 'Dorpie'.

Your entire Tas Margate population could be dropped in the Margate CBD on a Sunday afternoon after the shops are closed, and you would not even be visible in the crowd. Even out of holiday season.

[HackedFridgeMagnet]

yes admittedly we're not that big.

[kolbep]

Margate CBD, South Africa (Not Tasmania, Not UK, etc),
has been going downhill lately. Some shops are Vacant, there is 2 wimpys, a KFC, and 1 or 2 pop up pizza places,
but the rest is Clothing Shops, Chinese Junk Shops, and Pubs. Prostitutes are on every corner, and people get stabbed in the street over a Cigarette! They say Shelly Beach is the new 'Margate' of the South Coast. Good thing I live in Shelly Beach.

The only thing Margate has going for it is the accomodation, and the Beach, but with the local municipality allowing Untreated sewerage to run into the river feeding the beach, as well as the Crime, mess, etc, they also lost their Blue Flag Status.

On a Plus Note, SeanB, I should be coming to DBN Next Saturday (to see the HAGS), and then the Saturday after that for the Topgear Festival.

(I know the rest of you will want to know what/who the HAGS is, I will leave you to guess. Place your guesses below, could be interesting)
P

[SeanB]

Oh crickey, then I will have a shyte week getting to work as they close half the roads to drive around the stadium, and another week after as the metro tries to figure out what went where.

[Legit-Design]

Barnaby Jack.

I haven't watched those in a while, from what I remember it went something in order, there is internal jtag connection and atm is running windows and in a typical windows way everything is poorly protected once you get inside the machine.

Maybe thieves have watched this. Usually it's the other way around, criminals do something and we get report afterwards by researchers. Now it was we get research into it and some time later criminals follow.
Maybe they will learn from this and start using ATM and POS terminals only which support chips. In a chip slot the card sticks out so they cannot copy the magnet stripe. From what I understand chip cards are much harder to copy and probably the ATM itself would be easier to compromise.

[SeanB]

Chips have been done, and there are MITM attacks that will always allow the chip to give a valid response.

[GreyWoolfe]

Can't forget the slightly larger than a village of Margate, Florida, USA!

[saturation]

Yes, and the tools are easily available.  One reason to never use a bank card for POS.  Credit cards issuers are seasoned in dealing with fraud and phishing.  Why holders risk their own money doing POS makes no sense unless one has no credit worthiness.

It doesn't matter if the cards are chip based and encrypted as the theft method simply mirrors the card and keyloggers steal the password.

In the USA, you can easily purchase ATM machines or parts thereof and reverse engineer them.  POS devices abound to use as templates.  This has been the case for many years.

http://www.ebay.com/itm/Complete-Bezel-Tidel-3100-ATM-/251545521165?pt=LH_DefaultDomain_0&hash=item3a91480c0d


A legitimate phishing machine:

http://www.ebay.com/itm/Cashless-ATM-Machine-Stand-with-Internal-Lights/111364703615?_trksid=p2047675.c100010.m2109&_trkparms=aid%3D555012%26algo%3DPW.MBE%26ao%3D1%26asc%3D21235%26meid%3D7453105948173053237%26pid%3D100010%26prg%3D9374%26rk%3D4%26rkt%3D24%26sd%3D251545521165

Follow the links and enjoy.

The crooks are getting more sophisticated .

http://krebsonsecurity.com/category/all-about-skimmers/

You can't fault their ingenuity.

[junkie_business]

customers drawing out all their money, to prevent it from being stolen. Which has resulted in the ATM's being out of money since early in the morning.

Taking money out of the ATM to prevent it being cloned at an ATM. Logic? Presumably nobody knows where the cloners are.

[SeanB]

On a Plus Note, SeanB, I should be coming to DBN Next Saturday (to see the HAGS), and then the Saturday after that for the Topgear Festival.

(I know the rest of you will want to know what/who the HAGS is, I will leave you to guess. Place your guesses below, could be interesting)
P

You got tickets? I might be going, and I will just go to work and park there, and walk the 2 blocks past the ICC and the old prison to get there.

For those not in sunny cold and partly waterless Durban ( thanks to some scrap thieves who stole a bridge carrying a water pipe that feeds half the city) look it up on ECR.co.za and think of those poor sales people who have to spend 16 hour days there.

[kolbep]

> Yep. for Topgear Got a set of tickets for my Father on his birthday (It just didn't seem right only getting a ticket for him to go alone, had to get one for me as well (even though Motorsport is not really my thing), but hey, I get to get out for a day.

> For the House and garden show, plans have changed, I am going out to Sea off Shelly Beach this Saturday with the Inlaws, to hopefully catch some fish for a braai afterwards, so I will only be going up to dbn on Monday 16'th, if you want we can meet up then?

P

[mc]

I've seen pictures of an ATM that had had a complete new fascia installed, complete with skimmer and camera.
It was that well done, the only reason the ATM engineer noticed it, was because they noticed there was no logo on the fascia. The complete fascia of the machine had been cloned, right down to the exact colour and texture, and been designed in such a way that it simply stuck over the genuine fascia with no noticeable gaps/alignment issues.

The advice is, make sure you cover the keypad when entering your pin. Most likely if the machine has been attacked, they'll be using a camera to get your pin number. So if they can't see you entering your pin, chances are they'll just skip your card details and move onto somebody who they've seen entering they're pin.

[SeanB]

Standard bank has been busy refitting the Diebold ATM's they use with new fascias and keyboard guards along with installing tamper sensors on them. Hit the unit hard or try to pull the fascia off and it locks up immediately with a red screen of death. I have tried played the games that are part of Windows on a unit with a full keyboard, but you are hampered by the keyboard deliberately not having a working set of control keys, or the function keys or windows keys, along with a mouse. That was on one where the ATM application did a " This application has crashed" window and left a desktop.

Peter, Monday is fine, give me a call.

[kolbep]

Hi Sean.
My phone is lying at the bottom of the sea  just before Protea Banks (Hey maybe a diver will find it.... )
My new shorts has the crappiest Velcro on the pockets...

Anyway, if you could please PM me your cell number again.

Thanks

P