Aug 23 2010

13 Things an Identity Thief Won’t Tell You

Category: Identity TheftDISC @ 11:10 am
Identity Thief, Incognito
Image by CarbonNYC via Flickr

Stopping Identity Theft: 10 Easy Steps to Security

by Reader’s Digest Magazine, on Thu Aug 12, 2010 Interviews by Michelle Crouch

Former identity thieves confess the tactics they use to scam you.

1. Watch your back. In line at the grocery store, I’ll hold my phone
like I’m looking at the screen and snap your card as you’re using it.
Next thing you know, I’m ordering things online-on your dime.

2. That red flag tells the mail carrier-and me-that you have outgoing
mail. And that can mean credit card numbers and checks I can reproduce.

3. Check your bank and credit card balances at least once a week. I can
do a lot of damage in the 30 days between statements.

4. In Europe, credit cards have an embedded chip and require a PIN,
which makes them a lot harder to hack. Here, I can duplicate the
magnetic stripe technology with a $50 machine.

5. If a bill doesn’t show up when it’s supposed to, don’t breathe a sigh
of relief. Start to wonder if your mail has been stolen.

6. That’s me driving through your neighborhood at 3 a.m. on trash day. I
fill my trunk with bags of garbage from different houses, then sort

7. You throw away the darnedest things-preapproved credit card
applications, old bills, expired credit cards, checking account deposit
slips, and crumpled-up job or loan applications with all your personal

8. If you see something that looks like it doesn’t belong on the ATM or
sticks out from the card slot, walk away. That’s the skimmer I attached
to capture your card information and PIN.

9. Why don’t more of you call 888-5-OPTOUT to stop banks from sending
you preapproved credit offers? You’re making it way too easy for me.

10. I use your credit cards all the time, and I never get asked for ID.
A helpful hint: I’d never use a credit card with a picture on it.

11. I can call the electric company, pose as you, and say, “Hey, I
thought I paid this bill. I can’t remember-did I use my Visa or
MasterCard? Can you read me back that number?” I have to be in
character, but it’s unbelievable what they’ll tell me.

12. Thanks for using your debit card instead of your credit card.
Hackers are constantly breaking into retail databases, and debit cards
give me direct access to your banking account.

13. Love that new credit card that showed up in your mailbox. If I can’t
talk someone at your bank into activating it (and I usually can), I
write down the number and put it back. After you’ve activated the card,
I start using it.

Tags: Automated teller machine, Business, Credit card, debit card, Financial services, Identity Theft, MasterCard, Visa

Jul 29 2010

Hacker finds a way into ATM computers

Category: CybercrimeDISC @ 6:23 pm
Nice ATM
Image via Wikipedia

Understanding and Managing Cybercrime

by Jordan Robertson
A hacker has discovered a way to force ATMs to disgorge their cash by hijacking the computers inside them.

The attacks demonstrated Wednesday at a security conference were done at stand-alone ATMs. But they could potentially be used against the ATMs operated by mainstream banks, the hacker said.

Criminals use many ways to tamper with ATMs, ranging from sophisticated to foolhardy: installing fake card readers to steal card numbers, and even hauling the machines away with trucks in hopes of cracking them open later.

Computer hacker Barnaby Jack spent two years tinkering in his Silicon Valley apartment with ATMs he bought online. These were stand-alone machines, the type seen in front of convenience stores, rather than the ones in bank branches.

His goal was to find ways to take control of ATMs by exploiting weaknesses in the computers that run the machines.

He showed off his results at the Black Hat conference, an annual gathering devoted to exposing the latest computer-security vulnerabilities.

In one demonstration Tuesday, Jack, director of security research for IOActive Inc. in Seattle, showed how to get ATMs to spit out money:

He found that the physical keys that came with his machines were the same for all ATMs of that type made by that manufacturer. He figured this out by ordering three ATMs from different manufacturers for a few thousand dollars each. Then he compared the keys he got with pictures of other keys, found on the Internet.

He used his key to unlock a compartment in the ATM that had standard USB slots. He then inserted a program he had written into one of them, commanding the ATM to dump its vaults.

This article appeared on page D – 6 of the San Francisco Chronicle

Tags: ATM, Automated teller machine, Barnaby Jack, BlackHat, Computer security, San Francisco Chronicle, Seattle, Silicon Valley