1(630)802-8605 Ravi.das@bn-inc.net

How many times have you had that hungry feeling late at night, wanting to go out to a fast place for a quick hamburger?  Many of us have had that feeling, but happens when we open our wallets and realize that we don’t have any cash on us?

Then it’s time to make a trip to our local ATM machine.  Yes, these are quick and efficient in giving us the cash we need right now, but they are also one of the biggest targets for Cyber attackers.

This often comes into play when the hacker installs a phony bank card reader that looks like the real thing but is essentially a fake. Through the use of a Network Sniffer, he or she can then collect all of your baking details, and wipe out your account.

There is really nothing new to this kind of Cyber-attack, it has been around for years, but the problem is that the hacker is getting more and more sophisticated into how they launch these kinds of attacks.

In fact, the United States Secret Service just put out a notice to the public about a new kind of ATM skimming fraud, it is called “ATM Wiretapping”.  In order to do this, the Cyber attacker makes holes into the ATM Machine, and believe it or not, then uses a combination of both magnets and even a medical device to get to your banking information.  It sounds like here, they don’t need the use of a Network Sniffer.

Here is how it works:

*The Cyber attacker use a small drilling device to make a hole in the front of the ATM machine. It is then covered up by a metal faceplate, an impression of the bank’s logo or even instructions on how to use that particular ATM Machine.  This is illustrated below; the hole is in the upper right corner:

(SOURCE:  https://krebsonsecurity.com/2018/09/secret-service-warns-of-surge-in-atm-wiretapping-attacks/)

*Once this hole has been made, the Cyber attacker will then insert and attach the phony ATM Card Reader to the legitimate card reader in the ATM Machine, as seen below:

(SOURCE:  https://krebsonsecurity.com/2018/09/secret-service-warns-of-surge-in-atm-wiretapping-attacks/)

*But to make sure that the everything is all good to go, the Cyber attacker will often use a medical device known as an “Endoscope” in order to get a magnified peak inside the ATM Machine to make sure that the phony ATM Card Reader is properly installed.  An Endoscope is used by a Gastroenterologist in order to view the insides of your stomach.  This device is illustrated in the above diagram as well, and is the long tube located in the far right of the picture.

*Once the Cyber attacker is satisfied that all looks good, as mentioned earlier, he or she will then cover that drilled hole appropriately, which is illustrated below:

(SOURCE:  https://krebsonsecurity.com/2018/09/secret-service-warns-of-surge-in-atm-wiretapping-attacks/)

*Very often, the Cyber attacker will then wait for a few days before they get to work again.  This time period is used to ensure that the drilling and the various manipulations that was done inside of the ATM Machine has not set off any red flags or alarms to the banking staff at that particular location.  Once the Cyber attacker is convinced that they are clear up to this point, he or she will then install a hidden camera at the ATM Machine just above the keypad.  Or, in many instances, the Cyber attacker could just replace the original keypad with a phony (but authentic looking) one, and just behind it, the camera technology is placed.  In either instance, the wring of the camera and its battery is accessed through the hole that was made in the first step.  This can be seen below as well:

(SOURCE:  https://krebsonsecurity.com/2018/09/secret-service-warns-of-surge-in-atm-wiretapping-attacks/)

Finally, the camera is then used to record the PIN Numbers that have been entered in, and even having them timestamped as well.  So, this is the new form of ATM Skimming that you need to be aware of:  Rather than having the skimming devices embedded from within the ATM Machine, they are now embedded inside the AT Machine.

My thoughts on this?

Yes, I was surprised when I read this.  But after thinking about it, there is really nothing new going on here, rather it is just a variant of the ATM hacks which have already existed.  So, what is one supposed to protect themselves?  Here are some tips:

*If at all possible, avoid all together using an ATM Card.  My reason for this is that if you do become a victim, you are responsible for all of the cash that has been lost, and in these cases, it will be difficult to recover it.  Banks are not held liable for your ATM Card.  Instead, use a Credit Card, at least here, your damage by law is limited to just $50, your Credit Card can be easily replaced.

*If you need cash, use a check.  By this I mean go to your bank, and present a check directly to the teller.  Or go to your nearest grocery or convenience store to get this check cashed.  At least this way, you are dealing with a human and can watch them as they conduct your financial transaction.

*If you must use an ATM Machine, without looking too obvious, jiggle it around to make sure that there are no loose components.  If there are, notify the bank immediately and do not use that particular ATM Machine!!!

*When at an ATM Machine, especially late at night, make sure that you are the only one there, and as you enter in your PIN Number, use your hand to cover the keypad.  By doing this, it will be difficult for the Cyber attacker to read PIN Number as they review footage from the camera.  If you have any doubts, you can even call the police to watch over you.  Yes, that may seem a little odd, but they are public servants in the end, and we pay them their salary.

*To clarify any further doubts, ask the manager at your banking location what they do to protect their ATM Machines.  A good, reputable bank that makes Security their top priority will always view the night footage from the CCTV camera to make sure that there was no suspicious activity going on.  And they well even, at random times, literally go outside of the premises of the bank in order to physically check the condition of their ATM Machines.

*Always be cognizant of your surroundings, and try to use the ATM during the daytime, versus the night time.

Hopefully these tips help you stay safe and enjoy that late night Big Mac Attack from McDonalds!