Add to del.icio.us     Digg this

August 6, 2009

It's not known exactly when, but criminals succeeded in placing a fake ATM terminal in the Riviera Hotel Casino in the hope they would either compromise or copy a bunch of ATM access and debit cards. Little did they know that the Riviera Hotel was the one chosen for the Annual Defcon Security Conference event. The crime was uncovered after some conference participants noticed something wrong with the ATM.

They looked at the ATM screen where there would normally be a camera. It was a little bit too dark, so someone shined a flashlight in there and, to everyone's great surprise, a personal computer was discovered.

Get the best Linux or Windows Web hosting plan for your website.

It's unclear how long the debit and ATM card skimming scam had been in operation before it was brought to a rapid close late last week. Defcon organisers notified local law enforcement officers, who took away the ATM for tests.

The criminals behind this scam installed their ATM next to the hotel security entrance, in one of the few areas of the casino away from surveillance cameras.

In all, over 8,000 people and security professionals were present at the Defcon conference.

The counterfeit device was designed to log card data and the associated PIN numbers of cards used on the machine for later retrieval by hackers. This information would presumably be used to manufacture counterfeit cards that would be used to loot compromised accounts.

ATM-related scams remain commonplace in Las Vegas since there is so much money that is constantly being manipulated there. The U.S. Secret Service and local law enforcement officials are now investigating separate reports about ATM machines that debited accounts without dispensing cash.

The suspected fraud came to light after conference presenter Chris Paget unsuccessfully attempted to withdraw $200 from an ATM at the Rio All-Suite Hotel and Casino last weekend. The ATM "whirred and chugged," according to Paget, but failed to dispense any money. Subsequent checks online revealed that Paget's account had been debited.

Interestingly, The particular focus on suspected ATM fraud during Defcon this year ironically follows a decision to cancel a planned talk on ATM security at Black Hat, the other security conference taking place in Vegas last week.

Barnaby Jack, a security researcher at Juniper Networks, was blocked from giving his presentation after the unnamed ATM inventor involved put pressure on Juniper to delay the presentation, at least until it had time to address the reported problem.

Other people reported the same problem with the ATM, the cause of which is still unclear. Anything ranging from simple machine malfunction to malign tampering of one sort or another remain possibilities and are being investigated by the Las Vegas police and crime investigation department.

Add to del.icio.us     Digg this

Source: Defcon.

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.

You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.