Security News > 2021 > June > How Cyber Sleuths Cracked an ATM Shimmer Gang

How Cyber Sleuths Cracked an ATM Shimmer Gang
2021-06-23 12:49

Unlike traditional ATM skimmers that run on hidden cell phone batteries, the ATM shimmers found in Mexico did not require any external power source, and thus could remain in operation collecting card data until the device was removed.

Organized crime gangs that specialize in deploying skimmers very often will encrypt stolen card data as a way to remove the possibility that any gang members might try to personally siphon and sell the card data in underground markets.

THE DOWNLOAD CARDS. Then in 2017, Dant got a lucky break: Investigators had found a shimming device inside an ATM in New York City, and that device appeared identical to the shimmers found in Mexico two years earlier.

Once inserted into the mouth of ATM card acceptance slot that's already been retrofitted with one of these shimmers, the download card causes an encrypted data exchange between it and the shimmer.

What this meant was that now the Secret Service and Citi had a master key to discover the same shimming devices installed in other ATMs. That's because every time the gang compromised a new ATM, that Austrian account number would traverse the global payment card networks - telling them exactly which ATM had just been hacked.

"That download card is thicker than a lot of debit cards, so a number of institutions were quick to replace the older card slots with newer hardware that reduced the height of a card slot so that you could maybe get a shimmer and a debit card, but definitely not a shimmer and one of these download cards," he said.


News URL

https://krebsonsecurity.com/2021/06/how-cyber-sleuths-cracked-an-atm-shimmer-gang/